I need a sanity check on a replication question.
We have a decent sized db that contains replicas on other servers. The db resides on MASTER server where all updates are made, and changes are replicated to a HUB server (HUB does a pull); further, HUB pushes the changes down to a few dozen SPOKE servers (SPOKE1, SPOKE2, etc).
A small subset of docs (let’s call them widget docs) have a readers field which has the [readall] and [widget] roles. In the ACL of the db on MASTER and HUB, each respective server has Manager access to its own replica and has these two roles.
Our security model dictates that these widget docs do NOT replicate from the HUB server down to the SPOKE servers. Therefore, the ACL on each SPOKE server lists the server name in the ACL but without the [readall] or the [widget] role.
Now, we are allowed to selectively allow SPOKE1 server to get a handful of widget docs, and SPOKE2 server to get another handful of widget docs, etc.
I believe the way to address this is to add an action button to this db (hidden to non-admins via the [admin] role), coded to allow us to modify the readers field on the selected widget docs, that would add the servername (SPOKE1 for example) to the readers field.
SO, will this model then allow these widget docs to replicate to the designated SPOKE server?