In my company, we use IBM Domino for more than a decade. We use it to build offline applications with replication support. It works well but we need to use the IBM Notes client to allow this feature and it doesn't work on mobile devices (except Windows laptop, of course).
I'm looking for other solutions to build offline-first and multi-support (web) applications. I think that CouchDB + PouchDB is the best solution. But to replace Domino, I have to replace the authorization feature.
Domino has many levels of rights in database ACL (Manager, Designer, Author, Writer, Reader,...). And for each document, we can add a reader and an author field which limit who can write and read document.
For example, we use Domino with our CRM, employee can read (and write) his customers and the customers of the employee who are lower him in the company hierarchy. He can also view customers in its geographical areas (no write).
To do this in Domino, we calculate (each night) a reader and an author field in every customer document. How can I achieve something like this in CouchDB? Is it possible?
I read about many possibilities:
What is the best solution to solve my issue above?
Apache CouchDB does not have per-document permissions. While you can use filtered replication to replicate only a subset of data, you should not rely on filtered replication as a form of access management. Currently, your only real viable option is to take the one-database-per user approach. You have a few options here:
couch_peruser configuration option in Apache CouchDB 2.0 which will create a database for every user created in the _users database and give that user permission to read and write to their own database.