Authorization data model
    1.
    发明授权
    Authorization data model 有权
    授权数据模型

    公开(公告)号:US07860888B2

    公开(公告)日:2010-12-28

    申请号:US12013534

    申请日:2008-01-14

    IPC分类号: G06F7/00

    摘要: An authorization data model factors roles into generic roles and responsibilities, using these attributes at run-time to complete an authorization process based on non-static privileges associated with currently defined roles and responsibilities. Multiple applications collect current variable authorization information at run-time, when prompted by a user request to access a protected resource, from an external central repository that maintains updated generic role and responsibility information independent of user identity, thus replacing a fixed authorization structure with a flexible wild-card based model.

    摘要翻译: 授权数据模型将角色定义为通用角色和职责,在运行时使用这些属性来完成基于与当前定义的角色和职责相关联的非静态权限的授权过程。 多个应用程序在运行时收集当用户请求访问受保护资源的提示时,从维护更新的通用角色和责任信息的外部中央存储库中独立于用户身份,从而将固定授权结构替换为 灵活的基于通配符的模型。

    AUTHORIZATION DATA MODEL
    2.
    发明申请
    AUTHORIZATION DATA MODEL 有权
    授权数据模型

    公开(公告)号:US20080114769A1

    公开(公告)日:2008-05-15

    申请号:US12013534

    申请日:2008-01-14

    IPC分类号: G06F17/30

    摘要: An authorization data model factors roles into generic roles and responsibilities, using these attributes at run-time to complete an authorization process based on non-static privileges associated with currently defined roles and responsibilities. Multiple applications collect current variable authorization information at run-time, when prompted by a user request to access a protected resource, from an external central repository that maintains updated generic role and responsibility information independent of user identity, thus replacing a fixed authorization structure with a flexible wild-card based model.

    摘要翻译: 授权数据模型将角色定义为通用角色和职责,在运行时使用这些属性来完成基于与当前定义的角色和职责相关联的非静态权限的授权过程。 多个应用程序在运行时收集当用户请求访问受保护资源的提示时,从维护更新的通用角色和责任信息的外部中央存储库中独立于用户身份,从而将固定授权结构替换为 灵活的基于通配符的模型。

    Authorization data model
    3.
    发明授权
    Authorization data model 有权
    授权数据模型

    公开(公告)号:US07343628B2

    公开(公告)日:2008-03-11

    申请号:US10447680

    申请日:2003-05-28

    IPC分类号: H04K1/00

    摘要: An authorization data model factors roles into generic roles and responsibilities, using these attributes at run-time to complete an authorization process based on non-static privileges associated with currently defined roles and responsibilities. Multiple applications collect current variable authorization information at run-time, when prompted by a user request to access a protected resource, from an external central repository that maintains updated generic role and responsibility information independent of user identity, thus replacing a fixed authorization structure with a flexible wild-card based model.

    摘要翻译: 授权数据模型将角色定义为通用角色和职责,在运行时使用这些属性来完成基于与当前定义的角色和职责相关联的非静态权限的授权过程。 多个应用程序在运行时收集当用户请求访问受保护资源的提示时,从维护更新的通用角色和责任信息的外部中央存储库中独立于用户身份,从而将固定授权结构替换为 灵活的基于通配符的模型。

    SYSTEM AND METHOD FOR A BUSINESS DATA PROVISIONING FOR A PRE-EMPTIVE SECURITY AUDIT
    4.
    发明申请
    SYSTEM AND METHOD FOR A BUSINESS DATA PROVISIONING FOR A PRE-EMPTIVE SECURITY AUDIT 有权
    用于预先安全审计业务数据提供的系统和方法

    公开(公告)号:US20120167200A1

    公开(公告)日:2012-06-28

    申请号:US12978797

    申请日:2010-12-27

    IPC分类号: G06F21/00

    CPC分类号: G06F21/6218

    摘要: Embodiments of the present invention may provide a system and method for business data provisioning for a pre-emptive security audit. In one aspect, a method embodiment may comprise the steps of identifying the business resources as expressed in business terms, ensuring that applications dealing with (parts of) the business resources are aware of the link to the resource, transmitting the information about the used business resources throughout the call stack up to the UI, making use of the highest access enforcement point possible where it can be ensured that access to the protected resource is only done through either authorized users or trusted code, and having this access enforcement point taken over by a framework to ensure adequate protection even in extensibility scenarios.

    摘要翻译: 本发明的实施例可以提供用于预先安全审计的业务数据提供的系统和方法。 一方面,方法实施例可以包括以业务术语表示的业务资源的识别步骤,确保处理(部分)业务资源的应用程序知道与资源的链接,传送关于所使用的业务的信息 整个调用堆栈中的资源直到UI,利用最高的访问执行点,可以确保只有通过授权用户或受信任的代码才能访问受保护的资源,并将该访问执行点接管 即使在可扩展情况下也能确保充分保护的框架。

    USER INTERFACE MODEL DRIVEN DATA ACCESS CONTROL
    5.
    发明申请
    USER INTERFACE MODEL DRIVEN DATA ACCESS CONTROL 有权
    用户界面模式驱动数据访问控制

    公开(公告)号:US20130166596A1

    公开(公告)日:2013-06-27

    申请号:US13338066

    申请日:2011-12-27

    IPC分类号: G06F17/30

    CPC分类号: H04L63/102 G06F2221/2145

    摘要: According to one general aspect, a method of retrieving data entities from a backend data device may include maintaining a data model of data entities employed by a user interface. The data model may include a hierarchical relationship between a leading data entity and at least one child data entity. The method may also include authorizing, with an authorization device, when retrieving the leading data entity. The method may include instructing the authorization device that data retrievals of subsequent data entities are to be authorized based upon the authorization of the leading data entity. The method may also include retrieving at least one child data entity of the leading data entity without providing additional authorization credentials.

    摘要翻译: 根据一个一般方面,从后端数据设备检索数据实体的方法可以包括维护由用户界面采用的数据实体的数据模型。 数据模型可以包括领先数据实体和至少一个子数据实体之间的层次关系。 该方法还可以包括使用授权设备授权在检索前导数据实体时。 该方法可以包括指示授权设备基于领先数据实体的授权来授权后续数据实体的数据检索。 该方法还可以包括检索前导数据实体的至少一个子数据实体而不提供附加的授权证书。

    BUSINESS OBJECT NODE ACCESS MANAGEMENT FOR SEARCH SERVICES IN A SERVICE-ORIENTED ARCHITECTURE
    6.
    发明申请
    BUSINESS OBJECT NODE ACCESS MANAGEMENT FOR SEARCH SERVICES IN A SERVICE-ORIENTED ARCHITECTURE 审中-公开
    业务对象节点访问管理在面向服务的架构中搜索服务

    公开(公告)号:US20110161342A1

    公开(公告)日:2011-06-30

    申请号:US12647755

    申请日:2009-12-28

    IPC分类号: G06F17/30

    CPC分类号: G06F16/2455 G06F16/2445

    摘要: A system may include a database comprising stored data and a business process platform including business object metadata defining business objects representing the stored data. The business process platform may receive a query from a user to retrieve data from a first business object node of a business object, the business object representing stored data, determine whether the user is authorized to traverse all associations of a SELECT list of the query, determine whether the user is authorized to traverse all associations of a WHERE clause of the query, determine whether the user is authorized to retrieve any instances of each business object node of column specifications of the SELECT list of the query, and, if the determinations are affirmative, executing the query to retrieve a first result set.

    摘要翻译: 系统可以包括包括存储的数据的数据库和业务处理平台,其包括业务对象元数据,其定义表示存储的数据的业务对象。 业务处理平台可以接收来自用户的查询以从业务对象的第一业务对象节点检索数据,业务对象表示存储的数据,确定用户是否被授权遍历查询的SELECT列表的所有关联, 确定用户是否被授权遍历查询的WHERE子句的所有关联,确定用户是否被授权检索查询的SELECT列表的列规范的每个业务对象节点的任何实例,如果确定是 肯定地执行查询以检索第一结果集。

    Access administration using activatable rules
    7.
    发明申请
    Access administration using activatable rules 有权
    访问管理使用可激活的规则

    公开(公告)号:US20060277593A1

    公开(公告)日:2006-12-07

    申请号:US11142746

    申请日:2005-06-01

    申请人: Cristina Buchholz

    发明人: Cristina Buchholz

    IPC分类号: H04L9/00

    CPC分类号: G06F21/604 G06F21/6218

    摘要: Access to information instances is administered using selectively activatable rules. A computer program product includes rules establishing authorizations to information instances in a computer system, each of the rules authorizing a predefined subject to perform a predefined action on a predefined object. The computer program product includes an activation function for an administrator to selectively activate at least one of the rules, the activated rule to be applied upon a user seeking to perform an action on any of the information instances.

    摘要翻译: 使用选择性激活的规则来管理对信息实例的访问。 计算机程序产品包括为计算机系统中的信息实例建立授权的规则,授权预定义对象的每个规则对预定义的对象执行预定义的动作。 计算机程序产品包括激活功能,用于管理员选择性地激活规则中的至少一个,激活的规则被应用于寻求对任何信息实例执行动作的用户。

    CONSUMPTION LAYER FOR BUSINESS ENTITIES
    8.
    发明申请
    CONSUMPTION LAYER FOR BUSINESS ENTITIES 有权
    业务实体的消费层

    公开(公告)号:US20150160814A1

    公开(公告)日:2015-06-11

    申请号:US14303564

    申请日:2014-06-12

    IPC分类号: G06F3/0484

    摘要: A system includes a first non-transitory computer-readable storage medium and a second non-transitory computer-readable storage medium each having stored thereon computer executable program code which, when executed on a computer system, causes the computer system to perform steps. The steps associated with the first non-transitory computer readable medium include generating a Service Adaptation Definition Language (SADL) definition for each of a plurality of business entity types, the SADL definition being based on an intermediate representation of each of the plurality of business entities, and publishing the SADL definition as a service of a SADL engine. The steps associated with the second non-transitory computer-readable storage include discovering the SADL definition and displaying, on a user interface, a representation of the SADL definition, the user interface configured to enable selection of two or more business entity types each associated with a different model layer framework.

    摘要翻译: 一种系统包括第一非暂时性计算机可读存储介质和第二非暂时计算机可读存储介质,每个存储介质上都存储有计算机可执行程序代码,当在计算机系统上执行时,其使计算机系统执行步骤。 与第一非暂时性计算机可读介质相关联的步骤包括为多个业务实体类型中的每一个生成服务适配定义语言(SADL)定义,SADL定义基于多个业务实体中的每一个的中间表示 ,并将SADL定义作为SADL引擎的服务发布。 与第二非暂时性计算机可读存储相关联的步骤包括发现SADL定义并在用户界面上显示SADL定义的表示,该用户界面被配置为使得能够选择两个或更多个业务实体类型,每个业务实体类型与 一个不同的模型层框架。

    PUSH-DOWN OF AUTHORITY CHECK WITHIN QUERY ENGINE
    9.
    发明申请
    PUSH-DOWN OF AUTHORITY CHECK WITHIN QUERY ENGINE 审中-公开
    在查询引擎中按权限检查

    公开(公告)号:US20140181134A1

    公开(公告)日:2014-06-26

    申请号:US13724706

    申请日:2012-12-21

    IPC分类号: G06F17/30

    CPC分类号: G06F21/6227 G06F16/2457

    摘要: A query engine for integrating authorization conditions within a database query statement. The query engine may include an authorization handler configured to receive authorization parameters related to one or more authorization objects for data relevant to a query for performing an authority check, and obtain at least one user authorization profile for a current user based on the authorization parameters. The at least one user authorization profile may include an activity value and one or more authorization conditions associated with the activity value. The query engine may further include a query generator configured to receive query parameters related to the query and integrate the query parameters with the one or more authorization conditions to obtain a database query statement, and a database selector configured to obtain authorized data from an in-memory database based on the database query statement.

    摘要翻译: 用于在数据库查询语句中集成授权条件的查询引擎。 查询引擎可以包括授权处理器,其被配置为接收与用于执行权限检查的查询相关的数据的一个或多个授权对象的授权参数,并且基于授权参数获得当前用户的至少一个用户授权简档。 所述至少一个用户授权简档可以包括活动值和与活动值相关联的一个或多个授权条件。 所述查询引擎还可以包括查询生成器,其被配置为接收与所述查询相关的查询参数,并且将所述查询参数与所述一个或多个授权条件进行集成以获得数据库查询语句;以及数据库选择器, 内存数据库基于数据库查询语句。

    Role Based Access Management for Business Object Data Structures
    10.
    发明申请
    Role Based Access Management for Business Object Data Structures 有权
    基于角色的业务对象数据结构访问管理

    公开(公告)号:US20140172918A1

    公开(公告)日:2014-06-19

    申请号:US13719063

    申请日:2012-12-18

    IPC分类号: G06F21/62

    CPC分类号: G06F21/6218 G06F2221/2141

    摘要: A service request from a user is received to execute an operation on an instance of a business object. Thereafter, an access control check is performed to confirm whether the user is allowed to execute the requested operation on a type of business object corresponding to the business object specified and based on an access group associated with the user. Subsequently, the user is either provided with access to the instance of the business object to execute the operation if the access control check confirms that the user is allowed to execute the operation on the instance of the business object, or prevented from accessing the instance of the business object to execute the operation on the instance of the business object. Related apparatus, systems, techniques and articles are also described. Related apparatus, systems, techniques and articles are also described.

    摘要翻译: 接收到来自用户的服务请求以对业务对象的实例执行操作。 此后,执行访问控制检查以确认是否允许用户对与所指定的业务对象相对应的业务对象的类型并且基于与用户相关联的访问组执行所请求的操作。 随后,如果访问控制检查确认允许用户对业务对象的实例执行操作,或者阻止访问该业务对象的实例,则向用户提供对业务对象的实例的访问以执行操作 该业务对象对业务对象的实例执行操作。 还描述了相关设备,系统,技术和物品。 还描述了相关设备,系统,技术和物品。