Cloudant, CouchDB and BigCouch all recommend creation of user specific databases as a way to implement document level access control. i.e. AliceDB will have only documents that Alice can read, BobDB will have only Bob's docs and so on.
Implementing this pattern require programmatic creation and deletion of databases. There are DB REST APIs for these, but these APIs require the caller to have serveradmin privileges. I have many other unrelated databases on the same cluster and I am concerned about handing out a userid with serveradmin privileges. (What if the client code accidentally delete my other databases?!!)
What are people doing to get around this problem? I couldn't find anything on Cloudant, CouchDB or BigCouch documentation.
There are a few potential options available to you:
couch_peruser configuration option that may be helpful.couch_peruser. This would involve creating a program which has permission to create new database and assign permissions accordingly.