Hi Andy, you're right that a DB per user-feature is currently the way to go to achieve the kind of access control granularity that you have in mind. 100k databases in a Cloudant account is not all that uncommon. Cheers,
Adam On Jan 9, 2014, at 8:55 AM, Andy Dorman <ador...@ironicdesign.com> wrote: > Hi, we are new to document databases and CouchDB, but we are very excited > about the possibilities of CouchDB, Cloudant, and PouchDB, especially for > mobile applications. > > We are beginning a major update to a "mobile first" design of a web app that > has used an SQL db for over 13 years. The app currently has thousands of > users (and will hopefully grow to tens of thousands once we have a mobile > version running) with 10 "shareable" features (Calendar, Recipes, etc.) for > each user. Each user needs to be able to grant "read" or "edit" access to > each feature to some number (usually anywhere from 2 to 50) of other users. > > This access model needs read/write authorization to be per user per feature. > ie, Joe (a user) can grant edit access for his Recipes (a feature) to his Mom > (another user) and read access for his Calendar (another feature) to his wife > (another user). > > We really want to use Pouchdb in the client and Couchdb/Cloudant on the > server-side as that solves a LOT of issues regarding replication and network > access for mobile clients. > > However, it looks to us like the only way to implement this access model > using CouchDB's built-in auth features is to define a database for each > user-feature combination. So Joe could grant edit access to his "Recipe > database" to his Mom and read access to his Calendar database to Fred and > edit access to his wife. > > Our first question is: Is it scalable for an app with several thousand(s) > users and 10 features to use a separate database for each user-feature? With > 10,000 users and 10 features, that would come to 100,000 "databases" for our > app. > > The second question would be is there another way (other than us writing a > server-side middle layer REST-ful app to handle authorization) to handle > authorization at a per user per feature level? Our original design using > CouchDB had a single database per user and a doc-type or document per > feature. But we have been unable to figure out a way to have CouchDB control > authorization for each document or doc_type. > > Thank you for any insight or references to documentation that might explain a > way to implement CouchDB authorization at the doc_type or document level. > > -- > Andy Dorman >
