Security and Replication
Describes how to replicate data between secure clusters.
Security is configured at all locations in the replication stream.
On clusters
You can replicate between clusters that are secure. See Configuring Secure Clusters for Cross-Cluster Mirroring and Replication for more information about replication between secure clusters.
At source tables
The -replperm
parameter lets you specify an Access Control Expression (ACE) to declare who has permission to replicate data from a table. This parameter is
available in the maprcli table create
and maprcli table
edit
commands.
Across a network
You can send data encrypted or unencrypted when replicating between secure clusters by
using the -networkencryption
parameter when adding a replica to a source
table.
At gateways
Gateways ensure that replicas receive updates only from source tables that are designated as upstream sources.
Moreover, gateways handle authentication with secure destination clusters.
At replicas
Due to several upstream security checks, no parameters are needed for setting
ACE to declare who has
permission to update a replica through a replication stream. However, before replication
begins, replicas can be loaded with a snapshot of the data in corresponding source tables.
Permission to perform such a load is controlled by the ACE that you set in the
-bulkloadperm
parameter for a replica. You can set the ACE with either the maprcli table
create
or the maprcli table edit
command.
All other ACE defined for a replica still apply for local updates and reads.