Example:
User-Based Data Partitioning
In user-based data
partitioning, users are stored on different data sources. The data sources
they are stored on depends on the values of the user attributes.
Marcus Kopp wants
to store regular users in a directory service, while storing service users in
the database of the SAP NetWeaver Application Server (AS) Java. As a
result:
·
All new users get
an ID from the directory service data source, except service users, which get
an ID from the AS Java database data source. Service users differ from normal
users in that service users have an initial namespace-attribute-value triple:
($serviceUser$, SERVICEUSER_ATTRIBUTE, IS_SERVICEUSER).
·
The unique ID of
new regular users starts with "USER.CORP_LDAP."
·
The unique ID of
new service users starts with "USER.PRIVATE_DATASOURCE."
·
All
namespace-attribute-value triples for which the directory service data source
is responsible
for are stored in the directory service, all others in the database of the
AS Java. All attributes for which the AS Java database data source is
responsible for are stored in the AS Java database
Example
<dataSource id="PRIVATE_DATASOURCE"
className="com.sap.security.core.persistence.datasource.imp.DataBasePersistence"
isReadonly="false"
isPrimary="true">
<homeFor>
<principals>
<principal type="USER">
<!-- Substructure specified
means home for all
principals of type "USER" if they have the
namespace attribute value triple
($serviceUser$,SERVICEUSER_ATTRIBUTE,IS_SERVICEUSER)
in their initial values -->
<nameSpace name="$serviceUser$">
<attribute name="SERVICEUSER_ATTRIBUTE">
<values>
<value>IS_SERVICEUSER</value>
</values>
</attribute>
</nameSpace>
</principal>
</principals>
</homeFor>
<notHomeFor>
</notHomeFor>
...
</dataSource>
<dataSource id="CORP_LDAP"
className="com.sap.security.core.persistence.datasource.imp.LDAPPersistence"
isReadonly="false"
isPrimary="true">
<homeFor>
<principals>
<principal type="USER">
<!-- No substructure specified means home
for all principals of type "USER" except the
ones in notHomeFor
Section -->
</principal>
</principals>
</homeFor>
<notHomeFor>
<principals>
<principal type="USER">
<!-- Substructure specified
means home
for all principals of type
"USER", but not
if they have the namespace attribute value
triple
($serviceUser$,SERVICEUSER_ATTRIBUTE,IS_SERVICEUSER)
in their initial values -->
<nameSpace name="$serviceUser$">
<attribute name="SERVICEUSER_ATTRIBUTE">
<values>
<value>IS_SERVICEUSER</value>
</values>
</attribute>
</nameSpace>
</principal>
</principals>
</notHomeFor>
...
</dataSource>
|