In user-based data partitioning, users are stored on different data sources. The data sources they are stored on depends on the values of the user attributes.
Marcus Kopp wants to store regular users in a directory service, while storing service users in the database of the SAP NetWeaver Application Server (AS) Java. As a result:
Example
<dataSource id="PRIVATE_DATASOURCE" className="com.sap.security.core.persistence.datasource.imp.DataBasePersistence" isReadonly="false" isPrimary="true"> <homeFor> <principals> <principal type="USER"> <!-- Substructure specified means home for all principals of type "USER" if they have the namespace attribute value triple ($serviceUser$,SERVICEUSER_ATTRIBUTE,IS_SERVICEUSER) in their initial values --> <nameSpace name="$serviceUser$"> <attribute name="SERVICEUSER_ATTRIBUTE"> <values> <value>IS_SERVICEUSER</value> </values> </attribute> </nameSpace> </principal> </principals> </homeFor> <notHomeFor> </notHomeFor> ... </dataSource> <dataSource id="CORP_LDAP" className="com.sap.security.core.persistence.datasource.imp.LDAPPersistence" isReadonly="false" isPrimary="true"> <homeFor> <principals> <principal type="USER"> <!-- No substructure specified means home for all principals of type "USER" except the ones in notHomeFor Section --> </principal> </principals> </homeFor> <notHomeFor> <principals> <principal type="USER"> <!-- Substructure specified means home for all principals of type "USER", but not if they have the namespace attribute value triple ($serviceUser$,SERVICEUSER_ATTRIBUTE,IS_SERVICEUSER) in their initial values --> <nameSpace name="$serviceUser$"> <attribute name="SERVICEUSER_ATTRIBUTE"> <values> <value>IS_SERVICEUSER</value> </values> </attribute> </nameSpace> </principal> </principals> </notHomeFor> ... </dataSource>