Example: Attribute-Based Data Partitioning

In attribute-based data partitioning, the attributes of one principal type are distributed over several data sources.

Denise DeLassandros wants to store user attributes firstname , lastname and email on the directory service, and all other user attributes on the database of the SAP NetWeaver Application Server (AS) Java. As a result:

The user management engine (UME) searches the directory service for the attributes firstname , lastname and email
The attributes firstname and lastname are populated whenever a user object is populated from the directory service data source
The attributes firstname and lastname can be modified because the directory service data source is not read only, but the email attribute cannot be modified
All other user attributes are stored in the AS Java database

Note

The attributes firstname , lastname , and email are not stored in the AS Java database because the home data source for user principals (directory service data source) is responsible for them. So there is no need for Denise to specify these attributes in the <notResponsibleFor> subsection of the AS Java database data source.

Denise modifies her data source configuration file as follows:

Example

<dataSource id="CORP_LDAP"
      className="com.sap.security.core.persistence.datasource.imp.LDAPPersistence"
      isReadonly="false"
      isPrimary="true">
    ...
    <responsibleFor>
      <principals>
        <principal type="USER">
          <!-- Substructure specified means responsible
          for the specified namespace attribute tuples 
          of principals of type "USER" -->
          <nameSpace name="com.sap.security.core.usermanagement">
            <attributes>
              <attribute name="firstname" populateInitially="true"/>
              <attribute name="lastname" populateInitially="true"/>
              <attribute name="email" readonly="true"/>
            </attributes>
          </nameSpace>
        </principal>
      </principals>
    </responsibleFor>
    <notResponsibleFor>
    </notResponsibleFor>
    ...
</dataSource>

<dataSource id="PRIVATE_DATASOURCE"
      className="com.sap.security.core.persistence.datasource.imp.DataBasePersistence"
      isReadonly="false"
      isPrimary="true">
    ...
    <responsibleFor>
      <principals>
        <principal type="USER">
          <!-- No substructure specified means responsible
          for all namespace attribute tuples of principals
          of type "USER" except the ones in the
          notResponsibleFor subsection -->
        </principal>
      </principals>
    </responsibleFor>
    <notResponsibleFor>
    </notResponsibleFor>
    ...
</dataSource>