Return-Path: 
 <user-return-21222-apmail-couchdb-user-archive=couchdb.apache.org@couchdb.apache.org>
X-Original-To: apmail-couchdb-user-archive@www.apache.org
Delivered-To: apmail-couchdb-user-archive@www.apache.org
Received: from mail.apache.org (hermes.apache.org [140.211.11.3])
	by minotaur.apache.org (Postfix) with SMTP id F1B0A9755
	for <apmail-couchdb-user-archive@www.apache.org>;
 Wed, 13 Jun 2012 22:00:41 +0000 (UTC)
Received: (qmail 60572 invoked by uid 500); 13 Jun 2012 22:00:40 -0000
Delivered-To: apmail-couchdb-user-archive@couchdb.apache.org
Received: (qmail 60447 invoked by uid 500); 13 Jun 2012 22:00:40 -0000
Mailing-List: contact user-help@couchdb.apache.org; run by ezmlm
Precedence: bulk
List-Help: <mailto:user-help@couchdb.apache.org>
List-Unsubscribe: <mailto:user-unsubscribe@couchdb.apache.org>
List-Post: <mailto:user@couchdb.apache.org>
List-Id: <user.couchdb.apache.org>
Reply-To: user@couchdb.apache.org
Delivered-To: mailing list user@couchdb.apache.org
Received: (qmail 60429 invoked by uid 99); 13 Jun 2012 22:00:40 -0000
Received: from nike.apache.org (HELO nike.apache.org) (192.87.106.230)
    by apache.org (qpsmtpd/0.29) with ESMTP; Wed, 13 Jun 2012 22:00:40 +0000
X-ASF-Spam-Status: No, hits=1.5 required=5.0
	tests=FSL_RCVD_USER,HTML_MESSAGE,RCVD_IN_DNSWL_LOW,SPF_PASS
X-Spam-Check-By: apache.org
Received-SPF: pass (nike.apache.org: domain of hermanccw@gmail.com designates
 209.85.212.182 as permitted sender)
Received: from [209.85.212.182] (HELO mail-wi0-f182.google.com)
 (209.85.212.182)
    by apache.org (qpsmtpd/0.29) with ESMTP; Wed, 13 Jun 2012 22:00:32 +0000
Received: by wibhm6 with SMTP id hm6so850493wib.5
        for <user@couchdb.apache.org>; Wed, 13 Jun 2012 15:00:12 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20120113;
        h=mime-version:in-reply-to:references:date:message-id:subject:from:to
         :content-type;
        bh=/BVY9lUiE8OpENvogu5auRJOxHGM+QVjFRqM1TmdgIo=;
        b=lEo0t569pCXM5ZjNo+hzu+0feWoWraiw/95CryLNEp5FmwDE+g8gjYHYcVYM8DZziT
         +za72zmXidwJQtqTKJCRUN1chG/G/B3/VoYS4E61scrdH6niMgbeldce5/lmZeTA1BTh
         CI/SP4/e5+gagEo1CxQBac0gx6GYxU9golKzB6CgZ2gJIJMnzRv1MY+gMXcobWWYuYtR
         qwpWrUUdXk6ZPriOpGBJrRNsRQhnHXIrNPLTgjvzWi70mwwnbZjPwyKtGM8J/Tg24P1P
         tvpqbsPBdETudJhyPDPgiQH7jkzsdbY6fwIImClNxlnEyHovQGHZFXaeZTj/2yd9W2fw
         u7yw==
MIME-Version: 1.0
Received: by 10.216.200.22 with SMTP id y22mr11724435wen.118.1339624810630;
 Wed, 13 Jun 2012 15:00:10 -0700 (PDT)
Received: by 10.216.63.72 with HTTP; Wed, 13 Jun 2012 15:00:10 -0700 (PDT)
In-Reply-To: 
 <CAL-h1aQfpfU1NHwNoqdagvC9Lj-aNTf0WsHxyxVWK8VFBXBv+Q@mail.gmail.com>
References: 
 <CAPo6BXm9KwvLq30pACfEwm_UHX0RTRgGqFQS1hU0KvPbjKRYFw@mail.gmail.com>
	<CAL-h1aQfpfU1NHwNoqdagvC9Lj-aNTf0WsHxyxVWK8VFBXBv+Q@mail.gmail.com>
Date: Wed, 13 Jun 2012 18:00:10 -0400
Message-ID: 
 <CAPo6BX=suWcWoWB286xOLUqFfFdAdQ1zHONx7sm77ud_tNzz-A@mail.gmail.com>
Subject: Re: newbie question - how to manage groups of users <-> databases in
 couchdb
From: Herman Chan <hermanccw@gmail.com>
To: user@couchdb.apache.org
Content-Type: multipart/alternative; boundary=0016e6de0001f84dc204c261b4b0

--0016e6de0001f84dc204c261b4b0
Content-Type: text/plain; charset=ISO-8859-1

cool, i believe you mean readers instead of members.

I guess I'll need another document store in the main database to keep track
of which user have access to with database, or is there a way to transverse
all database in the server to see which database a particular user has
access to?


On Wed, Jun 13, 2012 at 5:30 PM, Ryan Ramage <ryan.ramage@gmail.com> wrote:

> Your model of one db per 'board' is correct. To limit users, you can
> use the /db/_security object.
>
> see here:
> http://wiki.apache.org/couchdb/Security_Features_Overview#Authorization
>
> Basically, looks like this:
>
> {
>  "admins" : {
>     "names" : ["joe", "phil"],
>     "roles" : ["boss"]
>   },
>   "members" : {
>     "names" : ["dave", "bill"],
>     "roles" : []
>   }
> }
>
> Basically, put all the usernames of those you want access to the board
> in the members names.
>
> Just to be clear...this is for each db inside you can do this, which
> seems to support what you are trying to do.
>
>
> On Wed, Jun 13, 2012 at 1:52 PM, Herman Chan <hermanccw@gmail.com> wrote:
> > Hi all,
> >
> > I am new to couchdb so bear with me if this is really easy.
> >
> > I am trying to prototype a system where there is group of user who can
> > share everything within a database to each other. For example, think of a
> > message board system that once a user is allow into a particular board,
> > they can view/update/delete anything in that message board. Also, a user
> > can join multiple boards.
> >
> > From what I read so far, the way I am thinking to achieve this is to have
> > multiple database within the couchdb server. Each database represents a
> > board and since board doesn't need to talk to each other, this give a
> nice
> > separation between boards.
> >
> > My question is about user authorization. I know that I can create user in
> > couchdb and assign them ACL within one "database", but is there a way in
> > couchdb that it controls user access in a "database" level? ie. which
> > database can a user read/write/update?
> >
> > the only way I see now is to have another table in a "application"
> database
> > can control user access, basically a mapping from user to database.
>

--0016e6de0001f84dc204c261b4b0--