You do not have permission to delete messages in this group
Copy link
Report message
Show original message
Either email addresses are anonymous for this group or you need the view member email addresses permission to view the original message
to us...@couchdb.apache.org
In terms of authorization, does anyone know of any documentation or
guidance out there for users / developers?
I have my authentication setup and working fine, but I am looking for best
practices around database authorization. Basics, e.g. implementing least
privilege model, restrict access per document and/or document attachment,
is it good practice to build out one view per access profile/role? Best
Practices <https://docs.couchdb.org/en/stable/best-practices/index.html>
does not appear to address authorization concepts. All I can find is below.
To protect who can read and update documents, CouchDB has a simple reader
access and update validation model that can be extended to implement custom
security models.
Each database on a CouchDB server can contain its own set of authorization
rules that specify which users are allowed to read and write documents
members, who are allowed to read all documents and create and modify any
document
It is possible to use a modest amount of encryption and one-way functions
to obscure the sensitive columns or key-value pairs, a technique often
called a translucent database.