incubator-couchdb-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Andy Dorman <ador...@ironicdesign.com>
Subject Re: A CouchDB/Cloudant Scale & Authorization question
Date Thu, 09 Jan 2014 14:55:47 GMT
On 01/09/2014 08:33 AM, Adam Kocoloski wrote:
> Hi Andy, you're right that a DB per user-feature is currently the way to go to achieve
the kind of access control granularity that you have in mind.  100k databases in a Cloudant
account is not all that uncommon.  Cheers,
>
> Adam
>
> On Jan 9, 2014, at 8:55 AM, Andy Dorman <adorman@ironicdesign.com> wrote:
>
>> Hi, we are new to document databases and CouchDB, but we are very excited about the
possibilities of CouchDB, Cloudant, and PouchDB, especially for mobile applications.
>>
>> We are beginning a major update to a "mobile first" design of a web app that has
used an SQL db for over 13 years.  The app currently has thousands of users (and will hopefully
grow to tens of thousands once we have a mobile version running) with 10 "shareable" features
(Calendar, Recipes, etc.) for each user.  Each user needs to be able to grant "read" or "edit"
access to each feature to some number (usually anywhere from 2 to 50) of other users.
>>
>> This access model needs read/write authorization to be per user per feature. ie,
Joe (a user) can grant edit access for his Recipes (a feature) to his Mom (another user) and
read access for his Calendar (another feature) to his wife (another user).
>>
>> We really want to use Pouchdb in the client and Couchdb/Cloudant on the server-side
as that solves a LOT of issues regarding replication and network access for mobile clients.
>>
>> However, it looks to us like the only way to implement this access model using CouchDB's
built-in auth features is to define a database for each user-feature combination.  So Joe
could grant edit access to his "Recipe database" to his Mom and read access to his Calendar
database to Fred and edit access to his wife.
>>
>> Our first question is: Is it scalable for an app with several thousand(s) users and
10 features to use a separate database for each user-feature? With 10,000 users and 10 features,
that would come to 100,000 "databases" for our app.
>>
>> The second question would be is there another way (other than us writing a server-side
middle layer REST-ful app to handle authorization) to handle authorization at a per user per
feature level?  Our original design using CouchDB had a single database per user and a doc-type
or document per feature.  But we have been unable to figure out a way to have CouchDB control
authorization for each document or doc_type.
>>
>> Thank you for any insight or references to documentation that might explain a way
to implement CouchDB authorization at the doc_type or document level.
>>
>> --
>> Andy Dorman
>>
>

Excellent!  Thank you Adam.

Having that many "databases" for a single app just did not seem 
"natural".  :-)  However, we realize that we have several misconceptions 
based on many years of SQL experience that we are going to have to 
"unlearn".

We are really looking forward to working with Cloudant and PouchDB.

Sincere regards,

-- 
Andy Dorman


Mime
View raw message