Hi Mike, just picking out this one snippet: > On Feb 27, 2019, at 12:16 PM, Michael Fair <mich...@daclubhouse.net> wrote: > > If I get a replica of a database from your server, what, if anything, > prevents me from granting myself access controls to the entire database?
Replication is a client of the API like everyone else and cannot bypass the access controls on the source. You can only create a replication which has at most access to all the documents in the database that you can access yourself; i.e. a replication of a database with per-doc access controls enabled may only transfer a subset of the documents in the database. There are certainly a bunch of interesting challenges around providing identities that are meaningful across multiple servers in different domains, and I think that’s worth digging into, but I wanted to avoid anyone thinking that replication could trivially defeat the per-doc _access controls that Jan has been working on here. Cheers, Adam