公开(公告)号：US20230140122A1

公开(公告)日：2023-05-04

申请号：US17514482

申请日：2021-10-29

Applicant: SAP SE

Inventor： Bjoern Friedmann ,  Paulo Buettenbender ,  Victor Matheus Silva Peixoto ,  Lucas Mendonca de Souza Xavier ,  Leonardo Pletsch ,  Jascha Kanngiesser ,  Joerg Franke ,  Peter Haerle ,  Ioannis Kostis

IPC: G06F21/62 ,  G06F21/45

Abstract: A system and method to receive a replicated representation of a data entity and a replicated representation of application specific permissions associated with the data entity, the application specific permissions being defined by a source application sourcing the data entity; store the replicated representations of the data entity and the application specific permissions in a dedicated storage space for the source application within a consolidated cloud storage; automatically generate a secured data entity based on an integration of the replicated representation of the application specific permissions with the replicated representation of the data entity; and store the generated secured data entity in the dedicated storage space for the source application.

公开(公告)号：US10558637B2

公开(公告)日：2020-02-11

申请号：US14972814

申请日：2015-12-17

Applicant: SAP SE

Inventor： Julian Schmidt-Kluegmann ,  Simon Elsbrock ,  Abhay Tiple ,  Ioannis Kostis

IPC: G06F16/22 ,  G06F16/2455 ,  G06F16/27

Abstract: A system includes instantiation of a plan generation environment exposing one or more software hooks, each of the one or more software hooks associated with a respective one of a plurality of steps for generating a database table partition redistribution plan, identification, for of the one or more software hooks, of an associated one or more software modules for performing the step associated with the at least one software hook, and execution of the plan generation environment and the identified one or more software modules to generate a database table partition redistribution plan.

公开(公告)号：US20250077699A1

公开(公告)日：2025-03-06

申请号：US18459707

申请日：2023-09-01

Applicant: SAP SE

Inventor： Pedro Ziebell Ramos ,  Lucas Mendonca de Souza Xavier ,  Paulo Buttenbender ,  Ioannis Kostis ,  Daniel Bertolozi Iop

IPC: G06F21/62 ,  G06F16/9038

Abstract: Provided herein is a process that converts unprotected data into protected data based on permissions defined using logical operators. As such, user permissions can be managed with a simple string of data. In one example, the method may include receiving a request for data from a user device, identifying a permission object corresponding to the user device, retrieving a string comprising a logical expression with a logical operator and one or more values from the permission object, wherein the logical expression defines access permissions of the user device with respect to a database, executing a database query on the database based on the request to generate results, and filtering the results from the database query based on the logical expression to generate filtered results and outputting the filtered results to the user device.

公开(公告)号：US20230022454A1

公开(公告)日：2023-01-26

申请号：US17514983

申请日：2021-10-29

Applicant: SAP SE

Inventor： Michael Wilking ,  Michael te Uhle ,  Florian Maier ,  Ioannis Kostis ,  Atul Rajendra Prasad Tiwari ,  Leonardo Silva Rosa

IPC: G06F21/62 ,  G06F21/60 ,  G06F16/23

Abstract: Embodiments enforce user access rights to a data view, by initially generating a replication table of the view. The replication table may include all view data to which any user is entitled. This replication table may be generated during a first database session having a first value for a session variable. Next, a data access control structure is applied to the replication table to produce output comprising a subset of the view data for a specific user. This output may be produced during a second database session having a second value for the session variable. By initially generating the view replication table up front, processing resources are conserved in later stages when access control structures are applied to grant view access rights to particular users. Alternative embodiments may implement access control to data views, through the creation and storage of derived views.

公开(公告)号：US12061712B2

公开(公告)日：2024-08-13

申请号：US17514983

申请日：2021-10-29

Applicant: SAP SE

Inventor： Michael Wilking ,  Michael te Uhle ,  Florian Maier ,  Ioannis Kostis ,  Atul Rajendra Prasad Tiwari ,  Leonardo Silva Rosa

IPC: G06F21/62 ,  G06F16/23 ,  G06F21/60

CPC classification number: G06F21/6227 ,  G06F16/2393 ,  G06F21/604 ,  G06F2221/2141

Abstract: Embodiments enforce user access rights to a data view, by initially generating a replication table of the view. The replication table may include all view data to which any user is entitled. This replication table may be generated during a first database session having a first value for a session variable. Next, a data access control structure is applied to the replication table to produce output comprising a subset of the view data for a specific user. This output may be produced during a second database session having a second value for the session variable. By initially generating the view replication table up front, processing resources are conserved in later stages when access control structures are applied to grant view access rights to particular users. Alternative embodiments may implement access control to data views, through the creation and storage of derived views.

公开(公告)号：US20170177639A1

公开(公告)日：2017-06-22

申请号：US14972814

申请日：2015-12-17

Applicant: SAP SE

Inventor： Julian Schmidt-Kluegmann ,  Simon Elsbrock ,  Abhay Tiple ,  Ioannis Kostis

IPC: G06F17/30

CPC classification number: G06F16/2282 ,  G06F16/24554 ,  G06F16/27

Abstract: A system includes instantiation of a plan generation environment exposing one or more software hooks, each of the one or more software hooks associated with a respective one of a plurality of steps for generating a database table partition redistribution plan, identification, for of the one or more software hooks, of an associated one or more software modules for performing the step associated with the at least one software hook, and execution of the plan generation environment and the identified one or more software modules to generate a database table partition redistribution plan.