Versions Compared

Old Version 7

changes.mady.by.user Ephraim Muhia

Saved on

compared with

New Version 8

changes.mady.by.user Ephraim Muhia

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

  1. Create a new Admin user

      For example, creating a system admin with "adminrootuser" as the username and "adminpass" as the password.

    No Format
    > HOST="http://127.0.0.1:5984"

> curl -X PUT $HOST/_config/admins/adminrootuser -d '"adminpass"'
""

    System admin is allowed to do anything to a CouchDB installation.

  2. Confirm that the new system admin has been created successfully

     Without credentials

    No Format
    > curl -X PUT $HOST/yourdatabase
{"error":"unauthorized","reason":"You are not a server admin."}

     With credentials

    No Format
    > HOST="http://annarootuser:secret@127adminpass@127.0.0.1:5984"
> curl -X PUT $HOST/yourdatabase
{"ok":true}

  3. Create a new database user

     For example, creating a user "test" with password "pass1"

    No Format
    curl -X PUT http://localhost:5984/_users/org.couchdb.user:jan \
     -H "Accept: application/json" \
     -H "Content-Type: application/json" \
     -d '{"name": "test", "password": "pass1", "roles": [], "type": "user"}'

    NB: Passwords for existing databases can be changed.

  4. Check where the new database user exists

     Request

    No Format
    curl -X POST http://localhost:5984/_session -d 'name=test&password=pass1'

      Correct Response

    No Format
    {"ok":true,"name":"test","roles":[]}

  5. Assign the new user to your database (Authorization)
     This is done by creating authorization rules. These rules are set up by a server admin and can be modified at any time.

     For Example, assigning yourdatabase "test" admin and member privilege

    No Format
    > curl -X PUT http://localhost:5984/yourdatabase/_security \
     -u adminrootuser:adminpass \
     -H "Content-Type: application/json" \
     -d '{"admins": { "names": ["test"], "roles": [] }, "members": { "names": ["test"], "roles": [] } }'

    → If both the names and roles fields of either the admins or members properties are emptyarrays, it means the database has no admins or members.

    → Having no admins, onlyserver admins (with the reserved _admin role) are able to update design document and make other admin level changes.

    → Having no members, any user can write regular documents (any non-design document) and read documents from the database.

    → If there are any member names or roles defined for a database, then only authenticated users having a matching name or role are allowed to read documents from the database.

    → For complex scenarios, use roles i.e. update database users to have roles and assign these roles to your database.

  6. Confirm that authorization rules have been updated

      Request

    No Format
    curl -X GET -u test:pass1 http://localhost:5984/yourdatabase/_security

      Correct Response

    No Format
    {"admins":{"names":["test"],"roles":[]},"members":{"names":["test"],"roles":[]}}

  7. In opensrp-client update AllConstants.CloudantSync.class

    Code Block
    languagejava
    public static class CloudantSync {
   ...
    public static final String COUCH_DATABASE_NAME = "yourdatabase";
    public static final String COUCH_DATABASE_USER = "test";
    public static final String COUCH_DATABASE_PASS = "pass1";
}

    NB: Committing this file after adding your credentials will be a big security risk since the database can be accessed on the browser the the port is open.

  8. Test your application (smile)

...