Historical Data for In Memory Data Warehouse
US-2015074038-A1 · Mar 12, 2015 · US
Catalog-Based User Authorization to Access to Multiple Applications
US2016379002A1 · US · A1
| Field | Value |
|---|---|
| Publication number | US-2016379002-A1 |
| Application number | US-201514752417-A |
| Country | US |
| Kind code | A1 |
| Filing date | Jun 26, 2015 |
| Priority date | Jun 26, 2015 |
| Publication date | Dec 29, 2016 |
| Grant date | — |
How to read this patent
A practical reading order for non-experts. Skip the full description unless you need deep technical detail.
- Title
What the patent document calls the invention.
- Abstract
A short plain-language summary of the technical disclosure.
- Assignees and inventors
Who owns or filed the patent and who is credited as inventor.
- Key dates
Filing, priority, publication, and grant dates set the timeline.
- First independent claim
The legal scope of protection — read this for what is actually claimed.
- CPC / IPC classifications
Technology tags used to group this patent with similar filings.
- Citations and related patents
Prior art links and similar publications in this corpus.
Abstract
Official abstract text for this publication.
Embodiments manage user authorization to access multiple grouped software applications, via a catalog mechanism. Functionality of related software is divided into semantically meaningful catalogs, representing tasks or sub-processes within a business scenario. These catalogs represent a unit of functionality utilized to structure work and authorization. Functionality and authorizations are associated to system entry points, and assigned to catalogs bundling applications and services. Responsibilities may be defined statically or dynamically in terms of rule-based access restrictions to data structure (e.g., business object) instances. Catalogs may be assigned to business roles, and business roles assigned to users. Based on such assignments, corresponding authorizations are generated and linked to users at compile or deployment time. At run time, access decision and enforcement is granted based on these authorizations and restrictions. Decision and enforcement points are associated with the system entry points within software applications belonging to catalog(s).
First claim
Opening claim text (preview).
1 . (canceled) 2 . A computer-implemented method of providing entry point security as in claim 7 wherein: the first software application comprises a first functionality; the catalog further comprises a restriction; and the method further comprises the engine granting the user access to the first functionality according to the restriction. 3 . A computer-implemented method of providing entry point security as in claim 2 further comprising assigning a value of the restriction at design time. 4 . A computer-implemented method of providing entry point security as in claim 2 further comprising assigning a value of the restriction by evaluating the rule at runtime. 5 . (canceled) 6 . A computer-implemented method of providing entry point security as in claim 7 wherein the read authorization is instance-based. 7 . A computer-implemented method of providing entry point security, the method comprising: an in-memory database engine of an in-memory database receiving a role from a user; and based upon the role and a stored rule, the in-memory database engine granting the user a read authorization from a catalog that is part of the in-memory database to access a first system entry point of a first software application, and to access a second system entry point of a second software application; wherein the in-memory database engine grants the read authorization based upon a WHERE-clause expressed via a data control language and pushed down to the in-memory database. 8 . A computer-implemented method of providing entry point security as in claim 7 wherein the first system entry point comprises an HTML graphic user interface. 9 . A computer-implemented method of providing entry point security as in claim 7 wherein the first system entry point is utilized in a key performance indicator. 10 . (canceled) 11 . A non-transitory computer readable storage medium as in claim 15 wherein the method of providing entry point security further comprising assigning a value of the restriction at design time. 12 . A non-transitory computer readable storage medium as in claim 15 wherein the method of providing entry point security further comprises assigning a value of the restriction by evaluating the rule at runtime. 13 . (canceled) 14 . A non-transitory computer readable storage medium as in claim 15 wherein the authorization is instance-based. 15 . A non-transitory computer readable storage medium embodying a computer program for performing a method of providing entry point security, said method comprising: an in-memory database engine of an in-memory database receiving a role from a user; and based upon the role and a stored rule, the in-memory database engine granting the user an authorization from a catalog that is part of the in-memory database to access a first system entry point of a first software application, and to access a second system entry point of a second software application, wherein, the first software application comprises a first functionality; the catalog further comprises a restriction; and the method further comprises the in-memory database engine granting the user access to the first functionality according to the restriction; wherein the in-memory database engine grants the authorization based upon a WHERE-clause expressed via a data control language and pushed down to the in-memory database. 16 . A non-transitory computer readable storage medium as in claim 15 wherein the first system entry point is utilized in a key performance indicator. 17 . (canceled) 18 . A computer system implementing entry point security as in claim 20 wherein: the first software application comprises a first functionality; the catalog further comprises a restriction; and the software application further causes the engine to grant the user access to the first functionality according to the restriction. 19 . A computer system implementing entry point security as in claim 20 wherein the authorization is instance-based. 20 . A computer system implementing entry point security and comprising: one or more processors; a software program, executable on said computer system, the software program configured to cause an in-memory database engine of an in-memory database to: receive a role from a user; and based upon the role and a stored rule, grant the user an authorization from a catalog that is part of the in-memory database to access a first system entry point of a first software application, and to access a second system entry point of a second software application; wherein the software program is configured to cause the in-memory database engine to grant the user access based upon a WHERE-clause expressed via a data control language and pushed down to the in-memory database.
Assignees
Inventors
Classifications
- G06F21/6236Primary
between heterogeneous systems · CPC title
- G06F21/6218Primary
to a system of files or objects, e.g. local or distributed file system or database · CPC title
User authentication · CPC title
Patent family
Related publications grouped by family.
External sources
Frequently asked questions
Answers are generated from the same data shown on this page.
- What does patent US2016379002A1 cover?
- Embodiments manage user authorization to access multiple grouped software applications, via a catalog mechanism. Functionality of related software is divided into semantically meaningful catalogs, representing tasks or sub-processes within a business scenario. These catalogs represent a unit of functionality utilized to structure work and authorization. Functionality and authorizations are asso…
- Who is the assignee on this patent?
- Sap Se
- What technology area does this patent fall under?
- Primary CPC classification G06F21/6236. Mapped technology areas include Physics.
- When was this patent published?
- Publication date Thu Dec 29 2016 00:00:00 GMT+0000 (Coordinated Universal Time) (A1). Legal status and post-grant events are not shown on this page.
- What related patents are in patentsdb?
- We list 3 related publications on this page (citations in our corpus or others sharing the same primary CPC).