Security and Replication
Security is configured at all locations in the replication stream.
On clusters
You can replicate between clusters that are all secure. See Configuring Secure Clusters for Cross-Cluster Mirroring and Replication for more information about replication between secure clusters.
At source tables
The -replperm
parameter lets you specify an access control expression
(ACE) to declare who has permission to replicate data from a table. This parameter is
available in the maprcli table create
and maprcli table
edit
commands.
Across a network
You can send data encrypted or unencrypted when replicating between secure clusters by
using the -networkencryption
parameter when adding a replica to a source
table.
At gateways
Gateways ensure that replicas receive updates only from source tables that are designated as upstream sources.
Moreover, gateways handle authentication with secure destination clusters.
At replicas
Because of the several upstream security checks, no parameters are needed for setting ACEs
to declare who has permission to update a replica through a replication stream. However,
before replication begins, replicas can be loaded with a snapshot of the data in
corresponding source tables. Permission to perform such a load is controlled by the ACE that
you set in the -bulkloadperm
parameter for a replica. You can set the ACE
with either the maprcli table create
or maprcli table edit
command.
All other ACEs defined for a replica still apply for local updates and reads.