[Couchdb Wiki] Update of "Security_Features_Overview" by GregorMartynus

[Apache Wiki <wi...@apache.org>]

Dear Wiki user,

You have subscribed to a wiki page or wiki category on "Couchdb Wiki" for change notification.

The "Security_Features_Overview" page has been changed by GregorMartynus:
http://wiki.apache.org/couchdb/Security_Features_Overview?action=diff&rev1=33&rev2=34

Comment:
As of 1.2, "readers" group in _security object has been renamed to "members"

  == Authorization ==
  As of CouchDB 0.11, three types of users can be defined:
  
-  * database readers - Defined per database. They can read all types of documents from the DB, and they can write (and edit) documents to the DB except for design documents.
+  * database members - Defined per database. They can read all types of documents from the DB, and they can write (and edit) documents to the DB except for design documents.
  
-  * database admins - Defined per database. They have all the privileges readers have plus the privileges: write (and edit) design documents, add/remove database admins and readers, set the database revisions limit (''/somedb/_revs_limit'' API) and execute temporary views against the database (''/somedb/_temp_view'' API). They can not create a database and neither delete a database.
+  * database admins - Defined per database. They have all the privileges members have plus the privileges: write (and edit) design documents, add/remove database admins and members, set the database revisions limit (''/somedb/_revs_limit'' API) and execute temporary views against the database (''/somedb/_temp_view'' API). They can not create a database and neither delete a database.
  
   * server admins - Defined per CouchDB server. They have all the privileges.
  
  Server admins are defined in the ''admins'' section of the .ini configuration files. See [[Setting_up_an_Admin_account]] for more details.
  
- Database admins and readers are defined in the security object of a database. This security object, located under "/db_name/_security" in CouchDB version 0.11 and above, is a JSON document having the following structure:
+ Database admins and members are defined in the security object of a database. This security object, located under "/db_name/_security" in CouchDB version 0.11 and above, is a JSON document having the following structure:
  
  {{{
  {
@@ -43, +43 @@

       "names" : ["joe", "phil"],
       "roles" : ["boss"]
     },
-    "readers" : {
+    "members" : {
       "names" : ["dave"],
       "roles" : ["producer", "consumer"]
     }
@@ -51, +51 @@

  }}}
  Note that security objects are not regular versioned documents (that is, they are not under MVCC rules). This is a design choice to speedup authorization checks (avoids traversing a database's documents B-Tree).
  
- If both the names and roles fields of either the admins or readers properties are empty arrays, it means the database has no admins or readers. Having no admins, only server admins (with the reserved _admin role) are able to update design document and make other admin level changes. Having no readers, any user can write regular documents (any non-design document) and read documents from the database.
+ If both the names and roles fields of either the admins or members properties are empty arrays, it means the database has no admins or members. Having no admins, only server admins (with the reserved _admin role) are able to update design document and make other admin level changes. Having no members, any user can write regular documents (any non-design document) and read documents from the database.
  
  '''Note:''' If there are any reader names or roles defined for a database, then only authenticated users having a matching name or role are allowed to read documents from the database (or do a GET /db_name/ call).