How to Verify Access

      +

      How to verify Sync Gateway access to data in cloud-to-edge enterprise data synchronization.

      Related topics: Create Role | Create User | Add Role to User | Allow Access | Verify Access | Write Access

      Related Concepts

      Access control Model

      Purpose

      Use the Admin REST API to see the:

      • Channels a user has access to

      • Channels a role has access to

      • Channels a document is assigned to

      Context

      The all_channels property of a user account determines the channels a user can access. Its value is derived from the union of:

      • The user’s admin_channels property, which is set using the Admin REST API.

      • The channels the user has been granted access to by access() calls from sync functions invoked for current revisions of documents.

      • The all_channels properties of any roles the user belongs to. These are themselves computed using the above rules.

      Process

      • Users

      • Roles

      • Document

      Send a get request to the /{tkn-db}/_user/{name} endpoint

      curl http://localhost:4985/db/_user/pupshaw

      The output shows that the user pupshaw has access to the following channels:

      1 all through its own admin_channels setting
      2 hoopy through the froods role’s admin_channels setting
      {
          "admin_channels": [
              "all" (1)
          ],
          "admin_roles": [
              "froods"
          ],
          "all_channels": [
              "all",
              "hoopy" (2)
          ],
          "name": "pupshaw",
          "roles": [
              "froods"
          ]
      }

      Send a get request to the /{tkn-db}/_role/ endpoint

      curl http://localhost:4985/db/_role/frood

      The output shows that the role froods has access to the following channels:

      1 hoopy through its role’s admin_channels setting
      {
          "name": "froods",
          "admin_channels": [
              "hoopy" (1)
          ],
          "admin_roles": [
              "froods"
          ],
          "all_channels": [
              "hoopy" (2)
          ]
      }

      Send a get request to the /{tkn-db}/_alldocs endpoint

      curl http://localhost:4985/ourdb/_all_docs?channels=true&keys=[ourdoc]" -H "accept: application/json"
      1 The output shows that the document ourdoc is assigned to the channels: all and hoopy
      That assignment to hoopy is what makes it available to our froods role and therefore to our user pupshaw.
      {
        "id": "ourdoc",
        "key": "ourdoc",
        "value": {
            "channels": [ (1)
                "short",
                "hoopy"
            ],
            "rev": "1-86effb929acbf953905dd0e3974f6051"
        }
      }