incubator-couchdb-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From svilen ...@svilendobrev.com>
Subject Re: Separation between User and DB. (Config 1.2.0)
Date Fri, 16 Nov 2012 13:11:45 GMT
yes, dbs are created (dont know about deleted) by admin only. 
once u assign user to be member of a database, he can
read/write/replicate.

"members" is new name for "readers" from some version onwards, but
"readers" is kept for compatibility.

ciao
svil
www.svilendobrev.com

On Fri, 16 Nov 2012 14:01:44 +0100
Lucas Toulouse <lucas.toulouse@cozycloud.cc> wrote:

> When you spoke about  readers / members , I am lost. Any docs about
> that?? I didn't really find by myself.
> 
> Readers was an old name for Members ? And it tells writing and reading
> rights ?
> If it's right,
>   Can I create a DB with the admin account?
>   Assign the member user1 ?
>   Then replicate in this DB using user1 account?
> 
> 
> About possible BackDoor -> I think I read on the wiki that a user
> can't modify him roles (it's even a good thing)
> 
> Bye
> Lucas
> 
> 2012/11/16 svilen <az@svilendobrev.com>
> 
> > i have similar scenario (i have user-only databases, as well as
> > shared ones).
> >
> > i use readers/members and ignore roles - they are possible backdoor
> > - anyone can assign hirsef a role, as long as s/he knows its name.
> >
> > once a database has readers/members, noone but those (and the
> > admins) can access it. (readers means writing too, hence the new
> > name "members")
> >
> > well, u should have at least one admin defined in the couch config.
> >
> > i dont know if getting database names can be disabled to
> > non-admins..
> >
> > ciao
> > svilen
> >
> >  On Fri, 16 Nov 2012 12:21:25 +0100
> > Lucas Toulouse <lucas.toulouse@cozycloud.cc> wrote:
> >
> > > Hello,
> > > I'm a Lucas, I have few questions on the configuration of Couchdb
> > > Users.
> > >
> > > I try to create a Couch with an user = a DB
> > > And configure user rights according to that. (ie An user can only
> > > write and read his own Db)
> > >
> > > (it's for backup purpose, i have  user who have a couchdb in
> > > default config, and they push a ponctual (not continuons, every
> > > 24H) replication on a single backup couchdb)
> > >
> > > I success to installing, configure my couchDb Admin_server,
> > > configure an user
> > >
> > > But
> > >   *  The item roles : [ ] Why is the possible config? It's just a
> > > label or it's do anything?
> > >   *  How to protect database to be read by other user that doesn't
> > > own the DB in my architecture.
> > >   *  It is possible to 'hide' the db name  ?
> > >   *  In my case, is it more useful to have a DBuser or a DBadmin ?
> > >
> > > Thank's a lot for reading me (and take few time to answer me)
> > >
> > > Lucas T.
> >

Mime
View raw message