Access control list collisions
An ACL collision occurs when these events occur in the order shown:
- Different changes are made to the ACL for a given object on each of two systems in a replication link.
- The changed ACL on one of the systems is replicated to the other system.
An ACL is treated as a single unit. If a collision occurs when a changed ACL for a given object is replicated from one system (system A) in a replication link to another system (system B) in the link:
- If the last change to the ACL on system A is more recent than the last change to the ACL on system B, HCP changes the ACL on system B to match the changed ACL on system A
- If the last change to the ACL on system B is more recent than the last change to the ACL on system A, HCP does not change the ACL on system B
For example, suppose the ACL for a given object starts out with these grants on both system A and system B:
- All users: read
- User lgreen: write
- User mwhite: write, delete
The following list shows a sequence of events in which the ACL for the object is changed and the change is then replicated.
- On system B, a client changes the grants in the ACL to:
- All users: read
- User lgreen: write, delete
- User mwhite: write, delete, read ACL
- On system A, a client changes the grants in the ACL to:
- All users: read
- User mwhite: write
- User pdgrey: write
- The changed ACL on system A is replicated to system B. The resulting ACL for the object on system B contains these grants:
- All users: read
- User mwhite: write
- User pdgrey: write