Please use the form below to provide your feedback. Because your feedback is valuable to us, the information you submit in this form is recorded in our issue tracking system (JIRA), which is publicly available. You can track the status of your feedback using the ticket number displayed in the dialog once you submit the form.

Add Security with Channels

      +
      Channels and their part in data routing and access control for secure cloud-to-edge enterprise data synchronization.

      Concept

      Channels make it easy to share a database’s documents across a large user base while retaining effective access control. They serve as a security conduit between the document and a user:

      Access Control using Channels
      Figure 1. Channels in Access Control

      Conceptually, the channel can be considered as a tag associated with a document. Every document processed by the App Service is assigned to a channel.

      Overview

      Every document in the database is assigned a list of channels it is distributed to. Every user (or role) is granted access to a list of channels. This dual-purpose is reflected in the way you use channels:

      • By granting a user access to a channel, you are imposing access control.

      • By assigning a document to a channel you are imposing document routing.

      You typically will use channels to:

      • Control who can access what

      • Partition your dataset

      • Enable users to access just the documents they need.

      • Minimize the amount of data synced to mobile devices.

      An App Service supports two types of channel:

      Admin Channels

      Admin channels are assigned statically. Admin channels can be set up through the Capella UI from the App Endpoint Security  App Users  Create App User page:

      Creating a channel from the user screen
      Figure 2. Creating a new channel for a user

      Admin channels can also be created through the REST Admin API by calling /{db}/_user/ endpoint, including a section in the JSON message to create the channels:

      {
  "name": "string",
  "password": "string",
  "admin_channels": [    (1)
    "string"
  ],
  "admin_roles": [
    "string"
  ],
  "email": "string",
  "disabled": false
}
      1 Place channels in the admin_channels section.

      The channels can also be updated through a call to update the user: /{db}/_user/{username}

      Other Channels

      Non-admin channels can be assigned dynamically through the App Endpoint Security  Access and Validation function:

      Assigning document to channel with Javascript access control function
      Figure 3. Assigning document to channel through Access Control/JavaScript

      These channels are created and allocated dynamically as documents are created and modified. Once a channel is allocated to an App User, it will be displayed under "Other Channels".

      Further Reading

      Channels