Hi,I have few queries regarding the Enforce Consistent ACL setting and shall be highly glad if you notes geeks can revert back:
-
If I have three replicas of a database on server A, B and C, in which enforce consistent acl is enabled on all dbs and they are having Server D (on which the db does’nt exist) as the administrative server. Then will anybody be able to modify the acl of these databases ever ? If no, then how to handle such situations ?
-
If some user modifies the ACL of replica B, and initiates a replication…then he will get an error about inconsistent acl. But what if the Replication is initiated on server A (where the acl was not changed) and it pushes the changes to server B, will it work ? Ideally it should not, but to my surprise it has worked here. I shall be highly glad to have a response for both these queries.
Regards,
Amith Narera
Subject: Advanced Level Query: Enforce Consistent ACL
- If I have three replicas of a database on server A, B and C, in which enforce consistent acl is enabled on all dbs and they are having Server D (on which the db does’nt exist) as the administrative server. Then will anybody be able to modify the acl of these databases ever ? If no, then how to handle such situations ?
Server D maybe the Admin server, but this does NOT change the fact if someone has manager access to the Database they can change the ACL on any server that has the replica of the database.
Then answer to your question is; Yes, they will be able to modify the database’s ACL.
- If some user modifies the ACL of replica B, and initiates a replication…then he will get an error about inconsistent acl. But what if the Replication is initiated on server A (where the acl was not changed) and it pushes the changes to server B, will it work ? Ideally it should not, but to my surprise it has worked here. I shall be highly glad to have a response for both these queries.
OK, I’m not an admin so I have no real experience in this area - just my understanding from reading (which could be wrong because I haven’t applied it in a lot of cases.)
When it comes to replication - things will depend upon how you’ve set-up your ACL for the database. (If server B only has Editor access of course it cannot update Server A’s ACL).
Then there is the server replication heiraracy and how replication is done. Is it Pull / Pull? Push / Pull? What kind of structure are the servers setup? Hub and Spoke? Are these serial to each other?
I normally see if Server A, B and C are in the LocalDomainServers and ALL have Manager access to each other. Therefore anytime replication occurs changes in the ACL done on B will be passed back to A.
Looking at an area I can play with Local Replicas of a database on a server (with Enforce Consistent ACL set).
If I have a local replica of a database and I have Manager access, I can change the ACL locally.
If I make a change to the ACL locally and replicate the changes will appear on the server.
If I make a change on the Server to the ACL and replica, the changes will appear on my local version.
Subject: RE: Advanced Level Query: Enforce Consistent ACL
To the best of my knowledge, you’re right on spot again in explaining how enforce consistent ACL works.