Show TOC Anfang des Inhaltsbereichs

Diese Grafik wird im zugehörigen Text erklärt Example: Attribute-Based Data Partitioning  Dokument im Navigationsbaum lokalisieren

In attribute-based data partitioning, the attributes of one principal type are distributed over several data sources.

Denise DeLassandros wants to store user attributes firstname, lastname and email on the directory service, and all other user attributes on the database of the SAP NetWeaver Application Server (AS) Java. As a result:

·        The user management engine (UME) searches the directory service for the attributes firstname, lastname and email

·        The attributes firstname and lastname are populated whenever a user object is populated from the directory service data source

·        The attributes firstname and lastname can be modified because the directory service data source is not read only, but the email attribute cannot be modified

·        All other user attributes are stored in the AS Java database

Hinweis

The attributes firstname, lastname, and email are not stored in the AS Java database because the home data source for user principals (directory service data source) is responsible for them. So there is no need for Denise to specify these attributes in the <notResponsibleFor> subsection of the AS Java database data source.

Denise modifies her data source configuration file as follows:

Example

<dataSource id="CORP_LDAP"
      className="com.sap.security.core.persistence.datasource.imp.LDAPPersistence"
      isReadonly="false"
      isPrimary="true">
    ...
    <responsibleFor>
      <principals>
        <principal type="USER">
          <!-- Substructure specified means responsible
          for the specified namespace attribute tuples 
          of principals of type "USER" -->
          <nameSpace name="com.sap.security.core.usermanagement">
            <attributes>
              <attribute name="firstname" populateInitially="true"/>
              <attribute name="lastname" populateInitially="true"/>
              <attribute name="email" readonly="true"/>
            </attributes>
          </nameSpace>
        </principal>
      </principals>
    </responsibleFor>
    <notResponsibleFor>
    </notResponsibleFor>
    ...
</dataSource>

<dataSource id="PRIVATE_DATASOURCE"
      className="com.sap.security.core.persistence.datasource.imp.DataBasePersistence"
      isReadonly="false"
      isPrimary="true">
    ...
    <responsibleFor>
      <principals>
        <principal type="USER">
          <!-- No substructure specified means responsible
          for all namespace attribute tuples of principals
          of type "USER" except the ones in the
          notResponsibleFor subsection -->
        </principal>
      </principals>
    </responsibleFor>
    <notResponsibleFor>
    </notResponsibleFor>
    ...
</dataSource>

 

Ende des Inhaltsbereichs