Computer implemented methods and apparatus for determining user access to custom metadata

US 10,049,131 B2
Filed: 07/02/2013
Issued: 08/14/2018
Est. Priority Date: 07/02/2012
Status: Active Grant

First Claim

Patent Images

1. A method for determining user access to custom metadata, the method comprising:

processing, using a database system, a request for one of a plurality of custom metadata entities, the request received from a computing device of a first user, the requested custom metadata entity defining a software component of a database environment and having an entity type specifying a class or a category of the software component, the software component configured to be instantiated and customized by a developer;

identifying one or more permission sets associated with the requested custom metadata entity, each permission set maintained through a respective permission set object stored in a database and comprising a plurality of permissions, each permission maintained through a respective permission object stored in a database and exposable in a programming interface, each permission indicating accessibility of a software entity in the database environment;

identifying one or more user attributes associated with the first user;

identifying criteria associated with the first user, the criteria identifying a plurality of required user attributes for the first user to be associated with the one or more permission sets, the criteria comprising two or more of;

a geographic location, a level with an organizational hierarchy, a level of experience, a title, an industry or a role;

maintaining one or more files identifying assignments of users to the one or more permission sets;

determining, using the entity type of the requested custom metadata entity, the one or more permission sets, the criteria, the one or more files, and a first one of a plurality of association records, that the first user has permission to access the requested custom metadata entity, the determining comprising identifying that the one or more user attributes associated with the first user satisfy the required user attributes, the association records maintained in an association database, each association record identifying at least a user and a custom metadata entity; and

providing, to the computing device of the first user and responsive to determining that the first user has permission to access the requested custom metadata entity, data identifying the requested custom metadata entity.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Disclosed are methods, apparatus, systems, and computer-readable storage media for determining user access to custom metadata. In some implementations, a server receives a request by or on behalf of a first user of a computing environment for a first custom metadata entity. A custom metadata entity may be a metadata component customized for use in the computing environment and having an entity type specifying a class or a category of the metadata component. The server may identify an association record indicating that the first user has permission to access the requested custom metadata entity. In some implementations, the association records are stored in an association database accessible by the server, wherein each association record identifies a user and a custom metadata entity. The server may also provide data including the requested custom metadata entity to a computing device.

215 Citations

19 Claims

1. A method for determining user access to custom metadata, the method comprising:
- processing, using a database system, a request for one of a plurality of custom metadata entities, the request received from a computing device of a first user, the requested custom metadata entity defining a software component of a database environment and having an entity type specifying a class or a category of the software component, the software component configured to be instantiated and customized by a developer;
  
  identifying one or more permission sets associated with the requested custom metadata entity, each permission set maintained through a respective permission set object stored in a database and comprising a plurality of permissions, each permission maintained through a respective permission object stored in a database and exposable in a programming interface, each permission indicating accessibility of a software entity in the database environment;
  
  identifying one or more user attributes associated with the first user;
  
  identifying criteria associated with the first user, the criteria identifying a plurality of required user attributes for the first user to be associated with the one or more permission sets, the criteria comprising two or more of;
  
  a geographic location, a level with an organizational hierarchy, a level of experience, a title, an industry or a role;
  
  maintaining one or more files identifying assignments of users to the one or more permission sets;
  
  determining, using the entity type of the requested custom metadata entity, the one or more permission sets, the criteria, the one or more files, and a first one of a plurality of association records, that the first user has permission to access the requested custom metadata entity, the determining comprising identifying that the one or more user attributes associated with the first user satisfy the required user attributes, the association records maintained in an association database, each association record identifying at least a user and a custom metadata entity; and
  
  providing, to the computing device of the first user and responsive to determining that the first user has permission to access the requested custom metadata entity, data identifying the requested custom metadata entity.
- View Dependent Claims (2, 3, 4, 5, 6)
- - 2. The method of claim 1, the method further comprising:
    - receiving, at the database system, a request to grant the first user permission to access a second one of the plurality of custom metadata entities;
      
      assigning the second custom metadata entity to the one or more permission sets; and
      
      storing data indicating the assignment in the association database.
  - 3. The method of claim 2, wherein the permissions of a permission set identify one or more system metadata entities of a computing environment, each system metadata entity being a built-in metadata component of the computing environment, the system metadata entities comprising one or more of:
    - objects, fields, applications, and system wide permissions.
  - 4. The method of claim 2, wherein the custom metadata entities comprise one or more of:
    - external objects, custom classes, custom web pages, workflows, custom applications, data sources, and external web services.
  - 5. The method of claim 2, wherein the first association record is in a child-parent relationship with the one or more permission sets.
  - 6. The method of claim 5, wherein the permissions of the one or more permission sets have a child-parent relationship with the one or more permission sets.

7. A computer program product comprising computer-readable program code capable of being executed by one or more processors when retrieved from a non-transitory computer-readable medium, the program code comprising instructions configurable to cause:
- processing, using a database system, a request for one of a plurality of custom metadata entities, the request received from a computing device of a first user, the requested custom metadata entity defining a software component of a database environment and having an entity type specifying a class or a category of the software component, the software component configured to be instantiated and customized by a developer;
  
  identifying one or more permission sets associated with the requested custom metadata entity, each permission set maintained through a respective permission set object stored in a database and comprising a plurality of permissions, each permission maintained through a respective permission object stored in a database and exposable in a programming interface, each permission indicating accessibility of a software entity in the database environment;
  
  identifying one or more user attributes associated with the first user;
  
  identifying criteria associated with the first user, the criteria identifying a plurality of required user attributes for the first user to be associated with the one or more permission sets, the criteria comprising two or more of;
  
  a geographic location, a level with an organizational hierarchy, a level of experience, a title, an industry or a role;
  
  maintaining one or more files identifying assignments of users to the one or more permission sets;
  
  determining, using the entity type of the requested custom metadata entity, the one or more permission sets, the criteria, the one or more files, and a first one of a plurality of association records, that the first user has permission to access the requested custom metadata entity, the determining comprising identifying that the one or more user attributes associated with the first user satisfy the required user attributes, the association records maintained in an association database, each association record identifying at least a user and a custom metadata entity; and
  
  providing, to the computing device of the first user and responsive to determining that the first user has permission to access the requested custom metadata entity, data identifying the requested custom metadata entity.
- View Dependent Claims (8, 9)
- - 8. The computer program product of claim 7, wherein determining that the first user has permission to access the requested custom metadata entity comprises:
    - identifying the one or more permission sets as being associated with the first user; and
      
      identifying the first association record as being associated with both the one or more permission sets and the requested custom metadata entity.
  - 9. The computer program product of claim 7, the instructions further configurable to cause:
    - processing a request to grant the first user permission to access a second one of the plurality of custom metadata entities;
      
      assigning the second custom metadata entity to the one or more permission sets; and
      
      storing data indicating the assignment in the association database.

10. A system for determining user access to custom metadata, the system comprising:
- a database system implemented using a server system comprising one or more hardware processors, the database system configurable to cause;
  
  processing a request for one of a plurality of custom metadata entities, the request received from a computing device of a first user, the requested custom metadata entity defining a software component of a database environment and having an entity type specifying a class or a category of the software component, the software component configured to be instantiated and customized by a developer;
  
  identifying one or more permission sets associated with the requested custom metadata entity, each permission set maintained through a respective permission set object stored in a database and comprising a plurality of permissions, each permission maintained through a respective permission object stored in a database and exposable in a programming interface, each permission indicating accessibility of a software entity in the database environment;
  
  identifying one or more user attributes associated with the first user;
  
  identifying criteria associated with the first user, the criteria identifying a plurality of required user attributes for the first user to be associated with the one or more permission sets, the criteria comprising two or more of;
  
  a geographic location, a level with an organizational hierarchy, a level of experience, a title, an industry or a role;
  
  maintaining one or more files identifying assignments of users to the one or more permission sets;
  
  determining, using the entity type of the requested custom metadata entity, the one or more permission sets, the criteria, the one or more files, and a first one of a plurality of association records, that the first user has permission to access the requested custom metadata entity, the determining comprising identifying that the one or more user attributes associated with the first user satisfy the required user attributes, the association records maintained in an association database, each association record identifying at least a user and a custom metadata entity; and
  
  providing, to the computing device of the first user and responsive to determining that the first user has permission to access the requested custom metadata entity, data identifying the requested custom metadata entity.
- View Dependent Claims (11, 12, 13, 14, 15, 16, 17, 18, 19)
- - 11. The system of claim 10, wherein the database system receives the request for the custom metadata entity through an application programming interface (API).
  - 12. The system of claim 10, wherein determining that the first user has permission to access the requested custom metadata entity comprises:
    - identifying the one or more permission sets as being associated with the first user; and
      
      identifying the first association record as being associated with both the one or more permission sets and the requested custom metadata entity.
  - 13. The system of claim 10, wherein determining that the first user has permission to access the requested custom metadata entity comprises determining that the first association record identifies a permission set identifier of the one or more permission sets and an entity identifier of the requested custom metadata entity.
  - 14. The system of claim 10, the database system further configurable to cause:
    - processing a request to grant the first user permission to access a second one of the custom metadata entities;
      
      assigning the second custom metadata entity to the one or more permission sets; and
      
      storing data indicating the assignment in the association database.
  - 15. The system of claim 14, the database system further configurable to cause:
    - generating or updating an audit file to identify the assignment of the second custom metadata entity to the one or more permission sets.
  - 16. The system of claim 14, wherein assigning the second custom metadata entity to the one or more permission sets comprises creating or updating an association record stored in the association database.
  - 17. The system of claim 16, wherein:
    - the second custom metadata entity has an entity identifier,the permission set has a permission set identifier, andthe created or updated association record comprises the entity identifier and the permission set identifier.
  - 18. The system of claim 17, wherein the created or updated association record further comprises an entity type of the second custom metadata entity.
  - 19. The system of claim 18, wherein custom metadata entities of different entity types are capable of being assigned to permission sets using association records of the association database.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Salesforce.com, Inc.
Original Assignee
Salesforce.com, Inc.
Inventors
Torman, Adam, Bitting, Doug, Warshavsky, Alex
Primary Examiner(s)
Casanova, Jorge A

Application Number

US13/933,457
Publication Number

US 20140006441A1
Time in Patent Office

1,869 Days
Field of Search

707769
US Class Current
CPC Class Codes

G06F 16/245   Query processing

G06F 16/285   Clustering or classification

G06F 16/907   Retrieval characterised by ...

G06F 21/6218   to a system of files or obj...

G06F 21/6227   where protection concerns t...

Computer implemented methods and apparatus for determining user access to custom metadata

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

215 Citations

19 Claims

Specification

Solutions

Use Cases

Quick Links

Computer implemented methods and apparatus for determining user access to custom metadata

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

215 Citations

19 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links