I am already excited about document databases and especially about CouchDB\'s simplicity. But I have a hard time understanding if such databases are a viable option for multi us
There was a discussion on the mailing list awhile back that fits this question fairly well. The rule of thumb was to only store data in a document that is likely to change vs. grow. If the data is more likely to grow then you most likely want to store separate docs.
So in the case of a multi-user system one way of implementing ACL based permissions could be to create 'permission docs' that would be a mapping of user_id to doc_id with the appropriate permission indicated.
{
_id: "permission_doc_1",
type: "acl",
user: "John",
docid: "John's Account Info",
read: true,
write: true
}
And your views would be something along the lines of
function(doc)
{
emit([doc.user, doc.docid], {"read": doc.read, "write": doc.write});
}
And given a docid and userid, checking for permissions would be:
http://localhost:5984/db/_view/permissions/all?key=["John", "John's Account Info"]
Obviously, this would require having some intermediary between the client and couch to make sure permissions were enforced.