Sorry for this rather yes/no question, but I haven't found the document that would clarify it, or I must have missed it here. Is it standard behaviour that you can simply create a new user entry to a couchDB (without being an admin user) in the following way:
curl -X PUT http://localhost:5984/_users/org.couchdb.user:jan \
-H "Accept: application/json" \
-H "Content-Type: application/json" \
-d '{"name": "jan", "password": "apple", "roles": [], "type": "user"}'
I just tried it. It does work and create a new user. I was unsure wether this is intended or not (a server admin exists, so it's no admin-party). Can this behaviour be limited/configured, to prevent unwanted mass-signups?