Techniques are described for using permission data objects to control user access to business data objects. A permission data object identifies a group affiliation associated with a user and a business object type (or family of business data objects) to which the permission object controls access. A...http://www.google.co.uk/patents/US7650644?utm_source=gb-gplus-sharePatent US7650644 - Object-based access control
