On Sun, Jan 17, 2010 at 8:52 PM, Chris Anderson <[email protected]> wrote: > I'm thinking maybe: > > _local/security:_design/foo > > where _design/foo is the name of the ddoc that contains the current > validation function. > > local means it doesn't replicate. hmm, we also need to make sure the > security doc can only be updated by admins (so maybe _security makes > sense) > > That's nice and clean: > > _security/foo to go with _design/foo
I like the naming, but not the 'only be updated by admins' part. If there were the concept of admins for individual dbs, I would be fine with it, though. > I have some code open in my editor: couch_db:check_is_admin() > > I'm planning to copy this and call it check_is_reader() > > So readers is a flat list of names and roles, per db. > > If the list is empty, anyone can read. If not, then only readers can > read. A reader is someone who's name or roles matches the db readers > list. This means a private db is just a db where the reader list has > one member, the db-admin. > > I think this level of reader ACL is the simplest thing that could > possibly work, and pretty flexible too. > > Everything is readable by server admins. Where is this list stored? As a document in the database? Perhaps it could be part of the _security/* namespace - eg _security/readers ? Dave
