cool, i believe you mean readers instead of members. I guess I'll need another document store in the main database to keep track of which user have access to with database, or is there a way to transverse all database in the server to see which database a particular user has access to?
On Wed, Jun 13, 2012 at 5:30 PM, Ryan Ramage <[email protected]> wrote: > Your model of one db per 'board' is correct. To limit users, you can > use the /db/_security object. > > see here: > http://wiki.apache.org/couchdb/Security_Features_Overview#Authorization > > Basically, looks like this: > > { > "admins" : { > "names" : ["joe", "phil"], > "roles" : ["boss"] > }, > "members" : { > "names" : ["dave", "bill"], > "roles" : [] > } > } > > Basically, put all the usernames of those you want access to the board > in the members names. > > Just to be clear...this is for each db inside you can do this, which > seems to support what you are trying to do. > > > On Wed, Jun 13, 2012 at 1:52 PM, Herman Chan <[email protected]> wrote: > > Hi all, > > > > I am new to couchdb so bear with me if this is really easy. > > > > I am trying to prototype a system where there is group of user who can > > share everything within a database to each other. For example, think of a > > message board system that once a user is allow into a particular board, > > they can view/update/delete anything in that message board. Also, a user > > can join multiple boards. > > > > From what I read so far, the way I am thinking to achieve this is to have > > multiple database within the couchdb server. Each database represents a > > board and since board doesn't need to talk to each other, this give a > nice > > separation between boards. > > > > My question is about user authorization. I know that I can create user in > > couchdb and assign them ACL within one "database", but is there a way in > > couchdb that it controls user access in a "database" level? ie. which > > database can a user read/write/update? > > > > the only way I see now is to have another table in a "application" > database > > can control user access, basically a mapping from user to database. >
