-
公开(公告)号:US20180373757A1
公开(公告)日:2018-12-27
申请号:US15630404
申请日:2017-06-22
Applicant: SAP SE
Inventor: Igor Schukovets , Gregor Tielsch , Erich Schulzke , Nils Hartmann , Roland Lucius , Matthias Buehl , Timm Falter
Abstract: A system, method, and computer-readable medium, to receive a query specifying a result set of data from at least one database table; determine whether at least one column of the at least one database table is subject to a column-based authorization restriction; modify the query, in an instance it is determined that at least one column of the at least one database table is subject to a column-based authorization restriction, to restrict the result set of data in accordance with the column-based authorization restriction; and execute, in response to the modifying of the query, the modified query.
-
公开(公告)号:US10713246B2
公开(公告)日:2020-07-14
申请号:US15630404
申请日:2017-06-22
Applicant: SAP SE
Inventor: Igor Schukovets , Gregor Tielsch , Erich Schulzke , Nils Hartmann , Roland Lucius , Matthias Buehl , Timm Falter
IPC: G06F17/30 , G06F21/62 , G06F16/2453 , G06F16/22 , G06F21/31 , G06F16/2455
Abstract: A system, method, and computer-readable medium, to receive a query specifying a result set of data from at least one database table; determine whether at least one column of the at least one database table is subject to a column-based authorization restriction; modify the query, in an instance it is determined that at least one column of the at least one database table is subject to a column-based authorization restriction, to restrict the result set of data in accordance with the column-based authorization restriction; and execute, in response to the modifying of the query, the modified query.
-
公开(公告)号:US11595445B2
公开(公告)日:2023-02-28
申请号:US17165060
申请日:2021-02-02
Applicant: SAP SE
Inventor: Anett Lippert , Juergen Denner , Matthias Buehl
IPC: H04L9/40
Abstract: Methods, systems, and computer-readable storage media for receiving, by an AMS, a policy definition file defining policies to be enforced during execution of an instance of an application within the cloud platform, providing, by the AMS, an enhanced policy definition file indicating authorizations for roles for a policy of the policy definition file, providing an authentication bundle for execution of policy decisions at the instance, the authentication bundle provided based on the enhanced policy definition file, the authentication bundle distributed to application containers within the cloud platform, and during execution of the instance: transmitting, by the instance, an authorization request from the instance to an ADC, the ADC including an OPA and being executed within the container and executing policy decisions based on the authentication bundle, receiving, by the instance, a policy decision from the ADC and enforcing the policy based on the policy decision.
-
公开(公告)号:US20220247787A1
公开(公告)日:2022-08-04
申请号:US17165060
申请日:2021-02-02
Applicant: SAP SE
Inventor: Anett Lippert , Juergen Denner , Matthias Buehl
IPC: H04L29/06
Abstract: Methods, systems, and computer-readable storage media for receiving, by an AMS, a policy definition file defining policies to be enforced during execution of an instance of an application within the cloud platform, providing, by the AMS, an enhanced policy definition file indicating authorizations for roles for a policy of the policy definition file, providing an authentication bundle for execution of policy decisions at the instance, the authentication bundle provided based on the enhanced policy definition file, the authentication bundle distributed to application containers within the cloud platform, and during execution of the instance: transmitting, by the instance, an authorization request from the instance to an ADC, the ADC including an OPA and being executed within the container and executing policy decisions based on the authentication bundle, receiving, by the instance, a policy decision from the ADC and enforcing the policy based on the policy decision.
-
-
-
Search Results
4
records
(took 0.032 seconds)
