Entering content frame

This graphic is explained in the accompanying text Example: User-Based Data Partitioning

In user-based data partitioning, users are stored on different data sources. The data sources they are stored on depends on the values of their attributes.

In the following example, regular users are stored on an LDAP server, while service users are stored in a database. In more detail, this means that:

·        All new users get an ID from the LDAP data source, except service users, which get an ID from the database data source. Service users differ from normal users in that service users have a initial namespace-attribute-value triple: ($serviceUser$, SERVICEUSER_ATTRIBUTE, IS_SERVICEUSER)

·        The unique ID of new regular users starts with "USER.CORP_LDAP."

·        The unique ID of new service users starts with "USER.PRIVATE_DATASOURCE."

·        All namespace-attribute-value triples for which the LDAP data source is Structure linkresponsible for are stored on the LDAP server, all others in the database. All attributes for which the database data source is responsible for are stored in the database.

Example

<dataSource id="PRIVATE_DATASOURCE"
        className="com.sap.security.core.persistence.datasource.imp.DataBasePersistence"
        isReadonly="false"
        isPrimary="true">
    <homeFor>
        <principals>
            <principal type="USER">
            <!-- Substructure specified - means home for all
             principals of type "USER" if they have the 
             namespace attribute value triple 
             ($serviceUser$,SERVICEUSER_ATTRIBUTE,IS_SERVICEUSER)
             in their initial values -->
                <nameSpace name="$serviceUser$">
                    <attribute name="SERVICEUSER_ATTRIBUTE">
                        <values>
                            <value>IS_SERVICEUSER</value>
                        </values>
                    </attribute>
                </nameSpace>
            </principal>
        </principals>
    </homeFor>
    <notHomeFor>
    </notHomeFor>
    ...
</dataSource>  

<dataSource id="CORP_LDAP"
        className="com.sap.security.core.persistence.datasource.imp.LDAPPersistence"
        isReadonly="false"
        isPrimary="true">
    <homeFor>
        <principals>
            <principal type="USER">
            <!-- No substructure specified means home 
             for all principals of type "USER" except the
             ones in notHomeFor Section -->
            </principal>
        </principals>
    </homeFor>
    <notHomeFor>
        <principals>
            <principal type="USER">
            <!-- Substructure specified...means home
             for all principals of type "USER", but not
             if they have the namespace attribute value triple 
             ($serviceUser$,SERVICEUSER_ATTRIBUTE,IS_SERVICEUSER) 
             in their initial values -->
                <nameSpace name="$serviceUser$">
                    <attribute name="SERVICEUSER_ATTRIBUTE">
                        <values>
                            <value>IS_SERVICEUSER</value>
                        </values>
                    </attribute>
                </nameSpace>
            </principal>
        </principals>
    </notHomeFor>
    ...
</dataSource>



Leaving content frame