HCP Tenant Management Help


Access control list collisions

Object ACLs cannot be changed through the HSwift API but collisions can still occur. An ACL collision occurs when these events occur in the order shown:

1.Different changes are made to the ACL for a given object on each of two systems in a replication topology (on interfaces that support object ACLs).

2.The changed ACL on one of the systems is replicated to the other system.

An ACL is treated as a single unit. If a collision occurs when a changed ACL for a given object is replicated from one system (system A) in a replication topology to another system (system B) in the topology:

If the last change to the ACL on system A is more recent than the last change to the ACL on system B, HCP changes the ACL on system B to match the changed ACL on system A.

If the last change to the ACL on system B is more recent than the last change to the ACL on system A, HCP does not change the ACL on system B.

For example, suppose the ACL for a given object starts out with these grants on both system A and system B:

All users: read
User lgreen: write
User mwhite: write, delete

The table below shows a sequence of events in which the ACL for the object is changed and the change is then replicated.

Name Description
1

On system B, a client changes the permissions in the ACL to:

All users: read
User lgreen: write, delete
User mwhite: write, delete, read ACL

2

On system A, a client changes the permissions in the ACL to:

All users: read
User mwhite: write
User pdgrey: write

3

The changed ACL on system A is replicated to system B. The resulting ACL for the object on system B contains these permissions:

All users: read
User mwhite: write
User pdgrey: write

© 2015, 2019 Hitachi Vantara Corporation. All rights reserved.