CouchDB and PouchDB plain users can create Databases

Question

I don't want normal users to be able to create Databases.

In the Futon Screen /_utils, when logged in as a plain user, everything functions as expected. Only Admins can create Databases.

But when I sync my pouchDB with couchDB, plain users can also create (replicate?) Database. I want the adding of new Databases only to be restricted to Admin users.

Also I just noticed that existing DB also get edited even when user is restricted.

How can I fix this?

var remoteCouch = http://testuser:testuser@{domain}.iriscouch.com/testdb;

PouchDB.debug.disable();

if (remoteCouch) {
    sync();
} else {
    console.log("No remote server.");
}

function sync() {
    var opts = {live: true};
    db.replicate.to(remoteCouch, opts, syncError);
    db.replicate.from(remoteCouch, opts, syncError);
}

EDIT

Testuser is also not in /_config/admins

Testuser:

{
   "_id": "org.couchdb.user:testuser",
   "_rev": "1-7d28b3388a62cfca103cbe3642549bee",
   "password_scheme": "pbkdf2",
   "iterations": 10,
   "type": "user",
   "name": "testuser",
   "roles": [
       "testuser"
   ],
   "derived_key": "2181a44141d6d6aa2061bb2c5c057451acc6461e",
   "salt": "2184888b099f37605feca0a22e5b6bb9"
}

Answer 1

Is your CouchDB in admin party mode? If it's not, then only admins should be able to create databases, whether it's via Futon or PouchDB.

PouchDB isn't doing anything special; you can simulate what PouchDB is doing by using curl:

curl -X PUT http://someuser:somepassword@path.to.couchdb.com:5984/somedatabase

Are you sure your testuser isn't an admin? If the user that you give to PouchDB is an admin, then yes, users will be able to create their own databases.

More info on authentication can be found here: https://github.com/nolanlawson/pouchdb-authentication#couchdb-authentication-recipes