You are viewing a plain text version of this content. The canonical link for it is here.
Posted to user@couchdb.apache.org by Bernhard Schauer <be...@openforce.com> on 2010/05/19 11:06:06 UTC
who to set up readers for databases
Hello,
I want to set up a DB so that only one 'reader' (I think that is the
correct term) can read and write documents to it.
So far I only found documentation regarding, how to set up an admin
account. But that is not what I want, since my reader should not be able
to create or delete databases, or anything else admin like.
Unfortunately I could not find any documentation on that. If I have just
overlooked it, let ask for forgiveness in advance.
MfG Bernhard
Re: who to set up readers for databases
Posted by Bernhard Schauer <be...@openforce.com>.
Thanks a lot for that hint, Martin.
I have put together some notes of things, that were not obvious for me,
when reading the mentioned article.
Probable some one is interested in them, so I append them.
(Note: the formatting is Track-Wiki-Syntax)
MfG Bernhard
===============================
=== Create a user === simply create a new document in the _users DB
The password needs to be sha encrypted. For 'salt' (which is used for
hashing the password) Futon takes a uuid retrieved from !CouchDb.
{{{
HTTP-PUT http://localhost:5984/_users/org.couchdb.user:username
POSTDATA:
{
"name":"username",
"_id":"org.couchdb.user:username",
"salt":"4b53fee98d31e591ed3e1822cc002c2b",
"password_sha":"7302c24b46f519d6a2ed04ea62a8cf1ee6f43664",
"type":"user",
"roles":[]
}
}}}
=== Session Object of the current user ===
{{{
http://localhost:5984/_session
{
"db_name":"_users",
"doc_count":1,
"doc_del_count":0,
"update_seq":1,
"purge_seq":0,
"compact_running":false,
"disk_size":4185,
"instance_start_time":"1274256847057607",
"disk_format_version":5
}
}}}
=== Users of a !CouchDb Instanz === Administrators are not included in
the _users relation.
{{{
http://localhost:5984/_users/_all_docs
{"total_rows":3,"offset":0,"rows":[
{"id":"_design/_auth","key":"_design/_auth","value":{"rev":"1-04d86233b3254bb5a53dcf7103f97fc2"}},
{"id":"org.couchdb.user:anna","key":"org.couchdb.user:anna","value":{"rev":"1-3f232b61f2ca70d7c2cc26b8dd255059"}},
{"id":"org.couchdb.user:lena","key":"org.couchdb.user:lena","value":{"rev":"1-658ebfe3224a9257504b0a95b86ce7f1"}}
]}
}}}
=== Which users are allowed to use a DB, === is defined in the DB's
_security document. You can define those users directly by their name,
or by a role. There are two categories of users: admins and readers.
As long as no readers are defined for a DB, everyone is allowed to use
it. As soon as a reader is specified in the _security document,
only those users have access to the DB that are mentioned in the
_security document.
Users that are 'readers' on a DB, are allowed to do CRUD operations on
documents in that DB. They may not do CRUD operations on DBs.
Furthermore readers are not allowed to alter the _security document,
thus they can not add other readers or admins to the DB.
{{{
HTTP-POST http://localhost:5984/hello_world/_security
POSTDATA:
{"admins":
{
"names":[],
"roles":[]
},
"readers":
{
"names":["username"],
"roles":[]
}
}
}}}
Martin Higham schrieb:
> You'll find the information you are looking for on the wiki
>
> http://wiki.apache.org/couchdb/Security_Features_Overview
>
>
>
> On 19 May 2010 10:06, Bernhard Schauer <be...@openforce.com>wrote:
>
>
>> Hello,
>>
>> I want to set up a DB so that only one 'reader' (I think that is the
>> correct term) can read and write documents to it.
>> So far I only found documentation regarding, how to set up an admin
>> account. But that is not what I want, since my reader should not be able to
>> create or delete databases, or anything else admin like.
>>
>> Unfortunately I could not find any documentation on that. If I have just
>> overlooked it, let ask for forgiveness in advance.
>>
>> MfG Bernhard
>>
>>
>
>
Re: who to set up readers for databases
Posted by Martin Higham <ma...@ocasta.co.uk>.
You'll find the information you are looking for on the wiki
http://wiki.apache.org/couchdb/Security_Features_Overview
On 19 May 2010 10:06, Bernhard Schauer <be...@openforce.com>wrote:
> Hello,
>
> I want to set up a DB so that only one 'reader' (I think that is the
> correct term) can read and write documents to it.
> So far I only found documentation regarding, how to set up an admin
> account. But that is not what I want, since my reader should not be able to
> create or delete databases, or anything else admin like.
>
> Unfortunately I could not find any documentation on that. If I have just
> overlooked it, let ask for forgiveness in advance.
>
> MfG Bernhard
>