A CouchDB/Cloudant Scale & Authorization question

Thu, 09 Jan 2014 05:56:50 -0800

Hi, we are new to document databases and CouchDB, but we are very excited about the possibilities of CouchDB, Cloudant, and PouchDB, especially for mobile applications.
We are beginning a major update to a "mobile first" design of a web app that has used an SQL db for over 13 years. The app currently has thousands of users (and will hopefully grow to tens of thousands once we have a mobile version running) with 10 "shareable" features (Calendar, Recipes, etc.) for each user. Each user needs to be able to grant "read" or "edit" access to each feature to some number (usually anywhere from 2 to 50) of other users. 


This access model needs read/write authorization to be per user per 
feature. ie, Joe (a user) can grant edit access for his Recipes (a 
feature) to his Mom (another user) and read access for his Calendar 
(another feature) to his wife (another user).



We really want to use Pouchdb in the client and Couchdb/Cloudant on the 
server-side as that solves a LOT of issues regarding replication and 
network access for mobile clients.



However, it looks to us like the only way to implement this access model 
using CouchDB's built-in auth features is to define a database for each 
user-feature combination.  So Joe could grant edit access to his "Recipe 
database" to his Mom and read access to his Calendar database to Fred 
and edit access to his wife.



Our first question is: Is it scalable for an app with several 
thousand(s) users and 10 features to use a separate database for each 
user-feature? With 10,000 users and 10 features, that would come to 
100,000 "databases" for our app.



The second question would be is there another way (other than us writing 
a server-side middle layer REST-ful app to handle authorization) to 
handle authorization at a per user per feature level?  Our original 
design using CouchDB had a single database per user and a doc-type or 
document per feature.  But we have been unable to figure out a way to 
have CouchDB control authorization for each document or doc_type.



Thank you for any insight or references to documentation that might 
explain a way to implement CouchDB authorization at the doc_type or 
document level.


--
Andy Dorman























					Reply via email to