Hi, CouchDB natively can't do what you want and it's by design. Not saying it's good design, it's just what it is.
You could have a small daemon that your non-admin users can notify to do. user deletions, and hat daemon then gets server admin permissions. Cheers Jan -- > On 13 Jan 2017, at 20:59, max <[email protected]> wrote: > > Hi, > > Thank you for your answer ! I'll give it a try but I was expecting a native > issue. Let's see if someone else have already faced this problem. I'd be > suprised if it was not supported. > > Max. > > Le 13 janv. 2017 5:51 PM, "Martin Broerse" <[email protected]> a > écrit : > >> Hi Max, >> >> I am thinking about doing something similar with openWhisk. You can create >> a "users-to-delete" database only some users can write usernames to. On >> change to this database an openWhisk Action can delete the usernames >> specified in this "users-to-delete" database with full admin rights and >> remove the usernames on success. >> >> Just my 2 cents. >> >> - Martin >> >>> On Fri, Jan 13, 2017 at 3:15 PM, max <[email protected]> wrote: >>> >>> Hi, >>> I need to allow some users to delete other users without being a CouchDB >>> Administrator. To do that I updated _users/_design/_auth to change the >>> '_admin' check to: >>> if ((userCtx.roles.indexOf('_admin') !== -1) || >>> (userCtx.roles.indexOf('manager') !== -1 && >>> userCtx.roles.indexOf(oldDoc.databases[0]) !== -1) || >>> (userCtx.name == oldDoc.name)) { >>> return; >>> } else { >>> throw ({ >>> forbidden: 'Only admins may delete other user docs.' >>> }); >>> } >>> It works but sometimes CouchDB reset this _design/_auth document. I've >> read >>> in doc this design doc cannot be modified but I couldn't find another way >>> to achieve this. >>> Is there a way to prevent CouchDB to do that ? Or another way to do what >>> I'm trying to do ? >>> I'm using CouchDB 1.4. >>> >>> Thanks. >>> >>> Max. >>> >>
