I like that approach better. For some reason I was thinking that users could modify their own _users doc, but I guess that would defeat role-based security... (^u^)
On Monday, April 12, 2010, J Chris Anderson <[email protected]> wrote: > > On Apr 12, 2010, at 12:04 PM, Zachary Zolton wrote: > >> Hi, >> >> I would like the to configure a CouchDB server to allow only admins to >> create user accounts. >> >> Should I modify the validate_doc_update function in the _users >> database's "_design/_auth" document? >> > > Yes, you could do that. It should be fine. However, if you delete the users > db, it will be recreated with the default validation function. (I guess this > is obvious, but worth stating.) > > As an alternative, you could require that users have a particular role, eg: > "approved" before they have access to the db(s) in question. Then anyone can > create an account but only admins can give them the "approved" role. > >> >> Cheers, >> >> Zach > >
