The solidDB® advanced replication security model is based on the following principles:
▪There are two kinds of users: local users and master users.
▪A local user has access rights in the replica database.
▪A master user has access rights in the master database.
▪For a local user to be able to perform synchronization-related tasks, the local user must be mapped to a corresponding master user in the master database.
▪Master user’s access rights are used when executing a synchronization message in master database.
▪Both local users and master users exist in the replica database of an advanced replication system.
▪Local users can perform local database operations such as execute queries, create tables, or call stored procedures based on the access rights that are defined for them. For example, the administrator of the local database can perform any operations on the local database. However, a local user has no access to the synchronization-related statements such as SAVE sql_statement or MESSAGE statements. A local user must be mapped to a master user in order for that local user to be able to propagate transactions to the master.
▪Master users are users that are defined in the master database and have been downloaded to the replica database as part of the replica registration process. All synchronization operations require that a current master user is defined by mapping a local user ID to a master user ID.
Master user names and passwords are defined separately in the SYS_SYNC_USERS table (described in the following section) of each replica database, giving master users the rights to save transactions in tables in which they have authorization. User access is also verified in the master database during synchronization.
▪Both master and local users can have synchronization-specific roles, such as a role that allows replica registration or administrative role for synchronization functions.
For an overview of access rights requirements for each command, see Access rights summary.