Security
Security is configured at all locations in the replication stream.
On clusters
You can replicate between clusters that are all secure.
At source tables
The -replperm
parameter lets you specify an access
control expression (ACE) to declare who has permission to replicate
data from a table. This parameter is available in the maprcli
table create
and maprcli table edit
commands.
Across a network
You can send data encrypted or unencrypted when replicating
between secure clusters by using the
-networkencryption
parameter when adding a replica to
a source table.
At gateways
Gateways ensure that replicas receive updates only from source tables that are designated as upstream sources.
Moreover, gateways handle authentication with secure destination clusters.
At replicas
Because of the several upstream security checks, no parameters are needed for setting ACEs to
declare who has permission to update a replica through a replication stream. However, before
replication begins, replicas can be loaded with a snapshot of the data in corresponding source
tables. Permission to perform such a load is controlled by the ACE that you set in the
-bulkLoad
parameter for a replica. You can set the ACE with either the
maprcli table create
or maprcli table edit
command.
All other ACEs defined for a replica still apply for local updates and reads.