Thanks a lot for that hint, Martin.
I have put together some notes of things, that were not obvious for me,
when reading the mentioned article.
Probable some one is interested in them, so I append them.
(Note: the formatting is Track-Wiki-Syntax)
MfG Bernhard
===============================
=== Create a user === simply create a new document in the _users DB
The password needs to be sha encrypted. For 'salt' (which is used for
hashing the password) Futon takes a uuid retrieved from !CouchDb.
{{{
HTTP-PUT http://localhost:5984/_users/org.couchdb.user:username
POSTDATA:
{
"name":"username",
"_id":"org.couchdb.user:username",
"salt":"4b53fee98d31e591ed3e1822cc002c2b",
"password_sha":"7302c24b46f519d6a2ed04ea62a8cf1ee6f43664",
"type":"user",
"roles":[]
}
}}}
=== Session Object of the current user ===
{{{
http://localhost:5984/_session
{
"db_name":"_users",
"doc_count":1,
"doc_del_count":0,
"update_seq":1,
"purge_seq":0,
"compact_running":false,
"disk_size":4185,
"instance_start_time":"1274256847057607",
"disk_format_version":5
}
}}}
=== Users of a !CouchDb Instanz === Administrators are not included in
the _users relation.
{{{
http://localhost:5984/_users/_all_docs
{"total_rows":3,"offset":0,"rows":[
{"id":"_design/_auth","key":"_design/_auth","value":{"rev":"1-04d86233b3254bb5a53dcf7103f97fc2"}},
{"id":"org.couchdb.user:anna","key":"org.couchdb.user:anna","value":{"rev":"1-3f232b61f2ca70d7c2cc26b8dd255059"}},
{"id":"org.couchdb.user:lena","key":"org.couchdb.user:lena","value":{"rev":"1-658ebfe3224a9257504b0a95b86ce7f1"}}
]}
}}}
=== Which users are allowed to use a DB, === is defined in the DB's
_security document. You can define those users directly by their name,
or by a role. There are two categories of users: admins and readers.
As long as no readers are defined for a DB, everyone is allowed to use
it. As soon as a reader is specified in the _security document,
only those users have access to the DB that are mentioned in the
_security document.
Users that are 'readers' on a DB, are allowed to do CRUD operations on
documents in that DB. They may not do CRUD operations on DBs.
Furthermore readers are not allowed to alter the _security document,
thus they can not add other readers or admins to the DB.
{{{
HTTP-POST http://localhost:5984/hello_world/_security
POSTDATA:
{"admins":
{
"names":[],
"roles":[]
},
"readers":
{
"names":["username"],
"roles":[]
}
}
}}}
Martin Higham schrieb:
You'll find the information you are looking for on the wiki
http://wiki.apache.org/couchdb/Security_Features_Overview
On 19 May 2010 10:06, Bernhard Schauer <[email protected]>wrote:
Hello,
I want to set up a DB so that only one 'reader' (I think that is the
correct term) can read and write documents to it.
So far I only found documentation regarding, how to set up an admin
account. But that is not what I want, since my reader should not be able to
create or delete databases, or anything else admin like.
Unfortunately I could not find any documentation on that. If I have just
overlooked it, let ask for forgiveness in advance.
MfG Bernhard
