Security and Replication

Security is configured at all locations in the replication stream.

On clusters

You can replicate between clusters that are all secure. See Configuring Gateways for Table Replication on Secure Clusters for more information about replication between secure clusters.

At source tables

The -replperm parameter lets you specify an access control expression (ACE) to declare who has permission to replicate data from a table. This parameter is available in the maprcli table create and maprcli table edit commands.

Across a network

You can send data encrypted or unencrypted when replicating between secure clusters by using the -networkencryption parameter when adding a replica to a source table.

At gateways

Gateways ensure that replicas receive updates only from source tables that are designated as upstream sources.

Moreover, gateways handle authentication with secure destination clusters.

At replicas

Because of the several upstream security checks, no parameters are needed for setting ACEs to declare who has permission to update a replica through a replication stream. However, before replication begins, replicas can be loaded with a snapshot of the data in corresponding source tables. Permission to perform such a load is controlled by the ACE that you set in the -bulkLoad parameter for a replica. You can set the ACE with either the maprcli table create or maprcli table edit command.

All other ACEs defined for a replica still apply for local updates and reads.