公开(公告)号：US20160379002A1

公开(公告)日：2016-12-29

申请号：US14752417

申请日：2015-06-26

Applicant: SAP SE

Inventor： Bernhard Drabant ,  Bernhard Drittler ,  Roland Lucius ,  Martin Schmid

IPC: G06F21/62 ,  G06F21/31

CPC classification number: G06F21/6236

Abstract: Embodiments manage user authorization to access multiple grouped software applications, via a catalog mechanism. Functionality of related software is divided into semantically meaningful catalogs, representing tasks or sub-processes within a business scenario. These catalogs represent a unit of functionality utilized to structure work and authorization. Functionality and authorizations are associated to system entry points, and assigned to catalogs bundling applications and services. Responsibilities may be defined statically or dynamically in terms of rule-based access restrictions to data structure (e.g., business object) instances. Catalogs may be assigned to business roles, and business roles assigned to users. Based on such assignments, corresponding authorizations are generated and linked to users at compile or deployment time. At run time, access decision and enforcement is granted based on these authorizations and restrictions. Decision and enforcement points are associated with the system entry points within software applications belonging to catalog(s).

Abstract translation: 实施例通过目录机制管理用户授权以访问多个分组的软件应用。 相关软件的功能分为语义有意义的目录，表示业务场景中的任务或子进程。 这些目录是用于构建工作和授权的功能单位。 功能和授权与系统入口点相关联，并分配给捆绑应用程序和服务的目录。 可以根据对数据结构（例如，业务对象）实例的基于规则的访问限制来静态地或动态地定义责任。 目录可以分配给业务角色和分配给用户的业务角色。 基于这样的分配，在编译或部署时，生成相应的授权并链接到用户。 在运行时，根据这些授权和限制授予访问决策和执行。 决策和执行点与属于目录的软件应用程序中的系统入口点相关联。

公开(公告)号：US09866638B2

公开(公告)日：2018-01-09

申请号：US13960742

申请日：2013-08-06

Applicant: SAP SE

Inventor： Juergen Heymann ,  Udo Offermann ,  Roman Hayer ,  Bernhard Drittler ,  Rainer Brendle

IPC: G06F15/16 ,  H04L29/08 ,  G06F17/30 ,  H04L29/06

CPC classification number: H04L67/142 ,  G06F17/30873 ,  G06F17/3089 ,  H04L29/06 ,  H04L67/02 ,  H04L67/1027 ,  H04L67/14 ,  H04L67/16 ,  H04L67/2842 ,  H04L69/329

Abstract: Mechanisms for allowing allow multi-session capability and session-return enabling stateful web applications include providing a start URL of a requested portal page with an “External Session ID” (ESID). The ESID is an argument that is different between the two instances of the application (on the same page), and leads to different/independent sessions in the server. When a user returns to the same page, the ESIDs are passed again with the individual application requests, and the server can then logically reconnect to the proper session and allow the user to continue. The ESID can be used to return to an application after the user has previously left to go to another application and then desires to come back, or even when the user closed the browser and restarts the application later.

公开(公告)号：US20230385449A1

公开(公告)日：2023-11-30

申请号：US17867642

申请日：2022-07-18

Applicant: SAP SE

Inventor： Carsten Pluder ,  Diane Schmidt ,  Volker Lehnert ,  Martina Knoedler ,  Thorsten Bruckmeier ,  Philipp Alexander Zikesch ,  Bernhard Drittler ,  Matthias Vogel ,  Katrin Ludwig ,  Naved Ahmed ,  Saritha Palli ,  Shweta Sureshchandra Gupta ,  Arun Kumar Gowd ,  Dev Karan Ahuja ,  Shwetha H S

IPC: G06F21/62 ,  G06F21/78

CPC classification number: G06F21/6254 ,  G06F21/6209 ,  G06F21/78

Abstract: Systems and processes for managing access to personal data based on a purpose for storing the personal data are provided. In a method for managing personal data access, personal data for a data subject corresponding to a first data category is received, and an operation is executed in a purpose agent to associate one or more purposes to the personal data, where the one or more purposes are assigned to the first data category and include at least a first purpose. The personal data may be stored in a data storage system, and the stored personal data may be designated as being associated with the one or more purposes. Access to the personal data may be controlled based on the one or more purposes.

公开(公告)号：US09760734B2

公开(公告)日：2017-09-12

申请号：US14752417

申请日：2015-06-26

Applicant: SAP SE

Inventor： Bernhard Drabant ,  Bernhard Drittler ,  Roland Lucius ,  Martin Schmid

IPC: G06F21/32 ,  G06F21/62

CPC classification number: G06F21/6236

Abstract: Embodiments manage user authorization to access multiple grouped software applications, via a catalog mechanism. Functionality of related software is divided into semantically meaningful catalogs, representing tasks or sub-processes within a business scenario. These catalogs represent a unit of functionality utilized to structure work and authorization. Functionality and authorizations are associated to system entry points, and assigned to catalogs bundling applications and services. Responsibilities may be defined statically or dynamically in terms of rule-based access restrictions to data structure (e.g., business object) instances. Catalogs may be assigned to business roles, and business roles assigned to users. Based on such assignments, corresponding authorizations are generated and linked to users at compile or deployment time. At run time, access decision and enforcement is granted based on these authorizations and restrictions. Decision and enforcement points are associated with the system entry points within software applications belonging to catalog(s).