[GitHub] [couchdb-documentation] janl commented on a change in pull request #424: rfc(per-doc-access): first draft

[GitBox <gi...@apache.org>]

janl commented on a change in pull request #424: rfc(per-doc-access): first draft
URL: https://github.com/apache/couchdb-documentation/pull/424#discussion_r303195239
 
 

 ##########
 File path: rfcs/010-per-document-access-control.md
 ##########
 @@ -0,0 +1,416 @@
+---
+name: Per-Document Access Control
+about: Make the db-per-user pattern obsolete.
+title: 'Per-Document Access Control'
+labels: rfc, discussion, access control, security
+assignees: '@janl'
+
+---
+
+# Introduction
+
+Up until now (version 2.3.1), CouchDB could not serve mutually
+untrusting users accessing the same database. If a user has access to
+one document in a database, they have access to all other documents in
+the database. Some restrictions can be added about writing documents
+(designs docs are db-admin only, validate doc update (VDU) functions
+could restrict write access based on the writing user and/or the target
+document). For the remainder of this document, “db-admin” SHALL include
+server admins as well.
+
+## Abstract
+
+This lead to CouchDB developers making use of a pattern called
 
 Review comment:
   I do! thx

----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
 
For queries about this service, please contact Infrastructure at:
users@infra.apache.org


With regards,
Apache Git Services