We have a RavenDB server with a Master-Slave setup. There is one master DB where documents get written to via one process, which are then replicated to the slaves.
The slaves are accessed via a web application, but we would like to make all replicated documents read-only.
When looking for security options, we find it at DB level and at Document level (using Authorization bundle). The first makes the entire DB read-only which should not be the case. The second is too convoluted and is for more fine-grained security which we don't need.
We were hoping that the web application could connect to RavenDB with certain credentials context (not the application users, but the system user which the website runs as), where certain collections would then be read-only for that identity. This is perfectly possible in SQL Server for example.
Any alternative solutions such as replicating documents as read-only are also appreciated. Our current best idea is to have put triggers on the server which make the required documents read-only on slave databases.