On Wed, Jan 13, 2010 at 3:15 PM, David Goodlad <[email protected]> wrote: > On Thu, Jan 14, 2010 at 9:53 AM, Chris Anderson <[email protected]> wrote: >>> Does this sound like a reasonable plan? >> >> This sounds reasonable, but maybe we can make it easier. > > I like easier :) > >> You could almost model the manager as a db_admin, but you probably >> don't want them editing design documents. So what you need is a set of >> roles that apply to particular users, in the context of a particular >> database. Maybe it makes more sense to store the db-roles within the >> db itself? >> >> I think this is the use case for the security object. (Just a 4th >> argument to the validation function, which is a document loaded from >> the database the validation runs from) >> >> We should ask Damien to weigh in on the _namespace to use for the >> document (should it be local?), and how to store the info. > > That would definitely fit my situation nicely. I'd actually prefer to > manage the roles within the database that they apply to, it just makes > more sense. > > I'd think that the document could be 'any old document', with the only > requirement being that it have a specific id (_auth? _security?). > There could be some conventions, but I don't really see why couch > should enforce any structure on that document. The db designer could > then write his own validation functions to ensure that only specific > users/roles could update that document (probably require _admin to > create it in the first place, though).
Yes I think it could be a regular document. And I think we discussed earlier that it should replicate normally. > >> Glad to have you on the list, Dave. > > I've been quietly lurking for a couple of weeks now, finally decided > to show my face :) > > Dave > -- Chris Anderson http://jchrisa.net http://couch.io
