0

Is there anyway to have a Role Based Access Control user management mechanism for a javascript app that uses couchDb as the database backend? According to what I have been looking into, when it comes to security all the talks are about setting up different users for the couchDb instance itself, rather than having user and role information inside one database that belongs to a specific application.

In addition, I would like to know how does authentication and role-based authorization work if you have per-app, in-database user & role information? Is there a token-based authentication way or what?

Community
  • 1
  • 1
Behrooz
  • 1,895
  • 4
  • 31
  • 47

1 Answers1

1

In CouchDB, the only "read" access control is at the database level. If you need role or user based access to subsets of data, then you need to replicate filtered subsets to a database for each role or user you want to grant access to.

On the other hand, write access control can be implemented with validation functions.

Ben
  • 34,935
  • 6
  • 74
  • 113