Show TOC Anfang des Inhaltsbereichs

Diese Grafik wird im zugehörigen Text erklärt Example: User-Based Data Partitioning  Dokument im Navigationsbaum lokalisieren

In user-based data partitioning, users are stored on different data sources. The data sources they are stored on depends on the values of the user attributes.

Marcus Kopp wants to store regular users in a directory service, while storing service users in the database of the SAP NetWeaver Application Server (AS) Java. As a result:

·        All new users get an ID from the directory service data source, except service users, which get an ID from the AS Java database data source. Service users differ from normal users in that service users have an initial namespace-attribute-value triple: ($serviceUser$, SERVICEUSER_ATTRIBUTE, IS_SERVICEUSER).

·        The unique ID of new regular users starts with "USER.CORP_LDAP."

·        The unique ID of new service users starts with "USER.PRIVATE_DATASOURCE."

·        All namespace-attribute-value triples for which the directory service data source is responsible for are stored in the directory service, all others in the database of the AS Java. All attributes for which the AS Java database data source is responsible for are stored in the AS Java database

Example

<dataSource id="PRIVATE_DATASOURCE"
        className="com.sap.security.core.persistence.datasource.imp.DataBasePersistence"
        isReadonly="false"
        isPrimary="true">
    <homeFor>
        <principals>
            <principal type="USER">
            <!-- Substructure specified means home for all
             principals of type "USER" if they have the 
             namespace attribute value triple 
             ($serviceUser$,SERVICEUSER_ATTRIBUTE,IS_SERVICEUSER)
             in their initial values -->
                <nameSpace name="$serviceUser$">
                    <attribute name="SERVICEUSER_ATTRIBUTE">
                        <values>
                            <value>IS_SERVICEUSER</value>
                        </values>
                    </attribute>
                </nameSpace>
            </principal>
        </principals>
    </homeFor>
    <notHomeFor>
    </notHomeFor>
    ...
</dataSource>  

<dataSource id="CORP_LDAP"
        className="com.sap.security.core.persistence.datasource.imp.LDAPPersistence"
        isReadonly="false"
        isPrimary="true">
    <homeFor>
        <principals>
            <principal type="USER">
            <!-- No substructure specified means home 
             for all principals of type "USER" except the
             ones in notHomeFor Section -->
            </principal>
        </principals>
    </homeFor>
    <notHomeFor>
        <principals>
            <principal type="USER">
            <!-- Substructure specified means home
             for all principals of type "USER", but not
             if they have the namespace attribute value triple 
             ($serviceUser$,SERVICEUSER_ATTRIBUTE,IS_SERVICEUSER) 
             in their initial values -->
                <nameSpace name="$serviceUser$">
                    <attribute name="SERVICEUSER_ATTRIBUTE">
                        <values>
                            <value>IS_SERVICEUSER</value>
                        </values>
                    </attribute>
                </nameSpace>
            </principal>
        </principals>
    </notHomeFor>
    ...
</dataSource>

 

Ende des Inhaltsbereichs