> On 25. Jul 2018, at 11:48, Rene Veerman <[email protected]> wrote: > > and how about using custom users and groups (roles) tables, combined with > view functions that query permissions settings in docs? > that way my CMS' users and groups stay seperate from couchdb's, which can > be seen as a plus, i think. > but i am worried about accesses to my couchdb using credentials found in my > javascript and accesses of the data without using the assigned view > functions.
If you don’t require replication and an application-logic layer in front of CouchDB works for you, you can build this any way you want :) > > i'm not sure db-per-user has been properly debugged already; it was broken > in 2.10 and the current version is 2.1.2 most of the issues there were addressed in 2.1.1 last fall. Best Jan — > > On Tue, Jul 24, 2018 at 9:45 PM Jan Lehnardt <[email protected]> wrote: > >> On top of what Joan mentioned, we’re planning per-doc permissions >> for 3.0, but it’s ways out, so don’t wait for it. But if db-per-user >> is good enough for now, you’ll be able to upgrade to the new model >> later. >> >> Best >> Jan >> — >> >>> On 24. Jul 2018, at 20:34, Joan Touzet <[email protected]> wrote: >>> >>> Right now, there is no document-level security in CouchDB unless you >> enforce >>> it yourself using a proxy server of some sort. You can then enable the >> proxy >>> authentication solution in CouchDB and handle all of the permissions >> yourself. >>> >>> Note that this breaks down if you want to allow end users to replicate >> to and >>> from the databases, or use the bulk endpoints. VDU functions generally >> aren't >>> sufficient to enforce detailed levels of modifications to documents. >>> >>> You'll want to look into the database-per-user approaches for CouchDB, >>> including the built-in "couch_peruser" functionality we provide. This >> lets you >>> have a single database per user, and use the power of replication to >> replicate >>> that user's data to (or from) a central database for later analytics >> work if >>> you need. >>> >>> -Joan >>> >>> ----- Original Message ----- >>> From: "Rene Veerman" <[email protected]> >>> To: [email protected] >>> Sent: Tuesday, July 24, 2018 1:56:28 PM >>> Subject: permissions specific to each document? >>> >>> is this possible in couchdb? >>> >>> suppose i have a database 'tree node data', >>> and several roles defined in the couchdb. >>> >>> i'd like to be returned only those tree node documents that the current >>> user may access. >>> >>> in general, i'd like to outsource my entire CMS' users and roles and >>> permissions system to couchdb. is this possible, and if so, what's the >> best >>> way to go about it? >> >> -- >> Professional Support for Apache CouchDB: >> https://neighbourhood.ie/couchdb-support/ >> >> -- Professional Support for Apache CouchDB: https://neighbourhood.ie/couchdb-support/
