I’ve asked this question several times on couchdb mailing lists, and never got an answer.

There are a number of things that couchdb is missing.

One of them is the document level security which would :

• allow only certain users to view a doc
• filter the documents indexed in a view on a user level permission base

I don’t think that there is a solution to the permission considerations with the current couchdb implementation.

One solution would be to use an external indexing tool like lucene, and tag your documents with user rights, then issue a lucene query with user right definition in order to get the docs. It also implies extra load on your server(s) (lucene requires a JVM) and an extra delay for the data to be available (lucene indexing time … )

As for the several databases solution, there are language framework implementations that simply don’t allow to use more then one databases ( for instance couch_potato for Ruby ).

Having several databases also means that you’ll have several replication processes if your databases are replicated.

Also, this means that the views will be updated for each of the database. In some cases this is better then have huge views indexed in a single database, but it also means that distinct users might not be up to date for a single source of information ( i.e some will have their views updated, other won’t). So you cannot guarantee that the data is consistent for all users.

So unless something is implemented in the couch core in order to manage document level authorizations, CouchDB does not seem appropriate for managing data with privacy constraints.