[
https://issues.apache.org/jira/browse/COUCHDB-615?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Alexander Trauzzi updated COUCHDB-615:
--------------------------------------
Description:
It would be nice if CouchDB had a comprehensive offering for varying levels of
access to documents and databases.
Here are some ideas:
o User lists are stored in the database, per database.
o Roles and role membership are stored in the database, per database.
o ACLs are stored in the database, per database.
o CouchDB can use ACLs to store and simplify permissions for internal
functionality (manage the db, manage users, add roles, add users to roles,
etc...)
o CouchApps can take advantage of the ACLs to support login/logout and
arbitrary business rules as needed.
o A simple API can be made to conduct role, ACL and ownership checks.
I suppose there is some theory and discussion behind determining whether users,
roles or both are stored in ACL rules. Also, something worth discussing is
whether the checks are automatically performed by couchdb, or if views are to
be performing checks prior to emitting data. Or both...
Building all this into CouchDB would mean that it has a mechanism for complex
applications to be developed. Ones that mandate privacy and other visibility
concerns.
was:
It would be nice if CouchDB had a comprehensive offering for varying levels of
access to documents and databases.
Here are some ideas:
o User lists are stored in the database, per database.
o Roles and role membership are stored in the database, per database.
o ACLs are stored in the database, per database.
o CouchDB can use ACLs to store and simplify permissions for internal
functionality (manage the db, manage users, add roles, add users to roles,
etc...)
o CouchApps can take advantage of the ACLs to support login/logout and
arbitrary business rules as needed.
o A simple API can be made to conduct role, ACL and ownership checks.
I suppose there is some theory and discussion behind determining whether users,
roles or both are stored in ACL rules.
Building all this into CouchDB would mean that it has a mechanism for complex
applications to be developed. Ones that mandate privacy and other visibility
concerns.
> Role, ACL and Ownership Checks
> ------------------------------
>
> Key: COUCHDB-615
> URL: https://issues.apache.org/jira/browse/COUCHDB-615
> Project: CouchDB
> Issue Type: New Feature
> Environment: Ubuntu 9.10 64bit
> Reporter: Alexander Trauzzi
>
> It would be nice if CouchDB had a comprehensive offering for varying levels
> of access to documents and databases.
> Here are some ideas:
> o User lists are stored in the database, per database.
> o Roles and role membership are stored in the database, per database.
> o ACLs are stored in the database, per database.
> o CouchDB can use ACLs to store and simplify permissions for internal
> functionality (manage the db, manage users, add roles, add users to roles,
> etc...)
> o CouchApps can take advantage of the ACLs to support login/logout and
> arbitrary business rules as needed.
> o A simple API can be made to conduct role, ACL and ownership checks.
> I suppose there is some theory and discussion behind determining whether
> users, roles or both are stored in ACL rules. Also, something worth
> discussing is whether the checks are automatically performed by couchdb, or
> if views are to be performing checks prior to emitting data. Or both...
> Building all this into CouchDB would mean that it has a mechanism for complex
> applications to be developed. Ones that mandate privacy and other visibility
> concerns.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
