Access control list collisions

An ACL collision occurs when these events occur in the order shown:

1.Different changes are made to the ACL for a given object on each of two systems in a replication topology.

2.The changed ACL on one of the systems is replicated to the other system.

An ACL is treated as a single unit. If a collision occurs when a changed ACL for a given object is replicated from one system (system A) in a replication topology to another system (system B) in the topology:

If the last change to the ACL on system A is more recent than the last change to the ACL on system B, HCP changes the ACL on system B to match the changed ACL on system A

If the last change to the ACL on system B is more recent than the last change to the ACL on system A, HCP does not change the ACL on system B

For example, suppose the ACL for a given object starts out with these grants on both system A and system B:

All users: read
User lgreen: write
User mwhite: write, delete

The table below shows a sequence of events in which the ACL for the object is changed and the change is then replicated.

Sequence

Event

1

On system B, a client changes the grants in the ACL to:

All users: read
User lgreen: write, delete
User mwhite: write, delete, read ACL

2

On system A, a client changes the grants in the ACL to:

All users: read
User mwhite: write
User pdgrey: write

3

The changed ACL on system A is replicated to system B. The resulting ACL for the object on system B contains these grants:

All users: read
User mwhite: write
User pdgrey: write

© 2015, 2020 Hitachi Vantara LLC. All rights reserved.