Reputation: 85
CouchDB read/write restrictions on _users database
I would like to restrict the user permissions so that a normal user is only able to read/write its own user document.
I managed to set the write permissions such that a user can only edit their own document (via the validate_doc_update function in the design document).
Now I only have to limit a user from viewing the user list or other user documents. If I set the database read permissions to the '_admin' role, then the user will not be able to view their own document, which it's not what I intend.
Can this be done in a more general way? I.e. to set read permissions such that a user is able to read only some specific documents in the database?
Upvotes: 4
Views: 987
Answers (2)
Reputation: 3901
In CouchDB creating a new database is cheap and it was designed to keep the data as close as possible to the user who needs it. So the suggested approach is to have one database for each user.
Upvotes: 0
Reputation: 28429
Unfortunately, per-document read control is not possible.
However, if you use a list function you can perform a "post-query filter" that limits the results of a view query based on the current session user. (via the userCtx parameter)
Upvotes: 1
Related Questions
- Create a Read-only and Write-only user in Couchdb 2.1 Cluster
- CouchDB read restriction
- How to disable read permission on couchdb database
- CouchDB-wide read-only access rights
- How to ease CouchDB read/write restrictions on _users database
- Advanced permissions with couchdb
- Restrict user access to some docs in CouchDB
- How to create a users database in a couchapp with per user database security model? (per document read access)
- How do I limit a CouchApp's access to CouchDB's `_user` table?
- CouchDB - prevent unauthorized reads