Access control list collisions

An access control list (ACL) collision occurs when these events occur in the order shown:

1.Different changes are made to the ACL for a given object on each of the two systems involved in a replication link.

2.The changed ACL on one of the systems is replicated to the other system.

An ACL is treated as a single unit. If a collision occurs when a changed ACL for a given object is replicated from one system (system A) involved in a replication link to the other system (system B) involved in the link:

If the last change to the ACL on system A is more recent than the last change to the ACL on system B, HCP changes the ACL on system B to match the changed ACL on system A

If the last change to the ACL on system B is more recent than the last change to the ACL on system A, HCP does not change the ACL on system B

For example, suppose the ACL for a given object starts out with these grants on both system A and system B:

All users: read
User lgreen: write
User mwhite: write, delete

The table below shows a sequence of events in which the ACL for the object is changed and the change is then replicated.

Sequence Event
1

On system B, a client changes the grants in the ACL to:

All users: read
User lgreen: write, delete
User mwhite: write, delete, read ACL

2

On system A, a client changes the grants in the ACL to:

All users: read
User mwhite: write
User pdgrey: write

3

The changed ACL on system A is replicated to system B. The resulting ACL for the object on system B contains these grants:

All users: read
User mwhite: write
User pdgrey: write

Trademarks and Legal Disclaimer

© 2017 Hitachi Data Systems Corporation. All rights reserved.