Unless otherwise indicated herein, the approaches described in this section are not prior art to the claims in this application and are not admitted to be prior art by inclusion in this section.
Organizations have evolved sophisticated data protection and internal controls to ensure that appropriate users have access to enterprise data. Typically, the types and capabilities of these “authorization” controls are specific to a given business application and are not applicable once data has been exported and imported into other systems such as, for example, reporting systems, analytics engines, alternate delivery channels (e.g., mobile devices), and so on. Authorization controls, are understood to refer to security policies, security controls, access policies, access controls, and so on. Replicating existing authorization controls between systems can be a challenge, since the authorization capabilities of the source system may be expressed differently in the target system or may not exist at all. This issue may affect the deployment of new applications designed to leverage existing enterprise data, since a manual and complex exercise is often required to ensure that appropriate authorization controls are projected and replicated for enterprise data that is exported from the business application and imported to the new application.
With the emerging range of new applications and new technologies, such as mobile devices, mobile applications, cloud computing, in-memory processing (e.g., SAP HANA® in-memory systems), virtual computing, and so on, replicating existing controls and protecting data has become increasingly complex and inexact. In order to maintain the same controls, organizations must complete a detailed manual assessment and replication of the existing authorization controls to ensure the same level of access when data is enabled, for example, for reporting in an SAP HANA® system or access via a mobile application. This is often inexact or impractical as the authorization capabilities are different between each application. Many organizations see this issue as a fundamental limitation when considering deployment of new applications and delivery channels.