On 23 August 2010 19:13, <whims...@aol.com> wrote:
>
> I'm confused about the _users authentication vs the authorization for an
> individual database under _security.
>
> I want a person to signup on my website so they can store their own data.
> So I create a database for them.
> joesdatabase
>
> Another user signs up and I create a database for them
> bobsdatabase
>
> now I want joe to save info in his database only
> and bob to save info in his database only.
>
> Do I have to put joe's info in the _user doc. If so why? Is that to
> authorize him to get into the system?
>
Yes, _user is the authentication database so Joe needs to exist as a user of
the system
> If so how do I know which databases he can read or access is that in the
> _security db.
> How do you add info to the _security
>
>
Yes, _security controls the the ACLs for the database. To set the ACL do a
PUT of the _security document to the database. The document should look
something like
{
"admins": {
"names": [ "admin", "joe"],
"roles":[]
},
"readers": {
"names": ["joe"],
"roles": []
}
}
This would give the users "admin" and "joe" admin rights to the database and
only user "joe" could read/write to it.
If you want to change the _security settings simply GET the current
document, and then PUT the updated version
Hope this helps
Martin
