DECLARATIVE ATTRIBUTE SECURITY USING CUSTOM PROPERTIES
First Claim
1. A computer-implement method for developing applications that provide data security, the method comprising:
- receiving, at a computer system, information specifying a view object as a component of an application development framework, the view object defining how to obtain data corresponding to business objects stored in a datasource for use by an application created by the application development framework, the view object having at least one attribute corresponding to an attribute of the business objects stored in the datasource;
receiving, at the computer system, information defining a custom property of the at least one attribute of the view object, the custom property configured to enable attribute-based security for the attribute of the business objects stored in the datasource;
receiving, at the computer system, a value for the custom property of the at least one attribute of the view object, the value indicative of one or more security privileges for the attribute of the business objects stored in the datasource; and
generating, with a processor of the computer system, a definition for the view object such that instances of the view object instantiated from the definition, based on a determination that the one or more security privileges specified in the custom property for the at least one attribute of the view object are not satisfied, cache a portion of the data corresponding to the business objects stored in the datasource that excludes data corresponding to the attribute of the business objects.
1 Assignment
0 Petitions
Accused Products
Abstract
In various embodiments, application development tools can allow developers to control whether or not an attribute of a view object is displayed by declaratively associating a data security privilege with the attribute. Associating a data security privilege with the attribute can be done by adding a specially named custom property on the view object attribute. Modifications to a base class can provide any necessary support to retrieve the privilege and determine whether a current user is allowed to view the attribute for the current record/row. If the user is authorized to view the attribute for the current record/row, then the attribute value is returned and displayed. Otherwise, redacting information, such as “*****” can be returned and displayed.
-
Citations
22 Claims
-
1. A computer-implement method for developing applications that provide data security, the method comprising:
-
receiving, at a computer system, information specifying a view object as a component of an application development framework, the view object defining how to obtain data corresponding to business objects stored in a datasource for use by an application created by the application development framework, the view object having at least one attribute corresponding to an attribute of the business objects stored in the datasource; receiving, at the computer system, information defining a custom property of the at least one attribute of the view object, the custom property configured to enable attribute-based security for the attribute of the business objects stored in the datasource; receiving, at the computer system, a value for the custom property of the at least one attribute of the view object, the value indicative of one or more security privileges for the attribute of the business objects stored in the datasource; and generating, with a processor of the computer system, a definition for the view object such that instances of the view object instantiated from the definition, based on a determination that the one or more security privileges specified in the custom property for the at least one attribute of the view object are not satisfied, cache a portion of the data corresponding to the business objects stored in the datasource that excludes data corresponding to the attribute of the business objects. - View Dependent Claims (2, 3, 4, 5, 6)
-
-
7. A computer-readable storage medium storing computer-executable code for developing applications that provide data security, the computer-readable storage medium comprising:
-
code for receiving information specifying a view object as a component of an application development framework, the view object defining how to obtain data corresponding to business objects stored in a datasource for use by an application created by the application development framework, the view object having at least one attribute corresponding to an attribute of the business objects stored in the datasource; code for receiving information defining a custom property of the at least one attribute of the view object, the custom property configured to enable attribute-based security for the attribute of the business objects stored in the datasource; code for receiving a value for the custom property of the at least one attribute of the view object, the value indicative of one or more security privileges for the attribute of the business objects stored in the datasource; and code for generating a definition for the view object such that instances of the view object instantiated from the definition, based on a determination that the one or more security privileges specified in the custom property for the at least one attribute of the view object are not satisfied, cache a portion of the data corresponding to the business objects stored in the datasource that excludes data corresponding to the attribute of the business objects. - View Dependent Claims (8, 9, 10, 11)
-
-
12. A computer-implemented for implementing attribute security, the method comprising:
-
identifying, with a processor associated with a computer system, a view object associated with a user interface environment, the view object defining how to obtain for the user interface environment data corresponding to business objects stored in a first datasource; identifying, with the processor associated with the computer system, an attribute of the view object corresponding to an attribute of the business objects stored in the first datasource, the attribute of the view object having a custom property enabling attribute-based security for the attribute of the business objects stored in the first datasource; determining, with the processor associated with the computer system, a value for the custom property enabling attribute-based security for the attribute of the business objects stored in the first datasource, the value indicative of one or more security privileges for the attribute of the business objects stored in the first datasource; determining, with the processor associated with the computer system, whether the one or more security privileges specified in the custom property for the attribute of the view object are satisfied; and based on a determination that the one or more security privileges specified in the custom property for the attribute of the view object are not satisfied, caching in a second datasource a portion of the data corresponding to the business objects stored in the first datasource that excludes data corresponding to the attribute of the business objects. - View Dependent Claims (13, 14, 15, 16, 17)
-
-
18. A computer-readable storage medium storing computer-executable code for implementing attribute security, the computer-readable storage medium comprising:
-
code for identifying a view object associated with a user interface environment, the view object defining how to obtain for the user interface environment data corresponding to business objects stored in a first datasource; code for identifying an attribute of the view object corresponding to an attribute of the business objects stored in the first datasource, the attribute of the view object having a custom property enabling attribute-based security for the attribute of the business objects stored in the first datasource; code for determining a value for the custom property enabling attribute-based security for the attribute of the business objects stored in the first datasource, the value indicative of one or more security privileges for the attribute of the business objects stored in the first datasource; code for determining whether the one or more security privileges specified in the custom property for the attribute of the view object are satisfied; and code for, based on a determination that the one or more security privileges specified in the custom property for the attribute of the view object are not satisfied, caching in a second datasource a portion of the data corresponding to the business objects stored in the first datasource that excludes data corresponding to the attribute of the business objects. - View Dependent Claims (19, 20, 21, 22)
-
Specification