Abstract: Systems and processes for managing access to personal data based on a purpose for storing the personal data are provided. In a method for managing personal data access, personal data for a data subject corresponding to a first data category is received, and an operation is executed in a purpose agent to associate one or more purposes to the personal data, where the one or more purposes are assigned to the first data category and include at least a first purpose. The personal data may be stored in a data storage system, and the stored personal data may be designated as being associated with the one or more purposes. Access to the personal data may be controlled based on the one or more purposes.

Abstract: Mechanisms for allowing allow multi-session capability and session-return enabling stateful web applications include providing a start URL of a requested portal page with an “External Session ID” (ESID). The ESID is an argument that is different between the two instances of the application (on the same page), and leads to different/independent sessions in the server. When a user returns to the same page, the ESIDs are passed again with the individual application requests, and the server can then logically reconnect to the proper session and allow the user to continue. The ESID can be used to return to an application after the user has previously left to go to another application and then desires to come back, or even when the user closed the browser and restarts the application later.

Abstract: Embodiments manage user authorization to access multiple grouped software applications, via a catalog mechanism. Functionality of related software is divided into semantically meaningful catalogs, representing tasks or sub-processes within a business scenario. These catalogs represent a unit of functionality utilized to structure work and authorization. Functionality and authorizations are associated to system entry points, and assigned to catalogs bundling applications and services. Responsibilities may be defined statically or dynamically in terms of rule-based access restrictions to data structure (e.g., business object) instances. Catalogs may be assigned to business roles, and business roles assigned to users. Based on such assignments, corresponding authorizations are generated and linked to users at compile or deployment time. At run time, access decision and enforcement is granted based on these authorizations and restrictions.

Abstract: Embodiments manage user authorization to access multiple grouped software applications, via a catalog mechanism. Functionality of related software is divided into semantically meaningful catalogs, representing tasks or sub-processes within a business scenario. These catalogs represent a unit of functionality utilized to structure work and authorization. Functionality and authorizations are associated to system entry points, and assigned to catalogs bundling applications and services. Responsibilities may be defined statically or dynamically in terms of rule-based access restrictions to data structure (e.g., business object) instances. Catalogs may be assigned to business roles, and business roles assigned to users. Based on such assignments, corresponding authorizations are generated and linked to users at compile or deployment time. At run time, access decision and enforcement is granted based on these authorizations and restrictions.

Abstract: Systems, methods and techniques relating to managing process logs are described. A described technique includes identifying an end-to-end business process from a first system; identifying a plurality of systems that execute at least a portion of the end-to-end business process based on a definition of the end-to-end business process within the process registry; identifying a plurality of local process logs associated with the end-to-end business process for the a plurality of systems as defined by the process registry; and generating a federated process log based on at least a portion of each of the a plurality of local process logs.

Abstract: Various embodiments of systems and methods for process model extraction and weak-spot analysis from plain event logs are described herein. In an aspect, the method involves obtaining an event log that includes events grouped by process instances. Based on analyzing the event log a process graph is generated. In another aspect, one or more visual representations of the generated process graph, indicating the weak-spots, are generated. At least one of the one or more visual representations of the process model is rendered in response to receiving a selection of the at least one visual representation. In yet another aspect, the weak-spots are transformed into a data structure and provided as input to a rule mining algorithm for generating a set of rules defining the weak-spots. The set of rules received from the rule mining algorithm are rendered on a graphical user interface (GUI).

Abstract: Mechanisms for allowing allow multi-session capability and session-return enabling stateful web applications include providing a start URL of a requested portal page with an “External Session ID” (ESID). The ESID is an argument that is different between the two instances of the application (on the same page), and leads to different/independent sessions in the server. When a user returns to the same page, the ESIDs are passed again with the individual application requests, and the server can then logically reconnect to the proper session and allow the user to continue. The ESID can be used to return to an application after the user has previously left to go to another application and then desires to come back, or even when the user closed the browser and restarts the application later.

Abstract: Various embodiments of systems and methods for providing business process visibility at real time are described herein. One or more business activity events are received at a local business activity event manager. Further, business process binding information associated with the one or more business activity events is retrieved at the business activity manager from a business process model manager. A relationship of the one or more business activity events with a business process using the business process binding is identified at the business activity event manager. Upon determination, a business process log manager is triggered for logging a business activity log of a business process instance at real time. Furthermore, the business activity log is extracted to monitor and analyze the business process instance at real time.

Abstract: Mechanisms for allowing allow multi-session capability and session-return enabling stateful web applications include providing a start URL of a requested portal page with an “External Session ID” (ESID). The ESID is an argument that is different between the two instances of the application (on the same page), and leads to different/independent sessions in the server. When a user returns to the same page, the ESIDs are passed again with the individual application requests, and the server can then logically reconnect to the proper session and allow the user to continue. The ESID can be used to return to an application after the user has previously left to go to another application and then desires to come back, or even when the user closed the browser and restarts the application later.

Abstract: Systems, methods and techniques relating to managing process logs are described. A described technique includes identifying an end-to-end business process from a first system; identifying a plurality of systems that execute at least a portion of the end-to-end business process based on a definition of the end-to-end business process within the process registry; identifying a plurality of local process logs associated with the end-to-end business process for the a plurality of systems as defined by the process registry; and generating a federated process log based on at least a portion of each of the a plurality of local process logs.

Abstract: Various embodiments of systems and methods for providing business process visibility at real time are described herein. One or more business activity events are received at a local business activity event manager. Further, business process binding information associated with the one or more business activity events is retrieved at the business activity manager from a business process model manager. A relationship of the one or more business activity events with a business process using the business process binding is identified at the business activity event manager. Upon determination, a business process log manager is triggered for logging a business activity log of a business process instance at real time. Furthermore, the business activity log is extracted to monitor and analyze the business process instance at real time.

Abstract: The object based navigation is an intelligent user interface that uses a source object to determine which target information is to be presented to the user. This is done by associating an object to one or more operations, so that selection of a given source object would result in a predefined operation to be activated. The role of the user may also affect the predefined operation that is activated. If multiple operations are associated with a given source object, these operations may be prioritized, so that the one with the highest priority is performed as a default operation.

Abstract: Methods, systems, and apparatuses, including computer program products, for implementing a software architecture design for a software application implementing payroll processing. The application is structured as multiple process components interacting with each other through service interfaces, and multiple service operations, each being implemented for a respective process component. The process components include a Payroll Processing process component, an Employee Payroll Administration process component, an Accounting process component, and a Payroll Processing at Provider process component.

Abstract: In a computer system (100) that launches application services for predetermined roles, a service-to-role assignment is customized in a target table. The user inserts a CD-ROM with master and reference tables, and the system automatically provides the target table. The master table (119) stores a first assignment (112) of application services (S, 151-156) to roles (RO), and stores a second assignment (113) of service attributes (SA), such as language or industry branch, of the application services (S). The reference table (129) stores reference attributes (REA) for each application service (S) in the master table. The service representations for each role (RO) are forwarded from the master table (119) into the target table (149) if service and reference attributes match.

Abstract: A graphical user interface (GUI) for presenting representations of selected objects in a computer system. The GUI presents an object selected from a collection of objects using a selected visual representation selected from at least first and second visual representations to be initiated using different initiation techniques. A first input control causes the selected object to be presented using another visual representation instead of the selected visual representation. A second input control causes another object to be presented instead of the selected object using any visual configuration that is currently used in presenting the selected object. The first and second input controls may be located in an object header area that remains essentially unchanged when changing between the at least first and second visual representations.

Abstract: Systems and techniques to generate a virtual hierarchy for navigating in and between object hierarchies. In general, in one implementation, the technique includes: flagging nodes in one or more object hierarchies as entry points and generating a virtual hierarchy including a virtual root and the nodes flagged as entry points depend directly from the virtual root.

Abstract: A role-based computer system has a first processor with a computer program (100) and has further processors with application systems (Sy1, Sy2, Sy3) and application services (Se). The program generates a start instruction for the further processors to execute the services by consecutively receiving a log-in identification from the user and looking up in a first assignment table (101) for a role (Ro), looking up in a second assignment table (102) to determine logical services (LSe) assigned to the role; and looking up in a second assignment table to determine a pointer (P(Sy/Se)) to the services (Se) that are assigned to the logical service. The pointer has first and second portions to identify the application system (Sy) and the application service (Se), respectively, and becomes part of the start instruction (350).

Abstract: Techniques are described for automating the generation of access control information that identifies users that are permitted to access particular business objects used by a computer application. The generation of access control information is based on a characteristic that is shared by the user and the business object to be accessed. The characteristic may be an attribute. The characteristic also may be the identification of a process to determine a characteristic of a user and/or a characteristic of a business object.

Abstract: Data structures for use in controlling access to data objects by users of a computer system or computing device are described. The data structures include an access control group data structure, a user access data structure, and a data object access data structure. The access control group data structure stores access control group data. The user access data structure stores user access data. The user access data relates to at least one entry in the access control group data structure. The data object access data structure stores data object access data, which relates to at least one entry in the access control group. Additional data structures described include an access control rule data structure and a characteristic method data structure.

Abstract: Systems and techniques to derive virtual objects at run-time from persistencely stored objects. In general, in one implementation, the technique includes receiving a request for a target object from a requesting application. It is determined whether a delta link is associated with the target object. The delta link includes a location of the target object and information describing a desired difference between the target object and a derived object to be returned to the requesting application. The target object is located and a derived object is generated from the target object and the information in the delta link. The derived object is then returned to the requesting application. The target object, and derived object, may include a number of elements. The elements may be name-value pairs, or “properties”, or a number of child objects in an object hierarchy.