On Thu, Feb 11, 2010 at 08:32:49AM -0800, Chris Anderson wrote: > To be clear, I'm not suggesting this at all. > > It'd be more like (pardon my earlier accidental _underscores): > > { > "readers":{ > "names":["foo","bar"], > "roles":["baz", "_replicator", "doctor"] > }, > "admins":{ > "names":["jan","brian"], > "roles":["support", (_admin is an implied member)] > }, > "other_security_stuff":{...} > }
Oh I see. When you replicate, you give the credentials for the remote host, but perhaps the local side should pick up a _replicator role. (Or perhaps not, if it runs with the credentials of the user who started the replication) I can imagine "readers" splitting in future though: an indirect reader capability which can access _show/_list/_update but nothing else would be able to enforce controls at the document and view row level, since those points all have access to userCtx. Regards, Brian.