You are viewing a plain text version of this content. The canonical link for it is here.
Posted to user@couchdb.apache.org by Marcus <co...@wordit.com> on 2020/02/08 23:11:22 UTC
Controlling per-user access to data
Can anyone help with per-user access to documents?
Imagine a to-do list app where lists are private by default, but can be shared with others. One document per list would make sense, correct?
Problem: Couchdb access control is per database, I cannot figure out a way to restrict read access to lists.
Cloudant strongly advise against creating one database per user, unless it's a very small number. They suggest a limit of 500 databases to not diminish performance.
Does anyone have a suggestion how I could control read access for each to-do list?
Thanks,
Marcus
Re: Controlling per-user access to data
Posted by Sinan Gabel <si...@gmail.com>.
Also see:
https://github.com/pouchdb-community/pouchdb-authentication/blob/master/docs/recipes.md
On Sun, 9 Feb 2020 at 11:26, Marcus <co...@wordit.com> wrote:
> One database per user would not actually offer the access control
> granularity required for sharing read-access to individual documents. I
> originally misunderstood that.
>
> Per database access control would only work for an access model like
> Instagram's, by restricting access to all documents, or to none. What
> Instagram terms a "private account".
> It does not allow for access control like e.g. Dropbox or iCloud, by
> restricting read access to individual documents.
>
> It sounds like middleware is the only solution to providing per-document
> access control in CouchDB 2.x. If anyone could share their working
> solutions it would be a great help.
>
> Marcus
>
>
>
> > On 9. Feb 2020, at 09:04, Willem van der Westhuizen <wi...@kwantu.net>
> wrote:
> >
> > I would like to follow up on the Cloudant suggestion of a per-user
> database. That seems in contrast to other couchdb resources advocating it
> as the design pattern. We have found it preferable to use per user
> databases to manage efficient replication to users in pouchdb on the
> client, replicating to the server. Could you perhaps refer to the
> references on this issue?
> >
> >> On 2020/02/09 01:11, Marcus wrote:
> >> Can anyone help with per-user access to documents?
> >>
> >> Imagine a to-do list app where lists are private by default, but can be
> shared with others. One document per list would make sense, correct?
> >>
> >> Problem: Couchdb access control is per database, I cannot figure out a
> way to restrict read access to lists.
> >>
> >> Cloudant strongly advise against creating one database per user, unless
> it's a very small number. They suggest a limit of 500 databases to not
> diminish performance.
> >>
> >> Does anyone have a suggestion how I could control read access for each
> to-do list?
> >>
> >> Thanks,
> >>
> >> Marcus
> >>
> >>
> >> .
>
>
Re: Controlling per-user access to data
Posted by Marcus <co...@wordit.com>.
One database per user would not actually offer the access control granularity required for sharing read-access to individual documents. I originally misunderstood that.
Per database access control would only work for an access model like Instagram's, by restricting access to all documents, or to none. What Instagram terms a "private account".
It does not allow for access control like e.g. Dropbox or iCloud, by restricting read access to individual documents.
It sounds like middleware is the only solution to providing per-document access control in CouchDB 2.x. If anyone could share their working solutions it would be a great help.
Marcus
> On 9. Feb 2020, at 09:04, Willem van der Westhuizen <wi...@kwantu.net> wrote:
>
> I would like to follow up on the Cloudant suggestion of a per-user database. That seems in contrast to other couchdb resources advocating it as the design pattern. We have found it preferable to use per user databases to manage efficient replication to users in pouchdb on the client, replicating to the server. Could you perhaps refer to the references on this issue?
>
>> On 2020/02/09 01:11, Marcus wrote:
>> Can anyone help with per-user access to documents?
>>
>> Imagine a to-do list app where lists are private by default, but can be shared with others. One document per list would make sense, correct?
>>
>> Problem: Couchdb access control is per database, I cannot figure out a way to restrict read access to lists.
>>
>> Cloudant strongly advise against creating one database per user, unless it's a very small number. They suggest a limit of 500 databases to not diminish performance.
>>
>> Does anyone have a suggestion how I could control read access for each to-do list?
>>
>> Thanks,
>>
>> Marcus
>>
>>
>> .
Re: Controlling per-user access to data
Posted by Willem van der Westhuizen <wi...@kwantu.net>.
I would like to follow up on the Cloudant suggestion of a per-user
database. That seems in contrast to other couchdb resources advocating
it as the design pattern. We have found it preferable to use per user
databases to manage efficient replication to users in pouchdb on the
client, replicating to the server. Could you perhaps refer to the
references on this issue?
On 2020/02/09 01:11, Marcus wrote:
> Can anyone help with per-user access to documents?
>
> Imagine a to-do list app where lists are private by default, but can be shared with others. One document per list would make sense, correct?
>
> Problem: Couchdb access control is per database, I cannot figure out a way to restrict read access to lists.
>
> Cloudant strongly advise against creating one database per user, unless it's a very small number. They suggest a limit of 500 databases to not diminish performance.
>
> Does anyone have a suggestion how I could control read access for each to-do list?
>
> Thanks,
>
> Marcus
>
>
> .
Re: Controlling per-user access to data
Posted by Marcus <co...@wordit.com>.
Travis, that sounds like a solution that might work for my project. Are you able to share any of the code for your middleware?
Marcus
> On 9. Feb 2020, at 01:25, Travis Klein <tr...@gmail.com> wrote:
>
> One option would be to have a node express server as middleware.
Re: Controlling per-user access to data
Posted by Travis Klein <tr...@gmail.com>.
One option would be to have a node express server as middleware. That’s what I’m doing for extra control. Save emails of auth users in doc. Request doc from express server check if users email is in doc if so return doc
Sent from my iPhone
> On Feb 8, 2020, at 4:11 PM, Marcus <co...@wordit.com> wrote:
>
> Can anyone help with per-user access to documents?
>
> Imagine a to-do list app where lists are private by default, but can be shared with others. One document per list would make sense, correct?
>
> Problem: Couchdb access control is per database, I cannot figure out a way to restrict read access to lists.
>
> Cloudant strongly advise against creating one database per user, unless it's a very small number. They suggest a limit of 500 databases to not diminish performance.
>
> Does anyone have a suggestion how I could control read access for each to-do list?
>
> Thanks,
>
> Marcus
>
>
RE: Controlling per-user access to data
Posted by Peter J Krawetzky <pk...@gmail.com>.
We built a front end app that added security to each document via a permissions popup. It used active directory groups. It also stored last updated fields like datetime and user id. PeterSent from my Verizon, Samsung Galaxy smartphone
-------- Original message --------From: Marcus <co...@wordit.com> Date: 2/8/20 18:11 (GMT-05:00) To: user@couchdb.apache.org Subject: Controlling per-user access to data Can anyone help with per-user access to documents? Imagine a to-do list app where lists are private by default, but can be shared with others. One document per list would make sense, correct?Problem: Couchdb access control is per database, I cannot figure out a way to restrict read access to lists.Cloudant strongly advise against creating one database per user, unless it's a very small number. They suggest a limit of 500 databases to not diminish performance.Does anyone have a suggestion how I could control read access for each to-do list?Thanks,Marcus