Replication documents can have a custom
user_ctx property. This property defines the
user context under which a replication runs. For the old way of
triggering replications (POSTing to
/_replicate/), this property was not needed
(it didn't exist in fact) - this is because at the moment of
triggering the replication it has information about the
authenticated user. With the replicator database, since it's a
regular database, the information about the authenticated user
is only present at the moment the replication document is
written to the database - the replicator database implementation
is like a _changes feed consumer (with
?include_docs=true) that reacts to what was
written to the replicator database - in fact this feature could
be implemented with an external script/program. This
implementation detail implies that for non admin users, a
user_ctx property, containing the user's name
and a subset of his/her roles, must be defined in the
replication document. This is ensured by the document update
validation function present in the default design document of
the replicator database. This validation function also ensure
that a non admin user can set a user name property in the
user_ctx property that doesn't match his/her
own name (same principle applies for the roles).
For admins, the user_ctx property is
optional, and if it's missing it defaults to a user context with
name null and an empty list of roles - this mean design
documents will not be written to local targets. If writing
design documents to local targets is desired, the a user context
with the roles _admin must be set explicitly.
Also, for admins the user_ctx property can be
used to trigger a replication on behalf of another user. This is
the user context that will be passed to local target database
document validation functions.
The user_ctx property only has effect for
local endpoints.
Example delegated replication document:
{
"_id": "my_rep",
"source": "http://bserver.com:5984/foo",
"target": "bar",
"continuous": true,
"user_ctx": {
"name": "joe",
"roles": ["erlanger", "researcher"]
}
}
As stated before, for admins the user_ctx property is optional,
while for regular (non admin) users it's mandatory. When the
roles property of user_ctx is missing, it
defaults to the empty list [ ].