Clarified default behavior of authorization to databases (#657)

* clarified default behavior of authorization to databases Co-authored-by: Joan Touzet <wohali@users.noreply.github.com>
apache · Jul 22, 2021 · db2496b6a4e252a210cba18349ccd6c7344effb5 · db2496b
1 parent eb451b3
commit db2496b6a4e252a210cba18349ccd6c7344effb5
Showing 1 changed file with 6 additions and 3 deletions.
diff --git a/src/api/database/security.rst b/src/api/database/security.rst
@@ -49,10 +49,13 @@
     has no admins or members.
 
     Having no admins, only server admins (with the reserved ``_admin`` role)
-    are able to update design document and make other admin level changes.
+    are able to update design documents and make other admin level changes.
 
-    Having no members, any user can write regular documents (any non-design
-    document) and read documents from the database.
+    Having no members or roles, any user can write regular documents (any
+    non-design document) and read documents from the database.
+
+    Since CouchDB 3.x newly created databases have by default the _admin role
+    to prevent unintentional access.
 
     If there are any member names or roles defined for a database, then only
     authenticated users having a matching name or role are allowed to read