| CPC G06F 16/162 (2019.01) [G06F 16/24557 (2019.01); G06F 21/6218 (2013.01)] | 25 Claims |
|
1. A method for privilege escalation in a cloud platform having database entities, the cloud platform exposing one or more application programming interfaces (APIs) as a payload for a client to perform CRUD (Create, Delete, Update Delete) operations on the database entities, the method performed by a server cluster of the cloud platform comprising;
provisioning to a client access privileges to the database entities that are covered by a license;
provisioning a base escalation matrix to the client with additional access privileges not covered by the license, and providing the base escalation matrix with one or more entries comprising an API identifier (ID) through which an access request is made, a database entity ID for which access is required, and allowed CRUD operations;
receiving an API request comprising: a database ID of a first database entity of the database entities, and a requested CRUD operation to be performed on the first database entity;
attempting to perform the requested CRUD operation on the first database entity;
responsive to the requested CRUD operation initially failing because the client does not have required access privileges provisioned under the license: detecting activation of an exception signaling failure of the requested CRUD operation, and using the exception as a trigger to fetch the base escalation matrix;
escalating the access privileges of a user context of the current API query request, by applying the additional access privileges from the base escalation matrix to the requested CRUD operation, and repeating the requested CRUD operation; and
removing the escalated access privileges.
|