| 发明名称 | On-demand authorization management | ||
| 摘要 | Methods and apparatus, including computer program products, are provided for authorization management. In one aspect, there is provided a computer-implemented method. The method may include receiving a request to authorize at least one user to at least one module of a system; mapping the received request to a semantic tag; processing, based on the semantic tag, the request to authorize the at least one user to determine whether to grant the at least one user access to the at least one module; and sending a response to the request to authorize the at least one user, wherein the response is in accordance with the result of the processing. Related apparatus, systems, methods, and articles are also described. | ||
| 申请公布号 | US9069984(B2) | 申请公布日期 | 2015.06.30 |
| 申请号 | US201113334009 | 申请日期 | 2011.12.21 |
| 申请人 | SAP SE | 发明人 | Said Bare;Eberlein Peter |
| 分类号 | G06F7/04;G06F12/14;H04L29/06;H04L9/32;G06F21/62;G06F21/10 | 主分类号 | G06F7/04 |
| 代理机构 | Mintz Levin Cohn Ferris Glovsky and Popeo, P.C. | 代理人 | Mintz Levin Cohn Ferris Glovsky and Popeo, P.C. |
| 主权项 | 1. A non-transitory computer-readable storage medium containing instructions to configure at least one processor to cause operations comprising: receiving a request to authorize at least one user to at least one module of a system; determining at least one of a role or a work center of the at least one user; mapping, based on the determining, the received request in a first format to a semantic tag in a common format, wherein the common format indicates the at least one of the role or the work center; processing, based on the semantic tag in the common format, the request to authorize the at least one user to determine whether to grant the at least one user access to the at least one module; and detecting, based on at least one segregation of duty rule, whether the request by the at least one user poses a segregation of duty violation, wherein the at least one segregation of duty rule represents a rule to segregate an action indicated by the received request from the determined at least one of the role or the work center of the at least one user; and authorizing, when the processing grants the access and the segregation of duty violation is not detected, the at least one user access to the at least one module; sending a first message indicating the authorizing, when the processing grants the access and the segregation of duty violation is not detected; sending a second message indicating access is not granted, when at least one of the processing does not grant the access or the segregation of duty violation is detected. | ||
| 地址 | Walldorf DE | ||