[
https://issues.apache.org/jira/browse/COUCHDB-615?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12797237#action_12797237
]
Chris Anderson commented on COUCHDB-615:
----------------------------------------
The current update authorization model is very solid, and probably won't be
changing.
There are some good ideas in the patch regarding read authorization.
Our big missing piece is per-database reader ACLs. It's not clear if these
should be stored in local docs (non-replicating) or normal docs (so they
replicate.)
My guess is that we want them to replicate, as many app installations will span
nodes.
We probably want them in a document that only admins can edit, and I don't
think we want the ACLs in _design documents. So maybe we need a new type of
document. How does _security/foo sound?
Currently the db_admins role list is checked against the userCtx roles as well
as username. Which means we are dealing with a flat namespace. I've got some
notes about the account branch that deal with this stuff that I'll be post soon
as well.
> Role, ACL and Ownership Checks
> ------------------------------
>
> Key: COUCHDB-615
> URL: https://issues.apache.org/jira/browse/COUCHDB-615
> Project: CouchDB
> Issue Type: New Feature
> Environment: Ubuntu 9.10 64bit
> Reporter: Alexander Trauzzi
>
> It would be nice if CouchDB had a comprehensive offering for varying levels
> of access to documents and databases.
> Here are some ideas:
> o User lists are stored in the database, per database.
> o Roles and role membership are stored in the database, per database.
> o ACLs are stored in the database, per database.
> o CouchDB can use ACLs to store and simplify permissions for internal
> functionality (manage the db, manage users, add roles, add users to roles,
> etc...)
> o CouchApps can take advantage of the ACLs to support login/logout and
> arbitrary business rules as needed.
> o A simple API can be made to conduct role, ACL and ownership checks.
> I suppose there is some theory and discussion behind determining whether
> users, roles or both are stored in ACL rules. Also, something worth
> discussing is whether the checks are automatically performed by couchdb, or
> if views are to be performing checks prior to emitting data. Or both...
> Building all this into CouchDB would mean that it has a mechanism for complex
> applications to be developed. Ones that mandate privacy and other visibility
> concerns.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
