Apologies, I didn't mean to not use the _users system, I was referring to the
editing the permissions security properties of the _users DB in an attempt to
allow a non-admin user to make edits to that DB.
> On 25 Sep 2017, at 11:31, Jan Lehnardt <j...@apache.org> wrote:
>
> Stefan is correct that this is expected behaviour, but I’d reject the notion
> that
> it is in any way recommended to not use the CouchDB user system. All you need
> to
> do is have a CouchDB admin user do the _users edits.
>
> Of course you can build your own system on top, but I wouldn’t recommend that.
>
> Best
> Jan
> --
>
>> On 23. Sep 2017, at 15:17, max <maxima...@gmail.com> wrote:
>>
>> Thank you for your answers I'll try with simple web services layer.
>>
>> Le 23 sept. 2017 3:14 PM, "Stefan du Fresne" <ste...@medicmobile.org> a
>> écrit :
>>
>>> None that I know of no. Ideally it would just work, but I think editing
>>> permissions for _users is effectively deprecated at this point.
>>>
>>> Really the only thing you can do is write a security layer yourself,
>>> either by wrapping CouchDB and converting those calls (after checking your
>>> own security) to be done by an admin user, or provide a separate API etc.
>>>
>>> Stefan
>>>> On 23 Sep 2017, at 13:40, max <maxima...@gmail.com> wrote:
>>>>
>>>> Thanks,
>>>>
>>>> Any workaround from configuration ? I would like to avoid making more
>>>> couchdb admin...
>>>>
>>>> Le 23 sept. 2017 1:08 PM, "Stefan du Fresne" <ste...@medicmobile.org> a
>>>> écrit :
>>>>
>>>>> This is currently how it works yeah.
>>>>>
>>>>> I believe the current recommendation for user management is to
>>> effectively
>>>>> ignore the permissions matrix in the _users database and instead wrap
>>>>> CouchDB in your own permissions management.
>>>>>
>>>>> Stefan
>>>>>> On 22 Sep 2017, at 17:36, max <maxima...@gmail.com> wrote:
>>>>>>
>>>>>> Hi,
>>>>>>
>>>>>> I'm trying CouchDB 2.1 and facing an (strange?) issue. I have given
>>>>>> admin access through "Permissions" to "user1" and every user with the
>>>>>> role "manager". This allowed these users to call view from _design in
>>>>>> _users database. But this is not enough to delete other users, to do
>>>>>> that user have to be a super CouchDB Admin. Is this the expected
>>>>>> behavior? I got "Only admins may delete other user docs" whereas he is
>>>>>> admin.
>>>>>>
>>>>>> This is my _users database permissions:
>>>>>>
>>>>>> {"error":"unauthorized","reason":"Authentication
>>>>>> required.","admins":{"names":["user1"],"roles":["manager"]}}
>>>>>>
>>>>>>
>>>>>> Regards,
>>>>>>
>>>>>> Max.
>>>>>
>>>>>
>>>
>>>
>
> --
> Professional Support for Apache CouchDB:
> https://neighbourhood.ie/couchdb-support/
>
