Please use the form below to provide your feedback. Because your feedback is valuable to us, the information you submit in this form is recorded in our issue tracking system (JIRA), which is publicly available. You can track the status of your feedback using the ticket number displayed in the dialog once you submit the form.

How to Verify Access

    How to verify Sync Gateway access to data in cloud-to-edge enterprise data synchronization.

    Related topics: Create Role | Create User | Add Role to User | Allow Access | Verify Access | Write Access

    Related Concepts

    Access control Model

    Purpose

    Use the Admin REST API to see the:

    • Channels a user has access to

    • Channels a role has access to

    • Channels a document is assigned to

    Context

    The all_channels property of a user account determines the channels a user can access. Its value is derived from the union of:

    • The user’s admin_channels property, which is set using the Admin REST API.

    • The channels the user has been granted access to by access() calls from sync functions invoked for current revisions of documents.

    • The all_channels properties of any roles the user belongs to. These are themselves computed using the above rules.

    Process

    • Users

    • Roles

    • Document

    Send a get request to the /{db}/_user/{name} endpoint

    curl http://localhost:4985/db/_user/pupshaw

    The output shows that the user pupshaw has access to the following channels:

    1 all through its own admin_channels setting for the default collection.
    2 collectionAChannel through its own admin_channels setting for the collection collectionA.
    3 hoopy through the froods role’s admin_channels setting in the default collection. 
    {
    "admin_channels": [
        "all" (1)
    ],
    "collection_access": {
        "scopeA": {
	    "collectionA": {
		"admin_channels": [
		    "collectionAChannel" (2)
		],
		"all_channels": [
		    "collectionAChannel"
		]
	    }
	}
    },
    "admin_roles": [
        "froods"
    ],
    "all_channels": [
        "all",
        "hoopy" (3)
    ],
    "name": "pupshaw",
    "roles": [
        "froods"
    ]
}

    Send a get request to the /{db}/_role/{name} endpoint

    curl http://localhost:4985/db/_role/frood

    The output shows that the role froods has access to the following channels:

    1 hoopy through its role’s admin_channels setting for the default collection.
    2 collectionA through its role’s admin_channels setting for the collection collectionA. 
    {
    "name": "froods",
    "collection_access": {
        "scopeA": {
	    "collectionA": {
		"admin_channels": [
		    "collectionAChannel" (1)
		],
		"all_channels": [
		    "collectionAChannel"
		]
	    }
	}
    },
    "admin_channels": [
        "hoopy" (2)
    ],
    "admin_roles": [
        "froods"
    ],
    "all_channels": [
        "hoopy" (3)
    ]
}

    Send a get request to the /{keyspace}/_alldocs endpoint

    curl http://localhost:4985/ourdb/_all_docs?channels=true&keys=[ourdoc]" -H "accept: application/json"
    1 The output shows that the document ourdoc is assigned to the channels: all and hoopy
    That assignment to hoopy is what makes it available to our froods role and therefore to our user pupshaw.    		 
    {
  "id": "ourdoc",
  "key": "ourdoc",
  "value": {
      "channels": [ (1)
          "short",
          "hoopy"
      ],
      "rev": "1-86effb929acbf953905dd0e3974f6051"
  }
}

    Related Content

    Learn more …​
    Reference material …​
    Community

    Mobile Forum | Blog | Blog (Mobile) | Tutorials

    Sync Function Blogs