My team is investigating a migration to from Elastic Search(inherited from legacy) to Couchbase as our primary data store. The team is having trouble warping our heads around a few things but the one sticking point that consistently holds us back is how to do separation of domain on documents in CouchBase.
We are in a micro service architecture and would like to effectively have a service own a document and not let other services touch that document. This is for the sake of good separation of domain as well as a fear of someone writing a bad query and affecting data outside of the services domain. In a relational database you could accomplish this with new Databases but it doesn’t look like it would be a good idea to spin up bucket after bucket in CouchBase to mirror this.
One solution that we have started to explore is to use sync gateway for all queries and set users permissions on each document. Something is rubbing me the wrong way about this approach though. It feels weird to put the extra overhead on sync gateway just to enforce separation of domains. It also feels like it could get complicated to manage over time.
Has anyone else run into this issue? Of course, we could be over worried but it seems like a legitimate concern on the face of it.