On Jun 26, 2012, at 1:27 PM, Wordit wrote: > Is it possible to give read access to a list of users at the document level?
No. This is both because of the performance impact it would have to do an ACL check for every document, and also because fundamental features like map/reduce views and the _changes feed don't work very well with per-doc permissions. (For instance, every view query would have to be filtered by the ACLs of each and every document that emitted rows into it, reduced values wouldn't be the same for all viewers, etc.) Two possible solutions: (a) Put CouchDB behind a proxy and configure the proxy to allow access based on the user credentials and request URL. Be very careful about blocking or restricting URLs like _all_docs, _changes, views, etc. that could allow information to leak out. (b) Create per-user databases, and set up filtered replications between them and the master database. (i.e. replicate into a user's database only documents that should be visible to that user.) Then set up permissions on the user databases. This (and more) is essentially what Couchbase's Syncpoint project aims to do; but it's still pretty early in development. (Contrary to what Alex says, Syncpoint works with hosted databases on IrisCouch or Cloudant; it's just that you can't run the server-side code of Syncpoint from there. But it's just a Node.js app that can be run from anywhere that has access to the databases.) —Jens
