Replication
The security subsystem excludes the authorization data from the replication between enterprise and domain tiers. The large number of objects holding the permission data makes them unsuitable for replication. Instead the security will be “reset” for an object that is moved from one database to another.
cla140
The security subsystem excludes the authorization data from the replication between enterprise and domain tiers. The large number of objects holding the permission data makes them unsuitable for replication. Instead the security will be “reset” for an object that is moved from one database to another.
That means that the permissions (object and area permissions) will be re-calculated as soon as a replicated secured object is created. This is valid for upward and downward replication. For example, replication of Area Definitions is not needed.
- Pre-Conditions
- A query is created on enterprise level by a user X.
- User X has only access to areas 1 and 2.
- User X is also known on the domain tier and has only access to area 5.
- ActionA query is replicated downward.
- Post-Conditions
- A query is created at domain tier.
- The area permission is set as defined by the creation user, in this case, for the user X.
- User X on domain tier will not see the query because the user has no area permissions on area 1 and 2.