Abstract: Systems, methods, and computer media are described for user risk assessment using similarity analysis. Records of transactions performed by a user while in previous enhanced application access sessions can be evaluated against records of transactions performed by other users in previous sessions. The more similar a user is to other users, the more likely it is the user was acting in a typical manner, and the less likely the user poses a security risk. A similarity analysis can be performed using a bipartite graph linking a group of users and a group of application transactions. By examining an edge between a user and a performed transaction, other edges (and corresponding other users) can be identified that also performed the transaction. A similarity score can be calculated based on the bipartite graph and can be used to determine a risk classification and allow or deny an enhanced application access session request.

Abstract: Systems, methods, and computer media are described for user risk assessment using similarity analysis. Records of transactions performed by a user while in previous enhanced application access sessions can be evaluated against records of transactions performed by other users in previous sessions. The more similar a user is to other users, the more likely it is the user was acting in a typical manner, and the less likely the user poses a security risk. A similarity analysis can be performed using a bipartite graph linking a group of users and a group of application transactions. By examining an edge between a user and a performed transaction, other edges (and corresponding other users) can be identified that also performed the transaction. A similarity score can be calculated based on the bipartite graph and can be used to determine a risk classification and allow or deny an enhanced application access session request.

Abstract: Methods, systems, and computer-readable storage media for receiving, by an intermediate system from a web browser, a request to access a target system, in response to the request, transmitting, by the intermediate system, a request for a reentrance ticket to a target system, the request for a reentrance ticket including user credentials, and transmitting, by the intermediate system, the reentrance ticket to the web browser, the web browser transmitting a request for a security session to the target system, and executing one or more calls to the target system during the security session.

Abstract: Methods, systems, and computer-readable storage media for receiving, by an intermediate system from a web browser, a request to access a target system, in response to the request, transmitting, by the intermediate system, a request for a reentrance ticket to a target system, the request for a reentrance ticket including user credentials, and transmitting, by the intermediate system, the reentrance ticket to the web browser, the web browser transmitting a request for a security session to the target system, and executing one or more calls to the target system during the security session.

Abstract: In one embodiment the present invention includes a computer-implemented method of reducing a quantity of business application programming interface (BAPI) calls in a hardware client-server environment. The method includes configuring a centralized provisioning system on a hardware server with access definitions for systems. The method further includes receiving, by the centralized provisioning system, a provisioning request for a user of a client to access the systems. The method further includes determining a collected BAPI call according to the access definitions. The method further includes providing access to the user according to the collected BAPI call.

Abstract: In one embodiment the present invention includes a computer-implemented method of reducing a quantity of business application programming interface (BAPI) calls in a hardware client-server environment. The method includes configuring a centralized provisioning system on a hardware server with access definitions for systems. The method further includes receiving, by the centralized provisioning system, a provisioning request for a user of a client to access the systems. The method further includes determining a collected BAPI call according to the access definitions. The method further includes providing access to the user according to the collected BAPI call.

Abstract: In one embodiment the present invention includes a computer-implemented method of reducing a quantity of business application programming interface (BAPI) calls in a hardware client-server environment. The method includes configuring a centralized provisioning system on a hardware server with access definitions for systems. The method further includes receiving, by the centralized provisioning system, a provisioning request for a user of a client to access the systems. The method further includes determining a collected BAPI call according to the access definitions. The method further includes providing access to the user according to the collected BAPI call.

Abstract: A system and method of authorizing access in a computer system. The method includes receiving a request to use the computer system, reading authorization data associated with the user, and denying the request according to the authorization data. The method further includes determining a business process risk associated with the request and comparing a characteristic of the request and the business process risk. The method further includes authorizing the request to use the computer system by the user when the business process risk exceeds the characteristic. In this manner, the delay involved in performing the normal access provisioning process is avoided for situations in which the business risk exceeds the cost of the delay.

Abstract: In one embodiment the present invention includes a computer-implemented method of reducing a quantity of business application programming interface (BAPI) calls in a hardware client-server environment. The method includes configuring a centralized provisioning system on a hardware server with access definitions for systems. The method further includes receiving, by the centralized provisioning system, a provisioning request for a user of a client to access the systems. The method further includes determining a collected BAPI call according to the access definitions. The method further includes providing access to the user according to the collected BAPI call.