Abstract: A system for managing user-controlled security keys in cloud-based scenarios is provided. In some implementations, the system performs operations comprising receiving an information request from a user device via a network, and generating a database query based at least in part upon the information request. The operations can comprise generating a request for a secret key for decrypting encrypted data when the database query requests the encrypted data and/or generating a request for a secret key for encrypting data when the database query requests to encrypt data. The operations can also comprise providing the request to a security key management entity via a network, receiving secret key information from the security key management entity via the network, and using the secret key information to form decrypted data or encrypted data. Related systems, methods, and articles of manufacture are also described.

Abstract: A system, a method, and a computer program product for deployment of objects are disclosed. Using a deployment infrastructure of a database system, a deployment container for deployment of at least one object at runtime of an application is generated. The container includes at least one artifact for the object and a container schema indicative of at least one dependency associated with the object. At least one deployment privilege is associated based on the container schema with the artifact for the object. The artifact of the deployment container is deployed based on the associated deployment schema during runtime of the application. The container can be an isolated container and an access privilege to an object can be requested based on a synonym for deployment purposes.

Abstract: Embodiments manage access to cryptography keys for database data, within a secure key store of a local key server owned by a new (security) operating system (OS) user separate from an original default OS user. Existing principles governing distinct OS user access privileges engrained within the OS itself, are leveraged to preclude the default OS user from accessing files of the new security OS user. Embodiments thus segregate the right to read secure cryptography keys of a secure key store, from the right to administer database installation on the OS level. While the original default OS user retains access to the encrypted data, the new security OS user now owns the cryptography key necessary to decrypt that database data. Thus, the default OS user is denied enough information to unlock the database data, enhancing its security. Embodiments are particularly useful for promoting data security in cloud setups and multi-tenant databases.

Abstract: A system includes reception of a configuration set definition file defining the structure of one or more customizing tables of a software application, reception of a configuration data file including data for the one or more customizing tables, and, during activation of the software application in a run-time system, generation of the one or more customizing tables based on the configuration set definition file, generation of a service to access the configuration data file, and population of the one or more customizing tables with data of the configuration data file.

Abstract: A system for managing user-controlled security keys in cloud-based scenarios is provided. In some implementations, the system performs operations comprising receiving an information request from a user device via a network, and generating a database query based at least in part upon the information request. The operations can comprise generating a request for a secret key for decrypting encrypted data when the database query requests the encrypted data and/or generating a request for a secret key for encrypting data when the database query requests to encrypt data. The operations can also comprise providing the request to a security key management entity via a network, receiving secret key information from the security key management entity via the network, and using the secret key information to form decrypted data or encrypted data. Related systems, methods, and articles of manufacture are also described.

Abstract: Methods, systems, and apparatus, including computer program products, are provided for configuring access controls to a database. In one aspect there is provided a method. The method may include receiving, from a first user, a table declaration for creating a database table in a database; generating, based on the table declaration, the database table; receiving, from the first user, a specification of one or more access mechanisms that have a privilege to access the database table; receiving a designation of at least one column in the database table as a protected column and one or more users who have a privilege to access the content of the protected column; and providing control over access to the content of the protected column based at least in part on the specification of the one or more access mechanisms and the designation of the at least one column and the second user.

Abstract: In one embodiment, the present invention includes a computer-implemented method comprising storing data in an application using an application custom data type and application custom data structure. The data is stored in a database using the application custom data type and the application custom data structure. In one embodiment, a request is sent to access the data from the application to the database. The data is retrieved from the database in response to the request in the application custom data type and the application custom data structure. In one embodiment, the data is sent from the database to a shared memory in the application custom data type and the application custom data structure and the data is retrieved by the application from the shared memory in the application custom data type and the application custom data structure.

Abstract: In one embodiment, the present invention includes a computer-implemented method comprising storing data in an application using an application custom data type and application custom data structure. The data is stored in a database using the application custom data type and the application custom data structure. In one embodiment, a request is sent to access the data from the application to the database. The data is retrieved from the database in response to the request in the application custom data type and the application custom data structure. In one embodiment, the data is sent from the database to a shared memory in the application custom data type and the application custom data structure and the data is retrieved by the application from the shared memory in the application custom data type and the application custom data structure.

Abstract: A system, a method, and a computer program product for deployment of objects are disclosed. Using a deployment infrastructure of a database system, a deployment container for deployment of at least one object at runtime of an application is generated. The container includes at least one artifact for the object and a container schema indicative of at least one dependency associated with the object. At least one deployment privilege is associated based on the container schema with the artifact for the object. The artifact of the deployment container is deployed based on the associated deployment schema during runtime of the application. The container can be an isolated container and an access privilege to an object can be requested based on a synonym for deployment purposes.

Abstract: In one embodiment, the present invention includes a computer-implemented method comprising storing data in an application using an application custom data type and application custom data structure. The data is stored in a database using the application custom data type and the application custom data structure. In one embodiment, a request is sent to access the data from the application to the database. The data is retrieved from the database in response to the request in the application custom data type and the application custom data structure. In one embodiment, the data is sent from the database to a shared memory in the application custom data type and the application custom data structure and the data is retrieved by the application from the shared memory in the application custom data type and the application custom data structure.

Abstract: A system includes reception of a configuration set definition file defining the structure of one or more customizing tables of a software application, reception of a configuration data file including data for the one or more customizing tables, and, during activation of the software application in a run-time system, generation of the one or more customizing tables based on the configuration set definition file, generation of a service to access the configuration data file, and population of the one or more customizing tables with data of the configuration data file.

Abstract: In one embodiment, the present invention includes a computer-implemented method comprising storing data in an application using an application custom data type and application custom data structure. The data is stored in a database using the application custom data type and the application custom data structure. In one embodiment, a request is sent to access the data from the application to the database. The data is retrieved from the database in response to the request in the application custom data type and the application custom data structure. In one embodiment, the data is sent from the database to a shared memory in the application custom data type and the application custom data structure and the data is retrieved by the application from the shared memory in the application custom data type and the application custom data structure.

Abstract: In one embodiment, the present invention includes a computer-implemented method comprising storing data in an application using an application custom data type and application custom data structure. The data is stored in a database using the application custom data type and the application custom data structure. In one embodiment, a request is sent to access the data from the application to the database. The data is retrieved from the database in response to the request in the application custom data type and the application custom data structure. In one embodiment, the data is sent from the database to a shared memory in the application custom data type and the application custom data structure and the data is retrieved by the application from the shared memory in the application custom data type and the application custom data structure.

Abstract: In one embodiment, the present invention includes a computer-implemented method comprising storing data in an application using an application custom data type and application custom data structure. The data is stored in a database using the application custom data type and the application custom data structure. In one embodiment, a request is sent to access the data from the application to the database. The data is retrieved from the database in response to the request in the application custom data type and the application custom data structure. In one embodiment, the data is sent from the database to a shared memory in the application custom data type and the application custom data structure and the data is retrieved by the application from the shared memory in the application custom data type and the application custom data structure.

Abstract: In one embodiment, the present invention includes a computer-implemented method comprising storing data in an application using an application custom data type and application custom data structure. The data is stored in a database using the application custom data type and the application custom data structure. In one embodiment, a request is sent to access the data from the application to the database. The data is retrieved from the database in response to the request in the application custom data type and the application custom data structure. In one embodiment, the data is sent from the database to a shared memory in the application custom data type and the application custom data structure and the data is retrieved by the application from the shared memory in the application custom data type and the application custom data structure.

Abstract: A computer-implemented method, computer program product and system for configuration modeling with objects are disclosed. A base configuration of an application is modeled, to generate a configuration model that specifies parameters, types, structures, and boundary conditions of the base configuration of the application. The configuration model is stored in a database repository as a repository object that can be activated with configuration data. One or more extensions to the base configuration is modeled as one or more configuration model extensions. The one or more configuration model extensions are stored as repository objects linked to the repository object representing the configuration model.

Abstract: In one embodiment, the present invention includes a computer-implemented method comprising storing data in an application using an application custom data type and application custom data structure. The data is stored in a database using the application custom data type and the application custom data structure. In one embodiment, a request is sent to access the data from the application to the database. The data is retrieved from the database in response to the request in the application custom data type and the application custom data structure. In one embodiment, the data is sent from the database to a shared memory in the application custom data type and the application custom data structure and the data is retrieved by the application from the shared memory in the application custom data type and the application custom data structure.

Abstract: In one embodiment, the present invention includes a computer-implemented method comprising storing data in an application using an application custom data type and application custom data structure. The data is stored in a database using the application custom data type and the application custom data structure. In one embodiment, a request is sent to access the data from the application to the database. The data is retrieved from the database in response to the request in the application custom data type and the application custom data structure. In one embodiment, the data is sent from the database to a shared memory in the application custom data type and the application custom data structure and the data is retrieved by the application from the shared memory in the application custom data type and the application custom data structure.

Abstract: A computer-implemented method, computer program product and system for configuration modeling with objects are disclosed. A base configuration of an application is modeled, to generate a configuration model that specifies parameters, types, structures, and boundary conditions of the base configuration of the application. The configuration model is stored in a database repository as a repository object that can be activated with configuration data. One or more extensions to the base configuration is modeled as one or more configuration model extensions. The one or more configuration model extensions are stored as repository objects linked to the repository object representing the configuration model.

Abstract: In one embodiment, the present invention includes a computer-implemented method comprising storing data in an application using an application custom data type and application custom data structure. The data is stored in a database using the application custom data type and the application custom data structure. In one embodiment, a request is sent to access the data from the application to the database. The data is retrieved from the database in response to the request in the application custom data type and the application custom data structure. In one embodiment, the data is sent from the database to a shared memory in the application custom data type and the application custom data structure and the data is retrieved by the application from the shared memory in the application custom data type and the application custom data structure.