US 12,346,472 B2
Authorization checks and auditing for queries in database systems
Xun Zhang, Xi'an (CN); Taehyung Lee, Seoul (KR); Yinghua Ouyang, Xi'an (CN); Dongmei Xv, Xi'an (CN); Yanchen Cao, Xi'an (CN); Hong-Hai Do, Berlin (DE); Taeyoung Jeong, Seoul (KR); and Zhen Tian, Xi'an (CN)
Assigned to SAP SE, Walldorf (DE)
Filed by SAP SE, Walldorf (DE)
Filed on Mar. 8, 2023, as Appl. No. 18/180,221.
Prior Publication US 2024/0303364 A1, Sep. 12, 2024
Int. Cl. G06F 21/00 (2013.01); G06F 21/62 (2013.01)
CPC G06F 21/6227 (2013.01) [G06F 2221/2141 (2013.01)] 20 Claims
OG exemplary drawing
 
1. A computer-implemented method for authorization checks of queries in database systems, the method being executed by one or more processors and comprising:
receiving, by a database system, a query from an entity;
providing a parse tree based on the query, the parse tree comprising nodes representative of operations to be executed and data objects stored within the database system;
generating a module tree based on the parse tree, the module tree comprising a set of modules provided in sequential order from a root module to a leaf module, each module overlapping another module and representing portions of multiple paths through the parse tree; and
executing an authorization check using the module tree by, for each module, determining a set of data objects and, for each data object in the set of data objects, determining whether the entity is one or more of authorized access the data object and perform an operation on the data object.