Hi William, > Ran into the old 'need document-level permissions' problem here.
As replied by the devs, there is not a generic off-the-shelf high-performance document level permission feature in CouchDB. However, there are numbers of workarounds depending on your needs: 1. If authorizations depend only on document UUID, just set a reverse proxy in front of CouchDB; 2. If they depend on the document content (e.g. an updatable access list) then a `show` depending on the `userCtx` object can be your friend to control reads (if you hide the default API behind a reverse proxy) and a `validate_doc_update` function, depending also on the `userCtx`, let you control updates. Regards, Aurélien
