On Mon, Sep 14, 2009 at 10:09 PM, Jason Davies <[email protected]> wrote: > Hi all, > > Thanks for all the excellent responses! > > With Chris Anderson's "simplest thing that could possibly work" idea in > mind, here's a quick summary of what I plan to implement as a first cut. > I've taken ideas from multiple responses on this thread, so I wasn't sure > which message to reply to, but this plan is mostly inspired by Adam's ACL > ideas so I've included that message below this one for reference. > > The simplest idea is that we have a special doc in each database, > "_local/_acl" or similar, containing a list of [role(s), "read" or "write"] > pairs. By default everything is denied to everyone (except _admin). The > most common use case would be to then have ["username", "read"] and > ["username", "write"] to give a user read and write permissions to that > particular database. (In this example, I've assumed that in the _users > database we map the "username" user to the "username" role for simplicity). > If we want to give particular access (e.g. read-only) to *everyone*, we can > use the special "*" string to denote a wildcard, which matches any role, > including no role at all e.g. ["*", "read"].
Will this doc be replicated ? > > I envisage this default "deny all" behaviour being a switch in the .ini > file, so people will only turn it on once they have users and/or ACLs set > up. I don't like the default, io, by default everything should be open and then you close the door or not . > Thanks, > -- thanks to you :) - benoit
