SnapMirror and SnapVault support the replication of NFS version 4 access control lists (ACLs).
When replicating ACLs, the destination might or might not understand NFS version 4 ACLs. The following points provide information on the methods in which the ACLs are replicated:
- If the destination can understand NFS version 4 ACLs, the ACL is replicated as is from the source to the destination.
The access rules applied for the data on the destination is identical to the access rules on the source.
- If the destination can understand NFS version 4 ACLs with a large number of ACEs, the ACL is replicated as is from the source to the destination.
The access rules applied for the data on the destination is identical to the access rules on the source.
- If the destination cannot understand NFS version 4 ACLs, a new ACL, which the destination can understand is created.
The access rules in this new ACL are equivalent or stricter than the original ACL. This is done to avoid any security issues.
- If the destination cannot understand NFS version 4 ACLs with a large number of ACEs, a new ACL, which the destination can understand is created.
The access rules in this new ACL are equivalent or stricter than the original ACL. This is done to avoid any security issues.
Note: This alternative also implies that a user might not be given access to a set of data on the destination, although the user has access to the same data on the source.