On Sep 16, 2013, at 4:20 AM, Christian Grobmeier <[email protected]> wrote:
> Probably I could create a single database for all customers that way. Of
> course, then I would think twice with authentication which seems
> to work for databases, not for rows.
CouchDB has no per-document read access control — if a user is allowed to
access a database, s/he can read all documents. (Write access can of course be
controlled by a validation function.)
We [Couchbase] tried to get around this last year with a database-per-user
scheme that also had a central master database with all the documents; there
was then a replication for every user that pulled their readable documents into
their database and pushed their changes into the master. Unfortunately this was
(a) a bitch to configure automatically, and (b) not scalable.
Our current approach is the Couchbase Sync Gateway, a CouchDB-compatible
adapter for Couchbase Server that manages read/write access control with a
single database, so each user only sees the subset of the database s/he’s
allowed to access. It also uses a system called “channels” (a combination of
document tagging and message-queues) that makes it really easy to set up
complex multi-user workflows, especially for social apps.
http://www.couchbase.com/communities/couchbase-sync-gateway
It just went beta last week, with a GA in Q1 next year.
(Our marketing materials only talk about compatibility with our Couchbase Lite
mobile database, but the sync protocol is compatible with CouchDB’s, so it’ll
work with CouchDB or PouchDB clients as well.)
—Jens
