incubator-couchdb-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Dave Cottlehuber <...@jsonified.com>
Subject Re: Separation between User and DB. (Config 1.2.0)
Date Fri, 16 Nov 2012 13:40:07 GMT
On 16 November 2012 12:21, Lucas Toulouse <lucas.toulouse@cozycloud.cc> wrote:
> Hello,
> I'm a Lucas, I have few questions on the configuration of Couchdb Users.
>
> I try to create a Couch with an user = a DB
> And configure user rights according to that. (ie An user can only write and
> read his own Db)

Hi Lucas,

Welcome!

CouchDB security is at the DB level, so you are on the right track.

For each user:
- create normal user account
- create the DB
- open the security object & add that user's name into the members name field

Once you've created a server admin (i.e. not running in admin party mode)

>From terminal you'd have something like:

COUCH=http://admin:passwd@localhost:5984
# create the user
curl -HContent-Type:application/json \
  -vXPUT $COUCH/_users/org.couchdb.user:me \
  --data-binary '{"_id": "org.couchdb.user:me","name": "me","roles":
[],"type": "user","password": "pwd"}'

# create the DB
curl -vX PUT $COUCH/me

# update the security object
curl -vX PUT $COUCH/me/_security  \
   -Hcontent-type:application/json \
    --data-binary
'{"admins":{"names":[],"roles":[]},"members":{"names":["me"],"roles":[]}}'

You may want to put a validation doc in place to control writes at a
per-doc level as well.

http://wiki.apache.org/couchdb/Security_Features_Overview and
http://guide.couchdb.org/draft/security.html and
http://blog.mattwoodward.com/2012/03/definitive-guide-to-couchdb.html
are good references.

A+
Dave

Mime
View raw message