On Fri, Feb 12, 2010 at 11:34:29AM +0100, Johannes Schmidt wrote: > I have edited an admin user in local.ini's [admins] section and > everything works fine. However I'd like to have my app. requesting > with an *ordinary* user that is just able to create, read, and > delete custom documents but that is _not_ able to create a new > database or read config. documents etc. I have added a [users] > section containing "myuser = mysecret" - but this has no effect. Is > such a distinction between admins and users on HTTP auth. level > possible?
What version are you running? With recent code there is a _users database. You can configure the name of this database in the .ini file if you want to call it something else. Then create your users by PUTting to this, or more easily through futon. These users won't be able to create a new database (that's a server-level admin function), and in trunk they cannot modify a design doc (that's a database-level admin function). However they can still read design docs. They can also read everything in the _users database, unless you block read access to it explicitly. HTH, Brian.
