You are viewing a plain text version of this content. The canonical link for it is here.
Posted to user@couchdb.apache.org by William Edney <be...@technicalpursuit.com> on 2016/08/21 23:37:35 UTC
Cloudant document-level permissions feature?
Hi All -
Ran into the old 'need document-level permissions' problem here.
Towards the end of this video from Nov 2013, Joan Touzet mentions that
Cloudant was working on a solution to this (the ability to only see
portions of a document based on the user). However, I can't find any
further reference about this feature 2.5 years later.
Can anyone from Cloudant speak to whether this has been implemented, either
in the Cloudant private offering or in CouchDB 2.0 (or, if not, if there
are plans to implement it in the future?)
Thanks!!
Cheers,
- Bill
10 Common Misconceptions about CouchDB
<https://www.youtube.com/watch?v=BKQ9kXKoHS8>
Re: Cloudant document-level permissions feature?
Posted by Robert Samuel Newson <rn...@apache.org>.
agree, thanks Joan for the details. well said!
> On 24 Aug 2016, at 12:11, William Edney <be...@technicalpursuit.com> wrote:
>
> Joan -
>
> Thanks so much for the detailed reply! Much appreciated!
>
> Cheers,
>
> - Bill
>
> On Tue, Aug 23, 2016 at 5:18 PM, Joan Touzet <wo...@apache.org> wrote:
>
>> I'll just say a few words here since it was in my talk this initially
>> was discussed.
>>
>> At the time, Cloudant was considering the possibility of document level
>> security. We worked up a high level specification of how it could be
>> done, and worked through at least the first order of technical problems
>> we'd run into.
>>
>> In the process (some might argue even before the process began) it
>> became clear that performance would be *terrible* with this approach,
>> especially when it comes to materialized views (where permissions info
>> must be stored on every node in the B-tree). Tradeoffs to fix the
>> performance would place unusually extensive requirements on an admin and
>> could potentially explode disk utilization requirements. They were
>> decided against.
>>
>> Ultimately Cloudant never executed on the document-level security feature
>> in any meaningful way, and to my knowledge the feature was retired. Of
>> course, there may be something in one of Cloudant's paid services that
>> includes this feature, but based on the operational limitations we
>> explored a few years ago, I think it's relatively unlikely you'd want to
>> rely on it even if it did exist.
>>
>> Your best bets remain:
>>
>> * couch per user model
>> * traditional 3-tier app architecture with the middle tier enforcing
>> document-level security
>> * look into PouchDB options
>>
>> All the best,
>> Joan
>>
>> ----- Original Message -----
>>> From: "William Edney" <be...@technicalpursuit.com>
>>> To: user@couchdb.apache.org
>>> Sent: Tuesday, August 23, 2016 5:42:42 PM
>>> Subject: Re: Cloudant document-level permissions feature?
>>>
>>> Bill and Robert -
>>>
>>> Thanks both for your respective replies.
>>>
>>> Bill, this isn't currently a PouchDB app, although it could be turned
>>> into
>>> one.
>>>
>>> Robert, that's disappointing, but thanks for letting me know. I'd
>>> vote up
>>> such a feature pretty highly :-).
>>>
>>> Cheers,
>>>
>>> - Bill
>>>
>>> On Tue, Aug 23, 2016 at 2:24 PM, Robert Samuel Newson
>>> <rn...@apache.org>
>>> wrote:
>>>
>>>> Hi,
>>>>
>>>> Neither Cloudant nor CouchDB 2.0 will support document-level
>>>> permissions
>>>> in the near future, sorry.
>>>>
>>>> B.
>>>>
>>>>
>>>>> On 22 Aug 2016, at 00:37, William Edney
>>>>> <be...@technicalpursuit.com>
>>>> wrote:
>>>>>
>>>>> Hi All -
>>>>>
>>>>> Ran into the old 'need document-level permissions' problem here.
>>>>>
>>>>> Towards the end of this video from Nov 2013, Joan Touzet mentions
>>>>> that
>>>>> Cloudant was working on a solution to this (the ability to only
>>>>> see
>>>>> portions of a document based on the user). However, I can't find
>>>>> any
>>>>> further reference about this feature 2.5 years later.
>>>>>
>>>>> Can anyone from Cloudant speak to whether this has been
>>>>> implemented,
>>>> either
>>>>> in the Cloudant private offering or in CouchDB 2.0 (or, if not,
>>>>> if there
>>>>> are plans to implement it in the future?)
>>>>>
>>>>> Thanks!!
>>>>>
>>>>> Cheers,
>>>>>
>>>>> - Bill
>>>>>
>>>>> 10 Common Misconceptions about CouchDB
>>>>> <https://www.youtube.com/watch?v=BKQ9kXKoHS8>
>>>>
>>>>
>>>
>>
Re: Cloudant document-level permissions feature?
Posted by William Edney <be...@technicalpursuit.com>.
Joan -
Thanks so much for the detailed reply! Much appreciated!
Cheers,
- Bill
On Tue, Aug 23, 2016 at 5:18 PM, Joan Touzet <wo...@apache.org> wrote:
> I'll just say a few words here since it was in my talk this initially
> was discussed.
>
> At the time, Cloudant was considering the possibility of document level
> security. We worked up a high level specification of how it could be
> done, and worked through at least the first order of technical problems
> we'd run into.
>
> In the process (some might argue even before the process began) it
> became clear that performance would be *terrible* with this approach,
> especially when it comes to materialized views (where permissions info
> must be stored on every node in the B-tree). Tradeoffs to fix the
> performance would place unusually extensive requirements on an admin and
> could potentially explode disk utilization requirements. They were
> decided against.
>
> Ultimately Cloudant never executed on the document-level security feature
> in any meaningful way, and to my knowledge the feature was retired. Of
> course, there may be something in one of Cloudant's paid services that
> includes this feature, but based on the operational limitations we
> explored a few years ago, I think it's relatively unlikely you'd want to
> rely on it even if it did exist.
>
> Your best bets remain:
>
> * couch per user model
> * traditional 3-tier app architecture with the middle tier enforcing
> document-level security
> * look into PouchDB options
>
> All the best,
> Joan
>
> ----- Original Message -----
> > From: "William Edney" <be...@technicalpursuit.com>
> > To: user@couchdb.apache.org
> > Sent: Tuesday, August 23, 2016 5:42:42 PM
> > Subject: Re: Cloudant document-level permissions feature?
> >
> > Bill and Robert -
> >
> > Thanks both for your respective replies.
> >
> > Bill, this isn't currently a PouchDB app, although it could be turned
> > into
> > one.
> >
> > Robert, that's disappointing, but thanks for letting me know. I'd
> > vote up
> > such a feature pretty highly :-).
> >
> > Cheers,
> >
> > - Bill
> >
> > On Tue, Aug 23, 2016 at 2:24 PM, Robert Samuel Newson
> > <rn...@apache.org>
> > wrote:
> >
> > > Hi,
> > >
> > > Neither Cloudant nor CouchDB 2.0 will support document-level
> > > permissions
> > > in the near future, sorry.
> > >
> > > B.
> > >
> > >
> > > > On 22 Aug 2016, at 00:37, William Edney
> > > > <be...@technicalpursuit.com>
> > > wrote:
> > > >
> > > > Hi All -
> > > >
> > > > Ran into the old 'need document-level permissions' problem here.
> > > >
> > > > Towards the end of this video from Nov 2013, Joan Touzet mentions
> > > > that
> > > > Cloudant was working on a solution to this (the ability to only
> > > > see
> > > > portions of a document based on the user). However, I can't find
> > > > any
> > > > further reference about this feature 2.5 years later.
> > > >
> > > > Can anyone from Cloudant speak to whether this has been
> > > > implemented,
> > > either
> > > > in the Cloudant private offering or in CouchDB 2.0 (or, if not,
> > > > if there
> > > > are plans to implement it in the future?)
> > > >
> > > > Thanks!!
> > > >
> > > > Cheers,
> > > >
> > > > - Bill
> > > >
> > > > 10 Common Misconceptions about CouchDB
> > > > <https://www.youtube.com/watch?v=BKQ9kXKoHS8>
> > >
> > >
> >
>
Re: Cloudant document-level permissions feature?
Posted by Joan Touzet <wo...@apache.org>.
I'll just say a few words here since it was in my talk this initially
was discussed.
At the time, Cloudant was considering the possibility of document level
security. We worked up a high level specification of how it could be
done, and worked through at least the first order of technical problems
we'd run into.
In the process (some might argue even before the process began) it
became clear that performance would be *terrible* with this approach,
especially when it comes to materialized views (where permissions info
must be stored on every node in the B-tree). Tradeoffs to fix the
performance would place unusually extensive requirements on an admin and
could potentially explode disk utilization requirements. They were
decided against.
Ultimately Cloudant never executed on the document-level security feature
in any meaningful way, and to my knowledge the feature was retired. Of
course, there may be something in one of Cloudant's paid services that
includes this feature, but based on the operational limitations we
explored a few years ago, I think it's relatively unlikely you'd want to
rely on it even if it did exist.
Your best bets remain:
* couch per user model
* traditional 3-tier app architecture with the middle tier enforcing
document-level security
* look into PouchDB options
All the best,
Joan
----- Original Message -----
> From: "William Edney" <be...@technicalpursuit.com>
> To: user@couchdb.apache.org
> Sent: Tuesday, August 23, 2016 5:42:42 PM
> Subject: Re: Cloudant document-level permissions feature?
>
> Bill and Robert -
>
> Thanks both for your respective replies.
>
> Bill, this isn't currently a PouchDB app, although it could be turned
> into
> one.
>
> Robert, that's disappointing, but thanks for letting me know. I'd
> vote up
> such a feature pretty highly :-).
>
> Cheers,
>
> - Bill
>
> On Tue, Aug 23, 2016 at 2:24 PM, Robert Samuel Newson
> <rn...@apache.org>
> wrote:
>
> > Hi,
> >
> > Neither Cloudant nor CouchDB 2.0 will support document-level
> > permissions
> > in the near future, sorry.
> >
> > B.
> >
> >
> > > On 22 Aug 2016, at 00:37, William Edney
> > > <be...@technicalpursuit.com>
> > wrote:
> > >
> > > Hi All -
> > >
> > > Ran into the old 'need document-level permissions' problem here.
> > >
> > > Towards the end of this video from Nov 2013, Joan Touzet mentions
> > > that
> > > Cloudant was working on a solution to this (the ability to only
> > > see
> > > portions of a document based on the user). However, I can't find
> > > any
> > > further reference about this feature 2.5 years later.
> > >
> > > Can anyone from Cloudant speak to whether this has been
> > > implemented,
> > either
> > > in the Cloudant private offering or in CouchDB 2.0 (or, if not,
> > > if there
> > > are plans to implement it in the future?)
> > >
> > > Thanks!!
> > >
> > > Cheers,
> > >
> > > - Bill
> > >
> > > 10 Common Misconceptions about CouchDB
> > > <https://www.youtube.com/watch?v=BKQ9kXKoHS8>
> >
> >
>
Re: Cloudant document-level permissions feature?
Posted by William Edney <be...@technicalpursuit.com>.
Bill and Robert -
Thanks both for your respective replies.
Bill, this isn't currently a PouchDB app, although it could be turned into
one.
Robert, that's disappointing, but thanks for letting me know. I'd vote up
such a feature pretty highly :-).
Cheers,
- Bill
On Tue, Aug 23, 2016 at 2:24 PM, Robert Samuel Newson <rn...@apache.org>
wrote:
> Hi,
>
> Neither Cloudant nor CouchDB 2.0 will support document-level permissions
> in the near future, sorry.
>
> B.
>
>
> > On 22 Aug 2016, at 00:37, William Edney <be...@technicalpursuit.com>
> wrote:
> >
> > Hi All -
> >
> > Ran into the old 'need document-level permissions' problem here.
> >
> > Towards the end of this video from Nov 2013, Joan Touzet mentions that
> > Cloudant was working on a solution to this (the ability to only see
> > portions of a document based on the user). However, I can't find any
> > further reference about this feature 2.5 years later.
> >
> > Can anyone from Cloudant speak to whether this has been implemented,
> either
> > in the Cloudant private offering or in CouchDB 2.0 (or, if not, if there
> > are plans to implement it in the future?)
> >
> > Thanks!!
> >
> > Cheers,
> >
> > - Bill
> >
> > 10 Common Misconceptions about CouchDB
> > <https://www.youtube.com/watch?v=BKQ9kXKoHS8>
>
>
Re: Cloudant document-level permissions feature?
Posted by Robert Samuel Newson <rn...@apache.org>.
Hi,
Neither Cloudant nor CouchDB 2.0 will support document-level permissions in the near future, sorry.
B.
> On 22 Aug 2016, at 00:37, William Edney <be...@technicalpursuit.com> wrote:
>
> Hi All -
>
> Ran into the old 'need document-level permissions' problem here.
>
> Towards the end of this video from Nov 2013, Joan Touzet mentions that
> Cloudant was working on a solution to this (the ability to only see
> portions of a document based on the user). However, I can't find any
> further reference about this feature 2.5 years later.
>
> Can anyone from Cloudant speak to whether this has been implemented, either
> in the Cloudant private offering or in CouchDB 2.0 (or, if not, if there
> are plans to implement it in the future?)
>
> Thanks!!
>
> Cheers,
>
> - Bill
>
> 10 Common Misconceptions about CouchDB
> <https://www.youtube.com/watch?v=BKQ9kXKoHS8>
Re: Cloudant document-level permissions feature?
Posted by William Edney <be...@technicalpursuit.com>.
Aurélien, thank for your response! We're investigating this technique.
Cheers,
- Bill
On Thu, Aug 25, 2016 at 8:43 AM, Aurélien Bénel <au...@utt.fr>
wrote:
> Hi William,
>
> > Ran into the old 'need document-level permissions' problem here.
>
> As replied by the devs, there is not a generic off-the-shelf
> high-performance document level permission feature in CouchDB.
>
> However, there are numbers of workarounds depending on your needs:
> 1. If authorizations depend only on document UUID, just set a reverse
> proxy in front of CouchDB;
> 2. If they depend on the document content (e.g. an updatable access list)
> then a `show` depending on the `userCtx` object can be your friend to
> control reads (if you hide the default API behind a reverse proxy) and a
> `validate_doc_update` function, depending also on the `userCtx`, let you
> control updates.
>
>
> Regards,
>
> Aurélien
Re: Cloudant document-level permissions feature?
Posted by Aurélien Bénel <au...@utt.fr>.
Hi William,
> Ran into the old 'need document-level permissions' problem here.
As replied by the devs, there is not a generic off-the-shelf high-performance document level permission feature in CouchDB.
However, there are numbers of workarounds depending on your needs:
1. If authorizations depend only on document UUID, just set a reverse proxy in front of CouchDB;
2. If they depend on the document content (e.g. an updatable access list) then a `show` depending on the `userCtx` object can be your friend to control reads (if you hide the default API behind a reverse proxy) and a `validate_doc_update` function, depending also on the `userCtx`, let you control updates.
Regards,
Aurélien