There are two tags to specify on which data source a principal should be created, <homeFor> and <notHomeFor>. The <homeFor> section defines the objects for which the data source is the home data source. The <notHomeFor>section defines the objects for which the data source is not the home data source.
The allowed substructure of the <homeFor> section describes the principals and the namespace-attribute-value triples that distinguish them.
If the sub element <principal type=”...”> contains no further sub elements, the data source is home for all principals of this type.
Example: Data source is home for all principals of type USER
<homeFor> |
You can restrict which principals the data source is home for by specifying a namespace-attribute-value hierarchy as sub element(s) of the principal.
All data sources which are home data sources for this principal type are asked to create a unique id for this principal, but only one data source is allowed to create a unique id for the given principal with its initial attributes. If no data source, or more than one data source return a unique id for a principal that should be created, an error is raised.
Example: Data source is home only for principals of type user in the namespace $serviceUser$ which have the value IS_SERVICEUSER for attribute SERVICEUSER_ATTRIBUTE
<homeFor> |
For examples of how to use the <homeFor> and <notHomeFor> tags, see the following examples: