CouchDB authentification and permissions

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
2 messages Options
Reply | Threaded
Open this post in threaded view
|

CouchDB authentification and permissions

Roeder, Marko
Hi, all -

For the last couple of days I have been working on a permission system for our CouchDB and today I finally put it to action.
While prior to this day everyone was getting admin rights and therefore could manage the whole CouchDB installation, this has now been restricted to only a few.

What really change from a users point of view is the following:

Generally a Lively Kernel user cannot delete or compact databases anymore. Instead this is only possible for databases (s)he owns.
Ownership is automatically established when creating a new database and can be modified using the _security document but only by a user that already is an admin/owner of a database.
Database owners are also the only one's who are allowed to add/modify/delete design documents from a database.

Following this change, every database that already has been created has to get at least one owner so that it can be managed (e.g. delete) by a Lively Kernel user. Knowing a bit about who is/has been working on which project, I already assigned users to most of the databases so that everything should be fine.

Whoever is running into problems using our CouchDB is welcomed to drop me a line - either through the mailing list or directly to my email address.

Best,

        - Marko
_______________________________________________
lively-kernel mailing list
[hidden email]
http://lists.hpi.uni-potsdam.de/listinfo/lively-kernel
Reply | Threaded
Open this post in threaded view
|

Re: CouchDB authentification and permissions

Roeder, Marko
What I forgot to add is that now that Lively Kernel user get propagated to CouchDB, it is possible to make use of these usernames using CouchDBs design docs.
Therefore for example you can add a username to a document that has been created/updated or add additional permission checks whether you want some body create, update or delete documents.

        - Marko
_______________________________________________
lively-kernel mailing list
[hidden email]
http://lists.hpi.uni-potsdam.de/listinfo/lively-kernel