John My advice would be that you should replicate the Security database. In a sense, there's no reason not to ( other than that you are encountering problems, which you shouldn't ).
You may be able to get away with not replicating because 1) ids are created deterministically However you are vulnerable to Security changes not being replicated, and who is to say that this will always be true. Or you might change the admin password, and have forgetten the old one when you most need it. If you are using certificates and you update your certificate you will lose your new one when failing over, without Security being replicated. You will probably have to buy a new one. You may choose to use some of the newer security features at some point e.g. external security. Again, the integration may be lost at failover time without the Security database being replicated. So I would replicate, and if you are encountering difficulties, raise them with our Support function. Regards Ken Tune -----Original Message----- From: [email protected] [mailto:[email protected]] On Behalf Of Muth, John, Springer UK Sent: 06 August 2015 16:29 To: [email protected] Subject: [MarkLogic Dev General] db replication and the Security db We are in the process of upgrading to MarkLogic 8, from 7. Our setup is: one master cluster, to which we do all writes, and two slave clusters. We create all of our users, roles and privileges only once, when initially configuring a new server, we never update them. But we figured we should replicate the Security db so that the ids of those users, roles and privileges would be identical between the master and slave clusters, so the permissions on documents written to master would work in the slave clusters. Is that unnecessary? We have been assuming we should, and in ML7 doing so has not been a problem, but in ML8 we are seeing some problems around enabling/disabling db replication. The problems go away if we don't enable replication of the Security db. I can describe the problems if necessary, but if you can tell me "don't bother replicating the Security db", I'd be happy. Thanks for any advice, John _______________________________________________ General mailing list [email protected] Manage your subscription at: http://developer.marklogic.com/mailman/listinfo/general _______________________________________________ General mailing list [email protected] Manage your subscription at: http://developer.marklogic.com/mailman/listinfo/general
