Entering content frame

This graphic is explained in the accompanying text Example: Attribute-Based Data Partitioning

In attribute-based data partitioning, the attributes of one principal type are distributed over several data sources.

In the following example, the firstname, lastname and email attributes of a user are stored on the LDAP server, all other user attributes are stored on the database. In more detail this means that:

·        The firstname, lastname and email attributes are searched on the LDAP data source

·        The firstname and lastname attributes are populated whenever a user object is populated from the LDAP data source

·        The firstname and lastname attributes can be modified because the LDAP data source is not read only, but the email attribute cannot be modified

·        All other attributes of users are stored in the database.

Note

The firstname, lastname, and email attributes are not stored in the database because the home data source for user principals (LDAP data source) is responsible for them. So there is no need to specify these three attributes in the <notResponsibleFor>section of the database data source.

Example

<dataSource id="CORP_LDAP"
      className="com.sap.security.core.persistence.datasource.imp.LDAPPersistence"
      isReadonly="false"
      isPrimary="true">
    ...
    <responsibleFor>
      <principals>
        <principal type="USER">
          <!-- Substructure specified - means responsible
          for the specified namespace attribute tuples 
          of principals of type "USER" -->
          <nameSpaces>
            <nameSpace name="com.sap.security.core.usermanagement">
              <attributes>
                <attribute name="firstname" populateInitially="true"/>
                <attribute name="lastname" populateInitially="true"/>
                <attribute name="email" readonly="true"/>
              </attributes>
            </nameSpace>
          </nameSpaces>
        </principal>
      </principals>
    </responsibleFor>
    <notResponsibleFor>
    </notResponsibleFor>
    ...
</dataSource>

<dataSource id="PRIVATE_DATASOURCE"
      className="com.sap.security.core.persistence.datasource.imp.DataBasePersistence"
      isReadonly="false"
      isPrimary="true">
    ...
    <responsibleFor>
      <principals>
        <principal type="USER">
          <!-- No substructure specified...means responsible
          for all namespace attribute tuples of principals
          of type "USER" except the ones in the
          notResponsibleFor-Section -->
        </principal>
      </principals>
    </responsibleFor>
    <notResponsibleFor>
    </notResponsibleFor>
    ...
</dataSource>

 

Leaving content frame