Grant Upload Permissions

Owned by H.-Dieter Böhlau
Last updated: Apr 26, 2019 by Edwin Gamboa
2 min read

Do the following steps to authorize a user uploading into one or more stores.



1. Connect to Coredatastore UI

  • Connect to the host via ssh; make sure your ssh client has port-forwarding enabled from a local port of your choice to the exposed port of the cordatastore container.
  • Lets say your local port is 5985; within your local browser open http://localhost:5985/_utils
  • Login as admin.


2. Manage Permissions

User permissions are based on a) group memberships and b) acls (access control lists)

  1. Groups refer to 0..n users.
  2. ACLs
    1. refer to 0..n groups.
    2. point to 1 store.


Add Group Membership

Open the groups database, select a group document OR create a new one.

The structure of a group document:

{
   "_id": "sandbox.developers",
   "displayName": "sandbox developers",
   "docType": "group",
   "users": [
       "1",
       "23"
   ]
}

To add or remove a user to/from a group, simply add or remove the users name from the users array.


Properties:

  1. doc._id = "" //ID of the group; provide a talking name, that describes what the group is made for
    We recommend the pattern "<store>.<role>", because groups are the foundation for acls. 
    * store = the store, the group is made for.
    * role = the role, the group members will have within this store.

  2. doc.displayName //will be used within the ui (comes later (wink))
  3. doc.users //array of user-names (name -property of user documents)




Manage ACLs for a store

To grant upload permissions for one or more stores, the related acl documents for each of the stores need to be existing.

Open the acls database, select a group document OR create a new one.

The structure of a group document:

{
   "_id": "sandbox",
   "displayName": "sandbox acl",
   "docType": "acl",
   "store": "sandbox",
   "permissions": {
       "sandbox.developers": {
           "upload": true
       }
   }
}

To add or remove a group to/from a acl, simply add or remove the group-id from the permissions object.


Properties:

  1. doc._id = "" //id of the acl document
    We recommend to named it like the store, the acls points to. 

  2. doc.displayName //will be used within the ui (comes later (wink))
  3. doc.store //name of the store, the acls points to
  4. doc.permissions //object with permission (currently only 'upload' is supported)