Hi,
On Thursday, 21 June 2012 at 01:57, Pulkit Singhal wrote: > Right, so what I'm saying is that the replicator client is being run with > the creds of a super-duper-admin who inherently has _admin privileges. > > When the same code is run against a DB without any reader roles, everything > works out. But when it is run against a DB with a reader role, it fails. > > I'm hoping that someone will clarify the security constraints around how > replication behaves with db level security in 1.2.0 > > I think the problem is that the request to the origin DB needs to be authenticated, because you have the readers set up. You need to authorise the read request, and the fact that the replication was created on the destination as _admin means nothing (that would be a massive security hole - if I could read from anyones database just because I was an admin of my own). Sounds like you need to include a username/password in the source URL that has the reader role: curl -X POST 'http://localhost:5984/_replicate' -d '{"target":"my_database", "source":"http://username:password@remotehost:5984/some_other_database"}' HTH Simon
