Data Access Management in ComposeDB

I’m trying to implement access management in ComposeDB where I want users to be able to write to certain documents, but not all of them. To give an example, I want user A & B to have write access to a document, but not C. I also want to A & C to have write access to a document which user B can only read. How would I setup this using ComposeDB? Can I use something with the resources: [] field when I initialize the javascript client?

Thanks!

1 Like

Every stream in Ceramic, and so every document in ComposeDB, have a single DID that is that stream’s controller. Only the controller is allowed to write to that stream/document. We do not currently support documents with shared ownership, where multiple people can write to the same document, though it is something we’d like to support in the future.

As for read access, all data in Ceramic/ComposeDB is public by default, though you can always manually encrypt data before putting it into ComposeDB. You’ll have to do the key management yourself, however, though some of our users have reported good experiences using Lit Protocol to handle the key management for them, but it would be up to you to evaluate if that solution works well for your needs.

2 Likes