Currently, you can only secure the access to the HTTP client and admin port in a all-or-nothing fashion. The collection _users
contains all user and the SHA256 of their passwords. A user can be active or inactive. A typical document of this collection is
{ "_id" : "103022/1675886", "_rev" : 2147452, "active" : true, "user" : "admin", "password" : "8c6976e5b5410415bde908bd4dee15dfb167a9c873fc4bb8a81f6f2ab448a918" }