Method and system for managing workstation authentication
US-2022141212-A1 · May 5, 2022 · US
Tenant user management in cloud database operation
US2022286465A1 · US · A1
| Field | Value |
|---|---|
| Publication number | US-2022286465-A1 |
| Application number | US-202117194141-A |
| Country | US |
| Kind code | A1 |
| Filing date | Mar 5, 2021 |
| Priority date | Mar 5, 2021 |
| Publication date | Sep 8, 2022 |
| Grant date | — |
How to read this patent
A practical reading order for non-experts. Skip the full description unless you need deep technical detail.
- Title
What the patent document calls the invention.
- Abstract
A short plain-language summary of the technical disclosure.
- Assignees and inventors
Who owns or filed the patent and who is credited as inventor.
- Key dates
Filing, priority, publication, and grant dates set the timeline.
- First independent claim
The legal scope of protection — read this for what is actually claimed.
- CPC / IPC classifications
Technology tags used to group this patent with similar filings.
- Citations and related patents
Prior art links and similar publications in this corpus.
Abstract
Official abstract text for this publication.
A method of tenant user management in cloud database operation can be implemented. The method can receive an original job request from a user for a database service, wherein the original job request can include a login credential of the user. The method can authenticate the login credential of the user by a scheduler, verify the user has privileges for the original job request by the scheduler, create a modified job request from the original job request by the scheduler based on a predefined role corresponding to the privileges of the user, send the modified job request from the scheduler to a database service platform, and allocate an instance of database service to the user in response to the modified job request.
First claim
Opening claim text (preview).
1 . A computer-implemented method comprising: authenticating a login credential of a user by a scheduler, wherein the login credential is included in an original service request of the user for a database service; determining the user has privileges for the original service request by the scheduler; creating a modified service request from the original service request by the scheduler based on a predefined role corresponding to the privileges of the user; and forwarding, by the scheduler, the modified service request to a DBaaS platform, wherein an instance of database service can be assigned to the user in response to the modified service request. 2 . The method of claim 1 , wherein determining the user has privileges for the original service request comprises determining predefined privileges of the user contain requested privileges of the service request. 3 . The method of claim 1 , further comprising mapping the user to the predefined role, wherein the predefined role comprises a combination of privileges for accessing the DBaaS platform. 4 . The method of claim 3 , further comprising mapping a predefined public user to the predefined role, wherein the public user has an encrypted login credential that has been pre-authenticated to access the DBaaS platform. 5 . The method of claim 4 , wherein creating the modified service request comprises replacing the login credential of the user with the encrypted login credential of the public user in the service request. 6 . The method of claim 1 , wherein authenticating the login credential of the user comprises authenticating the user by the scheduler and authenticating the scheduler by the DBaaS platform. 7 . The method of claim 6 , wherein authenticating the user by the scheduler comprises decrypting a cookie stored on the scheduler using a private key of the user. 8 . The method of claim 7 , wherein authenticating the user by the scheduler further comprises changing the login credential of the user and refreshing the cookie stored on the scheduler. 9 . The method of claim 8 , wherein refreshing the cookie comprises: sending a public key from the scheduler to the user; validating the public key by the user; sending the login credential of the user to the scheduler; determining an asymmetric encryption algorithm by the scheduler; generating an encrypted login credential by the user using the asymmetric encryption algorithm determined by the scheduler; sending the encrypted login credential from the user to the scheduler; and storing the encrypted credential in the cookie by the scheduler. 10 . The method of claim 1 , further comprising logging the service request, results of user authentication, and the predefined role corresponding to the privileges of the user. 11 . A system comprising: memory; one or more hardware processors coupled to the memory; and one or more computer readable storage media storing instructions that, when loaded into the memory, cause the one or more hardware processors to perform operations comprising: authenticating a login credential of a user by a scheduler, wherein the login credential is included in an original service request of the user for a database service; determining the user has privileges for the original service request by the scheduler; creating a modified service request from the original service request by the scheduler based on a predefined role corresponding to the privileges of the user; forwarding, by the scheduler, the modified service request to a DBaaS platform; and assigning an instance of database service to the user in response to the modified service request. 12 . The system of claim 11 , wherein determining the user has privileges for the original service request comprises determining predefined privileges of the user contain requested privileges of the service request. 13 . The system of claim 11 , wherein the operations further comprise mapping the user to the predefined role, wherein the predefined role comprises a combination of privileges for accessing the DBaaS platform. 14 . The system of claim 11 , wherein the operations further comprise mapping a predefined public user to the predefined role, wherein the public user has an encrypted login credential that has been pre-authenticated to access the DBaaS platform. 15 . The system of claim 14 , wherein creating the modified service request comprises replacing the login credential of the user with the encrypted login credential of the public user in the service request. 16 . The system of claim 11 , wherein authenticating the login credential of the user comprises authenticating the user by the scheduler and authenticating the scheduler by the DBaaS platform. 17 . The system of claim 16 , wherein authenticating the user by the scheduler comprises decrypting a cookie stored on the scheduler using a private key of the user. 18 . The system of claim 17 , wherein authenticating the user by the scheduler further comprises changing the login credential of the user and refreshing the cookie stored on the scheduler. 19 . The system of claim 11 , further comprising logging the service request, results of user authentication, and the predefined role corresponding to the privileges of the user. 20 . One or more computer-readable media containing program instructions for causing a computer to perform a method comprising: authenticating a login credential of a user by a scheduler, wherein the login credential is included in an original service request of the user for a database service; determining the user has privileges for the original service request by the scheduler; mapping the user to a predefined role, wherein the predefined role comprises a combination of privileges for accessing the DBaaS platform; mapping a predefined public user to the predefined role, wherein the public user has an encrypted login credential that has been pre-authenticated to access the DBaaS platform; creating a modified service request by the scheduler by replacing the login credential of the user with the encrypted login credential of the public user in the service request; forwarding, by the scheduler, the modified service request to a DBaaS platform; and assigning an instance of database service to the user in response to the modified service request.
Assignees
Inventors
Classifications
for authentication of entities (cryptographic mechanisms or cryptographic arrangements for entity authentication H04L9/32) · CPC title
wherein the data content is protected, e.g. by encrypting or encapsulating the payload · CPC title
- H04L67/10Primary
in which an application is distributed across nodes in the network (software deployment G06F8/60; multiprogramming arrangements G06F9/46) · CPC title
including means for verifying the identity or authority of a user of the system {or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials} · CPC title
- G06F21/6218Primary
to a system of files or objects, e.g. local or distributed file system or database · CPC title
Patent family
Related publications grouped by family.
External sources
Frequently asked questions
Answers are generated from the same data shown on this page.
- What does patent US2022286465A1 cover?
- A method of tenant user management in cloud database operation can be implemented. The method can receive an original job request from a user for a database service, wherein the original job request can include a login credential of the user. The method can authenticate the login credential of the user by a scheduler, verify the user has privileges for the original job request by the scheduler,…
- Who is the assignee on this patent?
- Sap Se
- What technology area does this patent fall under?
- Primary CPC classification H04L67/10. Mapped technology areas include Electricity.
- When was this patent published?
- Publication date Thu Sep 08 2022 00:00:00 GMT+0000 (Coordinated Universal Time) (A1). Legal status and post-grant events are not shown on this page.
- What related patents are in patentsdb?
- We list 9 related publications on this page (citations in our corpus or others sharing the same primary CPC).