Abstract: Methods and systems of the present disclosure provide techniques for dynamically assessing a permission of a user that one of modifies or adds at least one content change in a source environment. The methods may further assess the permission of the user when the at least one content change relates to role content data or functional content data. The permissions of the users may be evaluated based on rule data specific to the source environment or user assignment data relating to the source environment. In addition, the disclosure provides techniques for reporting the dynamic assessment to an administrator based on a triggering event.

Abstract: Methods and systems of the present disclosure provide techniques for dynamically assessing a permission of a user that one of modifies or adds at least one content change in a source environment. The methods may further assess the permission of the user when the at least one content change relates to role content data or functional content data. The permissions of the users may be evaluated based on rule data specific to the source environment or user assignment data relating to the source environment. In addition, the disclosure provides techniques for reporting the dynamic assessment to an administrator based on a triggering event.

Abstract: Governance, risk, and compliance (GRC) functionality is implemented in a cloud environment utilizing logic provided by a function library that is present within an underlying in-memory database layer. In some embodiments, the GRC logic of the in-memory database function library is expressed in a language (e.g., C++) agnostic to that of an overlying application layer(s). In other embodiments, the in-memory database function library may be expressed in a specialized application code (e.g., ABAP of SAP SE) that is utilized by an application/application layer designed to interact with the in-memory database (e.g., HANA of SAP SE). In such embodiments the logic of the function library may be consumed (e.g. by the in-memory database engine) utilizing a function afforded by that specialized language. Particular embodiments may check for Segregation of Duties (SoD) violations based upon user and risk information input to the system.

Abstract: An example method includes, identifying a request from a user associated with a user role. The request corresponds to: an application request to access a first module in an enterprise application; and a data request to access a first portion of a database through the first module. The method also includes: responsive to a first determination that, based on the user role, the application request by the user is permissible: granting the application request; and responsive to a second determination that, based on the user role, the data request by the user is permissible: granting the data request to access the first portion of the database through the first module. The user role is associated with a plurality of access permissions, each specifies: an exhaustive set of application requests permitted to the user role; and an exhaustive set of data requests permitted to the user role.

Abstract: An example method includes, identifying a request from a user associated with a user role. The request corresponds to: an application request to access a first module in an enterprise application; and a data request to access a first portion of a database through the first module. The method also includes: responsive to a first determination that, based on the user role, the application request by the user is permissible: granting the application request; and responsive to a second determination that, based on the user role, the data request by the user is permissible: granting the data request to access the first portion of the database through the first module. The user role is associated with a plurality of access permissions, each specifies: an exhaustive set of application requests permitted to the user role; and an exhaustive set of data requests permitted to the user role.