Show TOC

 Example: User-Based Data PartitioningLocate this document in the navigation structure

In user-based data partitioning, users are stored on different data sources. The data sources they are stored on depends on the values of the user attributes.

Marcus Kopp wants to store regular users in a directory service, while storing service users in the database of the SAP NetWeaver Application Server (AS) Java. As a result:

  • All new users get an ID from the directory service data source, except service users, which get an ID from the AS Java database data source. Service users differ from normal users in that service users have an initial namespace-attribute-value triple: ($serviceUser$, SERVICEUSER_ATTRIBUTE, IS_SERVICEUSER).
  • The unique ID of new regular users starts with "USER.CORP_LDAP."
  • The unique ID of new service users starts with "USER.PRIVATE_DATASOURCE."
  • All namespace-attribute-value triples for which the directory service data source is responsible for are stored in the directory service, all others in the database of the AS Java. All attributes for which the AS Java database data source is responsible for are stored in the AS Java database

Example 

<dataSource id="PRIVATE_DATASOURCE"         className="com.sap.security.core.persistence.datasource.imp.DataBasePersistence"         isReadonly="false"         isPrimary="true">     <homeFor>         <principals>             <principal type="USER"> 











            <!-- Substructure specified means home for all              principals of type "USER" if they have the               namespace attribute value triple               ($serviceUser$,SERVICEUSER_ATTRIBUTE,IS_SERVICEUSER)              in their initial values -->                 <nameSpace name="$serviceUser$">                     <attribute name="SERVICEUSER_ATTRIBUTE">                         <values>                             <value>IS_SERVICEUSER</value>                         </values>                     </attribute>                 </nameSpace> 























            </principal>         </principals>     </homeFor>     <notHomeFor>     </notHomeFor>     ... </dataSource>   <dataSource id="CORP_LDAP"         className="com.sap.security.core.persistence.datasource.imp.LDAPPersistence"         isReadonly="false"         isPrimary="true">     <homeFor>         <principals>             <principal type="USER">             <!-- No substructure specified means home               for all principals of type "USER" except the              ones in notHomeFor Section -->             </principal>         </principals>     </homeFor>     <notHomeFor>         <principals>             <principal type="USER"> 











            <!-- Substructure specified means home              for all principals of type "USER", but not              if they have the namespace attribute value triple               ($serviceUser$,SERVICEUSER_ATTRIBUTE,IS_SERVICEUSER)               in their initial values -->                 <nameSpace name="$serviceUser$">                     <attribute name="SERVICEUSER_ATTRIBUTE">                         <values>                             <value>IS_SERVICEUSER</value>                         </values>                     </attribute>                 </nameSpace> 



            </principal>         </principals>     </notHomeFor>     ... </dataSource>