I'm thinking of writing a CouchDB-backed application that will store sensitive data. Is it possible to set things up so that I can get something like MySQL's and PostgreSQL's access control, where particular users on the system (users in the sense of Unix system users) can be denied or granted access to a particular CouchDB database?
Absolutely, you can set up users in the _users
database. You can assign roles, groups, as well as any other custom fields for each user. In the validate_doc_update
function in your design document(s), you can check user roles and approve or deny access based on that. You can also globally assign users as "readers" and "writers". You can authenticate users via Basic HTTP Authentication, OAuth and a variety of other methods.
Refer to the Security Features Overview and Document Update Validation pages on the wiki to get started.
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With