I just stumbled across CouchDB and PouchDB sync features. Typically web applications have an application server implementing authentication, rights and business logic allowing to limit users access to specific resources/records. This brought up several questions in my mind:
Is it possible to limit access to records within couch db. Eg. a super-admin sees everything, a department-manager everything of his department and a simple user only his own records or eg tasks assigned to him?
Nope. You can't do this with a single DB and using only CouchDB. But there are a few ways you can realize this, for instance:
More info here: https://wiki.apache.org/couchdb/PerDocumentAuthorization
Is it possible to limit access to records within couch db. Eg. an super-admin sees everything, a department-manager everything of his department and a simple user only his own records or eg tasks assigned to him?
Off-the-shelf security policies are very basic, but you can do a lot of things with advanced features.
What you want to do could be done simply with a show
function that would generate a different output depending on req.userCtx
.
In different settings (authorization based on user/method/URI, with or without third party authentication), because CouchDB is fully REST compliant, you can also use an HTTP reverse proxy for security related features.
Is CouchDB + PouchDB have the ability to only to partial syncs. eg sync all tasks I'm responsible for?
In CouchDB, this is called "filtered replications" .
Seems anyhow weird me since the user DB gonna be accessible from everyone as far as it seems to me.
Of course not. In normal mode (not "admin party"), other users have only access to "public" attributes, and, of course, only the user herself can update her user document (see documentation ).
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.