Abstract: A data model is defined to describe objects. Attributes from the data model are associated with providing authorization right for executing actions on object instances of the objects. A hierarchy of object groups is declared. Objects group collections are defined on top of the hierarchy. A vocabulary including definitions of attributes of objects and including definitions of assignments of objects to object groups is created. The vocabulary is related to determining authorization rights for executing actions based on attributes and hierarchy organization of objects. A capability to determine authorization to perform an action by a user on a set of objects is defined based on the vocabulary. When a request for performing an action by a user on object instances is received, a filtering expression based on the capability is generated to be included in a where clause of a query.

Abstract: In one respect, there is provided a system a data processor and a memory. The system can be configured to receive, from a first user associated with a first tenant, a request to access a resource associated with a second tenant. The first tenant and the second tenant can be tenants of a multi-tenant cloud-computing platform. The resource can be accessible via the multi-tenant cloud-computing platform. The first user can be authorized to access the resource associated with the second tenant based on a sharing relationship that allows the first user to access the resource. In response to determining that the first user is authorized to access the resource associated with the second tenant, access to the resource can be provided to the first user. Related methods and articles of manufacture, including computer program products, are also provided.

Abstract: In one respect, there is provided a system a data processor and a memory. The system can be configured to receive, from a first user associated with a first tenant, a request to access a resource associated with a second tenant. The first tenant and the second tenant can be tenants of a multi-tenant cloud-computing platform. The resource can be accessible via the multi-tenant cloud-computing platform. The first user can be authorized to access the resource associated with the second tenant based on a sharing relationship that allows the first user to access the resource. In response to determining that the first user is authorized to access the resource associated with the second tenant, access to the resource can be provided to the first user. Related methods and articles of manufacture, including computer program products, are also provided.

Abstract: A data model is defined to describe objects. Attributes from the data model are associated with providing authorization right for executing actions on object instances of the objects. A hierarchy of object groups is declared. Objects group collections are defined on top of the hierarchy. A vocabulary including definitions of attributes of objects and including definitions of assignments of objects to object groups is created. The vocabulary is related to determining authorization rights for executing actions based on attributes and hierarchy organization of objects. A capability to determine authorization to perform an action by a user on a set of objects is defined based on the vocabulary. When a request for performing an action by a user on object instances is received, a filtering expression based on the capability is generated to be included in a where clause of a query.

Abstract: Embodiments manage user authorization to access multiple grouped software applications, via a catalog mechanism. Functionality of related software is divided into semantically meaningful catalogs, representing tasks or sub-processes within a business scenario. These catalogs represent a unit of functionality utilized to structure work and authorization. Functionality and authorizations are associated to system entry points, and assigned to catalogs bundling applications and services. Responsibilities may be defined statically or dynamically in terms of rule-based access restrictions to data structure (e.g., business object) instances. Catalogs may be assigned to business roles, and business roles assigned to users. Based on such assignments, corresponding authorizations are generated and linked to users at compile or deployment time. At run time, access decision and enforcement is granted based on these authorizations and restrictions.

Abstract: Embodiments manage user authorization to access multiple grouped software applications, via a catalog mechanism. Functionality of related software is divided into semantically meaningful catalogs, representing tasks or sub-processes within a business scenario. These catalogs represent a unit of functionality utilized to structure work and authorization. Functionality and authorizations are associated to system entry points, and assigned to catalogs bundling applications and services. Responsibilities may be defined statically or dynamically in terms of rule-based access restrictions to data structure (e.g., business object) instances. Catalogs may be assigned to business roles, and business roles assigned to users. Based on such assignments, corresponding authorizations are generated and linked to users at compile or deployment time. At run time, access decision and enforcement is granted based on these authorizations and restrictions.

Abstract: The present disclosure involves systems, software, and computer implemented methods for providing context-aware request dispatching in a clustered environment. One process includes operations for receiving an event at a first computer node. The contents of the event are analyzed to determine a target process instance for handling the event. A target computer node hosting the target process instance is determined, and the event is sent to the target computer node for handling by the target process instance.

Abstract: A plurality of nodes may be arranged within a hierarchy to perform actions, each node may perform a task associated an action. A dependency evaluator may determine, based on a request to perform an action, the first subset of the nodes configured to perform the action, wherein a first node of a higher level of the hierarchy is dependent upon a response from a second node of a lower level of the hierarchy to perform a task associated with the action. A request engine may provide the request to a lowest level of the hierarchy, wherein the second node of the lowest level may perform a task associated with the requested action and respond to the dependent first node. A response engine may receive the response from one of the nodes on a highest level of the hierarchy, including a performance of the tasks and the requested action.

Abstract: The present disclosure involves systems, software, and computer implemented methods for providing context-aware request dispatching in a clustered environment. One process includes operations for receiving an event at a first computer node. The contents of the event are analyzed to determine a target process instance for handling the event. A target computer node hosting the target process instance is determined, and the event is sent to the target computer node for handling by the target process instance.

Abstract: The subject matter discloses a method for enabling computerized extensions, comprising receiving data concerning an extension required to a computerized application utilizing a process model, detecting an event received from the external entity and executing the computerized extension according to the event. The extension may be activated before after or during operation of the computerized application.

Abstract: Example methods and apparatus for storing and providing application runtime data are disclosed. An example method include receiving, at a data list manager, a set of identifiers associated, respectively, with one or more persistently stored structured data records. The example method further includes storing, by the data list manager, the set of identifiers. The example method also includes receiving, at the data list manager, a request for one or more of the structured data records and retrieving, by the data list manager, the one or more requested structured data records. The example method still further includes storing, by the data list manager, the retrieved data records in correspondence with their respective identifiers and providing, by the data list manager, the retrieved data records for display to a user.

Abstract: The subject matter discloses a method for enabling computerized extensions, comprising receiving data concerning an extension required to a computerized application utilizing a process model, detecting an event received from the external entity and executing the computerized extension according to the event. The extension may be activated before after or during operation of the computerized application.

Abstract: The subject matter disclosed herein provides methods and apparatus, including computer program products, for model driven state management of applications. In one aspect, there is provided a computer-implemented method. The method may include instantiating one or more business objects associated with an application. The transitions between states of the application may be checked using one or more models defined based on at least one of a context of the business object and a context of the application. An indication regarding the results of checking of the transitions may be provided to a user interface. Related apparatus, systems, methods, and articles are also described.

Abstract: An electronic message, containing a request to initiate a service, can be received in a landscape of computer systems providing message-based services. Thereafter, a contract can be accessed to determine if provision of the requested service is permitted. As a result, the requested service identified in the message if provision of the requested service is permitted can be initiated. Related techniques, articles, apparatus, and systems are also described.

Abstract: A wrapper can receive a request for application data. The wrapper wraps a first reference to a cross-session object and a second reference to a wrapper mapper object. Thereafter, the cross-session object can be accessed using the first reference and the wrapper mapper object is polled using the second reference to access a session-local object. The wrapper mapper object includes a wrapper list references the wrapper and any wrappers contained therein to facilitate recovery after session failover. Related apparatus, systems, methods, and articles are also described.

Abstract: Example methods and apparatus for storing and providing application runtime data are disclosed. An example method include receiving, at a data list manager, a set of identifiers associated, respectively, with one or more persistently stored structured data records. The example method further includes storing, by the data list manager, the set of identifiers. The example method also includes receiving, at the data list manager, a request for one or more of the structured data records and retrieving, by the data list manager, the one or more requested structured data records. The example method still further includes storing, by the data list manager, the retrieved data records in correspondence with their respective identifiers and providing, by the data list manager, the retrieved data records for display to a user.

Abstract: A plurality of nodes may be arranged within a hierarchy to perform actions, each node may perform a task associated an action. A dependency evaluator may determine, based on a request to perform an action, the first subset of the nodes configured to perform the action, wherein a first node of a higher level of the hierarchy is dependent upon a response from a second node of a lower level of the hierarchy to perform a task associated with the action. A request engine may provide the request to a lowest level of the hierarchy, wherein the second node of the lowest level may perform a task associated with the requested action and respond to the dependent first node. A response engine may receive the response from one of the nodes on a highest level of the hierarchy, including a performance of the tasks and the requested action.

Abstract: The subject matter disclosed herein provides methods and apparatus, including computer program products, for model driven state management of applications. In one aspect, there is provided a computer-implemented method. The method may include instantiating one or more business objects associated with an application. The transitions between states of the application may be checked using one or more models defined based on at least one of a context of the business object and a context of the application. An indication regarding the results of checking of the transitions may be provided to a user interface. Related apparatus, systems, methods, and articles are also described.

Abstract: Methods and apparatus, including computer program products, are provided for providing a language for defining a service. In one embodiment, there is provided a method for making a call to the service having a business object. Moreover, the method may include formatting a message based on a language, the language defining an interaction with the business object at the service and an association between the business object and a business object node, the association enabling an instantiation of the business object including the business object node; and calling the service using the formatted message, such that the formatted message instantiates the business object.

Abstract: A wrapper can receive a request for application data. The wrapper wraps a first reference to a cross-session object and a second reference to a wrapper mapper object. Thereafter, the cross-session object can be accessed using the first reference and the wrapper mapper object is polled using the second reference to access a session-local object. The wrapper mapper object includes a wrapper list references the wrapper and any wrappers contained therein to facilitate recovery after session failover. Related apparatus, systems, methods, and articles are also described.