公开(公告)号：US11693945B2

公开(公告)日：2023-07-04

申请号：US15355379

申请日：2016-11-18

Applicant: SAP SE

Inventor： Michael Engler ,  Martijn de Boer ,  Wolfgang Janzen ,  Peter Eberlein

IPC: G06F21/44 ,  G06F16/951 ,  G06F21/62

CPC classification number: G06F21/44 ,  G06F16/951 ,  G06F21/629

Abstract: A security configuration file is received from a first application, the security configuration file including information of an authority. The first application assigns the authority to a second application to enable the second application to trigger jobs at the first application, and the second application provides shared services to a plurality of applications including the first application. A query is received from the second application and in response the authority is sent to the second application. A request for a token is received from the second application, the request including the authority. A token including the authority is sent to the second application. The second application sends the token to the first application when the second application triggers jobs at the first application.

公开(公告)号：US11042654B2

公开(公告)日：2021-06-22

申请号：US16216400

申请日：2018-12-11

Applicant: SAP SE

Inventor： Kathrin Nos ,  Michael Engler ,  Matthias Vogel

IPC: G06F21/60 ,  G06F21/62 ,  H04L29/06 ,  G06F16/907

Abstract: Metadata describing access control capabilities of a database technology resource is received from an access control system. Access restrictions for accessing data of the database resource by users of an application that have a role are received from an application developer. A role maintenance user interface is generated, using the metadata, for assigning the role to users of the application. Attribute values for creating an instance of the role for a user are received, using the role maintenance user interface. The instance of the role is created for the user based on the received attribute values and the access restrictions. A request from the application for the user to access the database resource is received by the access control system when the user is logged into the application. The access restrictions are applied by the access control system in the database resource when the database resource is accessed.

公开(公告)号：US20200184087A1

公开(公告)日：2020-06-11

申请号：US16216400

申请日：2018-12-11

Applicant: SAP SE

Inventor： Kathrin Nos ,  Michael Engler ,  Matthias Vogel

IPC: G06F21/60 ,  G06F21/62 ,  H04L29/06 ,  G06F16/907

Abstract: Metadata describing access control capabilities of a database technology resource is received from an access control system. Access restrictions for accessing data of the database resource by users of an application that have a role are received from an application developer. A role maintenance user interface is generated, using the metadata, for assigning the role to users of the application. Attribute values for creating an instance of the role for a user are received, using the role maintenance user interface. The instance of the role is created for the user based on the received attribute values and the access restrictions. A request from the application for the user to access the database resource is received by the access control system when the user is logged into the application. The access restrictions are applied by the access control system in the database resource when the database resource is accessed.

公开(公告)号：US20180144117A1

公开(公告)日：2018-05-24

申请号：US15355379

申请日：2016-11-18

Applicant: SAP SE

Inventor： Michael Engler ,  Martijn de Boer ,  Wolfgang Janzen ,  Peter Eberlein

IPC: G06F21/44 ,  G06F17/30

CPC classification number: G06F21/44 ,  G06F16/951 ,  G06F21/629

Abstract: A security configuration file is received from a first application, the security configuration file including information of an authority. The first application assigns the authority to a second application to enable the second application to trigger jobs at the first application, and the second application provides shared services to a plurality of applications including the first application. A query is received from the second application and in response the authority is sent to the second application. A request for a token is received from the second application, the request including the authority. A token including the authority is sent to the second application. The second application sends the token to the first application when the second application triggers jobs at the first application.