Return-Path: X-Original-To: apmail-couchdb-user-archive@www.apache.org Delivered-To: apmail-couchdb-user-archive@www.apache.org Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by minotaur.apache.org (Postfix) with SMTP id 2A26D105BC for ; Thu, 9 Jan 2014 14:56:28 +0000 (UTC) Received: (qmail 19998 invoked by uid 500); 9 Jan 2014 14:56:22 -0000 Delivered-To: apmail-couchdb-user-archive@couchdb.apache.org Received: (qmail 19931 invoked by uid 500); 9 Jan 2014 14:56:20 -0000 Mailing-List: contact user-help@couchdb.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: user@couchdb.apache.org Delivered-To: mailing list user@couchdb.apache.org Received: (qmail 19921 invoked by uid 99); 9 Jan 2014 14:56:19 -0000 Received: from nike.apache.org (HELO nike.apache.org) (192.87.106.230) by apache.org (qpsmtpd/0.29) with ESMTP; Thu, 09 Jan 2014 14:56:19 +0000 X-ASF-Spam-Status: No, hits=-0.0 required=5.0 tests=SPF_PASS X-Spam-Check-By: apache.org Received-SPF: pass (nike.apache.org: local policy) Received: from [206.166.194.226] (HELO nerissa.ironicdesign.com) (206.166.194.226) by apache.org (qpsmtpd/0.29) with ESMTP; Thu, 09 Jan 2014 14:56:12 +0000 Received: from localhost (localhost [127.0.0.1]) by nerissa.ironicdesign.com (Postfix) with QMQP id B4E162B4031B; Thu, 9 Jan 2014 08:55:50 -0600 (CST) X-AnteSpam-Report: http://antespam.com/missed/66bb14d10e32435b827ce56fa999cd01bfbed5b2d215958b5b190268aaf18493 X-AnteSpam-From: adorman@ironicdesign.com X-AnteSpam-Score: -0.2 Received: from [192.168.1.105] (rbn1s-216-180-93-118.adsl.hiwaay.net [216.180.93.118]) (Authenticated sender: adorman@ironicdesign.com) by incoming.antespam.com (Postfix) with ESMTPSA id B807A2B4035E; Thu, 9 Jan 2014 08:55:47 -0600 (CST) Message-ID: <52CEB873.7080404@ironicdesign.com> Date: Thu, 09 Jan 2014 08:55:47 -0600 From: Andy Dorman User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:17.0) Gecko/20131005 Icedove/17.0.9 MIME-Version: 1.0 To: user@couchdb.apache.org CC: Ironic Design Development Subject: Re: A CouchDB/Cloudant Scale & Authorization question References: <52CEAA59.2060108@ironicdesign.com> In-Reply-To: Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit X-Virus-Checked: Checked by ClamAV on apache.org On 01/09/2014 08:33 AM, Adam Kocoloski wrote: > Hi Andy, you're right that a DB per user-feature is currently the way to go to achieve the kind of access control granularity that you have in mind. 100k databases in a Cloudant account is not all that uncommon. Cheers, > > Adam > > On Jan 9, 2014, at 8:55 AM, Andy Dorman wrote: > >> Hi, we are new to document databases and CouchDB, but we are very excited about the possibilities of CouchDB, Cloudant, and PouchDB, especially for mobile applications. >> >> We are beginning a major update to a "mobile first" design of a web app that has used an SQL db for over 13 years. The app currently has thousands of users (and will hopefully grow to tens of thousands once we have a mobile version running) with 10 "shareable" features (Calendar, Recipes, etc.) for each user. Each user needs to be able to grant "read" or "edit" access to each feature to some number (usually anywhere from 2 to 50) of other users. >> >> This access model needs read/write authorization to be per user per feature. ie, Joe (a user) can grant edit access for his Recipes (a feature) to his Mom (another user) and read access for his Calendar (another feature) to his wife (another user). >> >> We really want to use Pouchdb in the client and Couchdb/Cloudant on the server-side as that solves a LOT of issues regarding replication and network access for mobile clients. >> >> However, it looks to us like the only way to implement this access model using CouchDB's built-in auth features is to define a database for each user-feature combination. So Joe could grant edit access to his "Recipe database" to his Mom and read access to his Calendar database to Fred and edit access to his wife. >> >> Our first question is: Is it scalable for an app with several thousand(s) users and 10 features to use a separate database for each user-feature? With 10,000 users and 10 features, that would come to 100,000 "databases" for our app. >> >> The second question would be is there another way (other than us writing a server-side middle layer REST-ful app to handle authorization) to handle authorization at a per user per feature level? Our original design using CouchDB had a single database per user and a doc-type or document per feature. But we have been unable to figure out a way to have CouchDB control authorization for each document or doc_type. >> >> Thank you for any insight or references to documentation that might explain a way to implement CouchDB authorization at the doc_type or document level. >> >> -- >> Andy Dorman >> > Excellent! Thank you Adam. Having that many "databases" for a single app just did not seem "natural". :-) However, we realize that we have several misconceptions based on many years of SQL experience that we are going to have to "unlearn". We are really looking forward to working with Cloudant and PouchDB. Sincere regards, -- Andy Dorman