公开(公告)号：US20200082107A1

公开(公告)日：2020-03-12

申请号：US16126104

申请日：2018-09-10

Applicant: SAP SE

Inventor： Juergen Kremp ,  Ralf Miko ,  Andreas Riehl ,  Michael Belenki

IPC: G06F21/62 ,  G06F17/30

Abstract: The present disclosure involves systems, software, and computer implemented methods for access control delegation. One example method includes identifying creation of a derived entity from an originating entity. A definition of the derived entity is modified to include an association to the originating entity. A derived access control definition is created based on an originating access control definition. Access control condition(s) in the derived access control definition are identified. Modified access control condition(s) are created by modifying column reference(s) to include a reference to the association to the originating entity. A query is received for the derived entity. A modified query is created by including, in the received query, the modified access control condition(s) and unfolding the association to the originating entity. The modified query is executed, including evaluation of the modified access control condition(s) to determine records of the derived entity that are accessible to a query user.

公开(公告)号：US10915649B2

公开(公告)日：2021-02-09

申请号：US16126104

申请日：2018-09-10

Applicant: SAP SE

Inventor： Juergen Kremp ,  Ralf Miko ,  Andreas Riehl ,  Michael Belenki

IPC: G06F16/245 ,  G06F21/62

Abstract: The present disclosure involves systems, software, and computer implemented methods for access control delegation. One example method includes identifying creation of a derived entity from an originating entity. A definition of the derived entity is modified to include an association to the originating entity. A derived access control definition is created based on an originating access control definition. Access control condition(s) in the derived access control definition are identified. Modified access control condition(s) are created by modifying column reference(s) to include a reference to the association to the originating entity. A query is received for the derived entity. A modified query is created by including, in the received query, the modified access control condition(s) and unfolding the association to the originating entity. The modified query is executed, including evaluation of the modified access control condition(s) to determine records of the derived entity that are accessible to a query user.