[ubertaco]

So, you've built a CLI client and an HTTP API server that wraps around SQLite.

How does this actually work in the real world, though? Like, if I run an ayb node somewhere, do I then share out individual tables (or slices of tables, or views) to other apps in an OAuth kind of way? How does that happen? What's the permissions/ACL model, and how do you keep that from getting too confusing for the average person? And even if you can tackle the connectivity and auth problems, how can the "requesting" app know what schema to expect?

And while we're on the subject of the "difficulty floor" here, what makes your CLI wrapper that accepts SQL (or your HTTP API that accepts SQL) any easier for average users to consume than just installing SQLite themselves and running the exact same SQL? It seems like you're trying to target average users in terms of your ambitions, but your approach to get there is _extremely_ developer-oriented, which is one step _beyond_ "power user".

(I ask these questions not because I think you have a stupid idea, but because I'm hoping to learn that you have good answers for them -- I really want to see a world where users own their data and just "permit"/"deny" access to it, rather than having third parties own data about users)

[marcua]

(Hi there! Surprised author here---I hadn't realized this made its way to the front page)

I love your questions because they get to the heart of how to make this stuff easier for more people, and in transparency, I only have some of the answers! :)

> What's the permissions/ACL model, and how do you keep that from getting too confusing for the average person? (You asked a lot more here, but I think this is the root of this question) The admittedly naive permissions/ACL model I'm envisioning/speccing now is at the database level, similar to GitHub at the repository level. If you create a database, you can add read/write and read-only collaborators, one of which is `public`/`world`, which would make the database accessible to unauthenticated users.

Your questions around table slices/views are excellent, and in the model I'm proposing, ayb won't be able to help. The model I'm proposing will be good enough for "here's my dataset, and you can build on it" or "I spun up a project and have a private DB that my webapp is gating" but not "I want user X to have access to row Y." Row-based auth would thus be pushed into the application layer, which seems to come with the territory with SQLite as best I can tell. To contrast, something like Supabase is able to provide both a database and row-based auth because Postgres provides better support natively, and Supabase then made it easy to add common auth providers.

> what makes your CLI wrapper that accepts SQL (or your HTTP API that accepts SQL) any easier for average users to consume than just installing SQLite themselves and running the exact same SQL If the goal is to write/learn SQL, I agree that ayb offers nothing on top of SQLite. As SQLite is the database and ayb is the database management system, the things ayb makes simpler are on the "management system" side --- without ayb, it's hard to create a new one, it's hard to control access, and it's hard to access one from a web application. You're right that by that definition, it's more developer-friendly than power user-friendly, and I hope we can do better with future iterations.

[ubertaco]

Thanks for the candid answers -- sounds like this hit HN a bit earlier than you would've planned, which I realize can create a weird awkward tension between planned goals and current state and HNers' expectations.

I think it's cool that you're trying to tackle adding simplicity to managing a multi-user (if not actually multi-tenant, given the lack of row-level permissions management) SQL DB. My suggestion then would be to refine your pitch so that it matches your project a bit better -- that way you avoid the problem of people disappointed to find it doesn't do something they expected (but which it was never trying to do).