Embodiments of the present invention relate to accessing database information in a secure manner, and in particular, to implementation of modeled authorization checking in a user interface framework.
Unless otherwise indicated herein, the approaches described in this section are not prior art to the claims in this application and are not admitted to be prior art by inclusion in this section.
Databases offer an attractive and flexible way of making large volumes of data available to potential users. However, all users are not entitled to the same privileges in accessing data in a database.
For example, while some users may be allowed to create and/or change stored data, other users may be limited to only viewing the data. Still other users may not be granted the ability to view certain types of stored information.
Authorization checks are commonly used to govern access to documents or master data, and thereby control the circulation of information. For example, in an Enterprise Resource Planning (ERP) system, only a particular subset of employees may be authorized to view and/or edit stored business opportunity data of the sales organization “North America”.
In another example, account or financial information may be restricted to employees of a given company. In still another example, creation, deletion, and/or downloading of sales opportunities, may be allowed internally for only a certain number of employees.
Authorization checks are performed by calling authorization objects. Traditionally, such authorization objects rely upon a plurality of enforcement points within the code of the various logic modules making up an individual application (e.g. an ERP system).
This conventional, de-centralized approached to authorization checking can raise certain issues. One potential drawback is difficulty in establishing a compact, comprehensive “where-used-list” or, establishing which authorizations are actually required for a user to perform the daily work or view a screen. This lack of transparency makes it difficult for developers/partners/customers to foresee authorization changes or enhancements, and to maintain authorizations by the administrator.
For example, a particular user may access the database and press an “Export to Excel™” button. Under such circumstances, the conventional authorization checks that are executed are not visible directly from the user interface (UI) meta data. The resulting lack of transparency makes it difficult for partners and customers to foresee authorization changes or enhancements.
Accordingly, the present disclosure addresses these and other issues with the use of a modeled authorization check in a user interface framework.