I’m currently using a containerized instance of the SG version 3.1.2.
While setting up the bootstrap and some database, i figured out that I cannot add “username” and “password” via Admin REST API call.
I suppose that the user who bootstraps the connection to the server is also the user that connects to the buckets defined in the SG databases, isn’t it?
If so, what is the way to handle the access to different buckets by different users?
In old SG version 2.8.3, it was possible to specify for each database the user who had the permissions to access the bucket.
It’s possible to define per-bucket credentials in your bootstrap configuration:
Is there a way to avoid the SG restart, everytime that I add a new bucket and a new user to access it?
No. Database configuration changes made at runtime are stored in the backing bucket, and we don’t want those to include credential information. The more common approach is to have a single Sync Gateway bootstrap user that’s granted access to all buckets as needed. Is there an aspect of your use case that makes a single SG bootstrap user not feasible?
In a production environment we have different applications accessing and storing data.
There are multiple buckets and different users to access each of them.
In the bootstrap configuration I’m using the Administrator user, to access the server and I guess that the Administrator is used to access all of them.
Is this a possible security issue?
I wanted to know how to configure the different users to access the own bucket, but I don’t see an advantage on modify and restart the SG everytime.