Skip to Content
0
Jul 11, 2018 at 01:34 PM

How to store different users in different datastores (UME/AD)

213 Views Last edit Jul 12, 2018 at 04:19 PM 4 rev

Hello everyone!

There is a challenge for SAP Netweaver AS Java UME:

According to note 2051697 - Security Policy Enhancements, there are two attributes: SERVICEUSER_ATTRIBUTE which has value IS_SERVICEUSER and SecurityPolicy which can have different values: technical (for Technical User security policy), default, internal or custom (for example, Admins if I created custom security policy with the same name "Admins").

So, I want to store Technical users, Internal users and users with Security policy Admins in UME database, but business users with, for example, Users security policy, in Active Directory data source.

For service users there is attribute SERVICEUSER_ATTRIBUTE which defined in datasource file as:

<homeFor>
<principals>
<principal type="account">
<nameSpace name="$serviceUser$">
<attribute name="SERVICEUSER_ATTRIBUTE">
<values>
<value>IS_SERVICEUSER</value>
</values>
</attribute>
</nameSpace>
</principal>
<principal type="user">
<nameSpace name="$serviceUser$">
<attribute name="SERVICEUSER_ATTRIBUTE">
<values>
<value>IS_SERVICEUSER</value>
</values>
</attribute>
</nameSpace>
</principal>
<principal type="team"/>
<principal type="ROOT"/>
<principal type="OOOO"/>
</principals>
</homeFor>

for PRIVATE_DATASOURCE (UME database) and the same in a <notHomeFor> tag for CORP_LDAP datasource.I tried to implement the same description with a SecurityPolicy attribute with a value "technical" (see note 2051697), but after restarting the application server I can't create users with security policy "Technical user" anymore. I get an error: "No data source feels responsible for principal. Please check the data source configuration!".How should I split storage for different user types (in my situation are: Business users and all other users(Technical, internal, Administrators.. ).