Fine grain security for analytic data sets

US 10,713,376 B2
Filed: 04/14/2016
Issued: 07/14/2020
Est. Priority Date: 04/14/2016
Status: Active Grant

First Claim

Patent Images

1. A method comprising:

extracting fields of data from one or more secured, primary database sources on a batch basis;

assigning field level security to the fields, wherein the assigning comprises;

identifying a first subset of the fields with user selectable inheritance, wherein the field level security for each field of the first subset of the fields is determined based at least in part on inheriting security from one or more source fields associated with the first subset of the fields extracted from the one or more secured, primary database sources; and

identifying a second subset of the fields with pinnable inheritance, wherein the field level security for each field of the second subset of the fields is determined based at least in part on a user pinning inheritance of field level security for the second subset of the fields to reference fields, wherein the reference fields are bound to one or more attributes in the one or more secured, primary database sources and are distinct from the second subset of the fields;

compiling the fields with the assigned field level security to obtain compiled fields, wherein the compiled fields support real-time querying by a dashboard for display in a graphical user interface (GUI);

storing the compiled fields in one or more analytical, read-only databases, wherein the one or more analytical, read-only databases are distinct from the one or more secured, primary database sources;

receiving a request for query results from a user; and

producing, for display in the GUI, the query results from the compiled fields supporting the real-time querying based at least in part on the assigned field level security and subject to field level security permissions of the user.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

The technology disclosed relates to assigning field level security to fields extracted from primary sources on a batch basis and compiled into analytical, read-only databases, for ultra-fast, ad-hoc data exploration and faceted navigation on integrated, heterogeneous data sets. The method includes assigning field level security to the extracted fields by combining user selectable inheritance of field level security from source fields that yield the extracted fields, with pinning of inheritance of field level security for the extracted fields to reference fields in the database sources wherein the reference fields are distinct from the extracted fields. The disclosed method also includes receiving additional fields as unsecured data sets, and assigning field level security to the additional fields, received by combining user selectable explicit specification of field level security for the received fields with pinning of inheritance of field level security for the received fields to reference fields in the database sources.

194 Citations

25 Claims

1. A method comprising:
- extracting fields of data from one or more secured, primary database sources on a batch basis;
  
  assigning field level security to the fields, wherein the assigning comprises;
  
  identifying a first subset of the fields with user selectable inheritance, wherein the field level security for each field of the first subset of the fields is determined based at least in part on inheriting security from one or more source fields associated with the first subset of the fields extracted from the one or more secured, primary database sources; and
  
  identifying a second subset of the fields with pinnable inheritance, wherein the field level security for each field of the second subset of the fields is determined based at least in part on a user pinning inheritance of field level security for the second subset of the fields to reference fields, wherein the reference fields are bound to one or more attributes in the one or more secured, primary database sources and are distinct from the second subset of the fields;
  
  compiling the fields with the assigned field level security to obtain compiled fields, wherein the compiled fields support real-time querying by a dashboard for display in a graphical user interface (GUI);
  
  storing the compiled fields in one or more analytical, read-only databases, wherein the one or more analytical, read-only databases are distinct from the one or more secured, primary database sources;
  
  receiving a request for query results from a user; and
  
  producing, for display in the GUI, the query results from the compiled fields supporting the real-time querying based at least in part on the assigned field level security and subject to field level security permissions of the user.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
- - 2. The method of claim 1, further comprising:
    - receiving additional fields as unsecured data sets; and
      
      assigning additional field level security to the received additional fields by combining user selectable explicit specification of the additional field level security for the received additional fields with pinnable inheritance of the additional field level security for the received additional fields to additional reference fields in the one or more secured, primary database sources, wherein the additional reference fields are distinct from the received additional fields and the extracted fields.
  - 3. The method of claim 1, wherein assigning the field level security to the fields further comprises:
    - assigning the field level security by overriding inheritance of field level security from the one or more secured, primary database sources with explicit specification of the field level security.
  - 4. The method of claim 1,wherein supporting the real-time querying comprises the one or more analytical, read-only databases implementing response times of under two seconds when searching over twenty million records and compiling aggregate statistics from selected records.
  - 5. The method of claim 1, further comprising:
    - calculating a new field from data in two or more fields in the one or more secured, primary database sources; and
      
      calculating field level security in the new field based on a combination of field level security settings in the two or more fields.
  - 6. The method of claim 1, further comprising:
    - joining data from two or more objects in the one or more secured, primary database sources; and
      
      calculating field level security in one or more fields in the joined data based on a combination of field level security settings in the two or more objects.
  - 7. The method of claim 1, further comprising:
    - flagging user-selected reference fields in the one or more secured, primary database sources as a basis for pinning; and
      
      causing display of a user interface that lists the flagged reference fields and enables user pinning of the second subset of the fields to the reference fields.
  - 8. The method of claim 1, wherein a specification for extracting the fields of data includes an advanced search comprising a user-entered string recognized as a field to which the user does not have field level access, the method further comprising:
    - treating the recognized string as not recognized.
  - 9. The method of claim 1, further comprising:
    - caching current values of the field level security for the fields in the one or more analytical, read-only databases for a limited time before querying for an update to the current values.

10. A system including at least one server comprising one or more processors and memory coupled to the processors, the memory comprising computer instructions that, when executed on the processors, cause the system to:
- extract fields of data from one or more secured, primary database sources on a batch basis;
  
  assign field level security to the fields, wherein the assigning comprises;
  
  identifying a first subset of the fields with user selectable inheritance, wherein the field level security for each field of the first subset of the fields is determined based at least in part on inheriting security from one or more source fields associated with the first subset of the fields extracted from the one or more secured, primary database sources; and
  
  identifying a second subset of the fields with pinnable inheritance, wherein the field level security for each field of the second subset of the fields is determined based at least in part on a user pinning inheritance of field level security for the second subset of the fields to reference fields, wherein the reference fields are bound to one or more attributes in the one or more secured, primary database sources and are distinct from the second subset of the fields;
  
  compile the fields with the assigned field level security to obtain compiled fields, wherein the compiled fields support real-time querying by a dashboard for display in a graphical user interface (GUI);
  
  store the compiled fields in one or more analytical, read-only databases, wherein the one or more analytical, read-only databases are distinct from the one or more secured, primary database sources;
  
  receive a request for query results from a user; and
  
  produce, for display in the GUI, the query results from the compiled fields supporting the real-time querying based at least in part on the assigned field level security and subject to field level security permissions of the user.
- View Dependent Claims (11, 12, 13, 14, 15, 16, 17, 18)
- - 11. The system of claim 10, wherein the memory comprises further computer instructions that, when executed on the processors, cause the system to:
    - receive additional fields as unsecured data sets; and
      
      assign additional field level security to the received additional fields by combining user selectable explicit specification of the additional field level security for the received additional fields with pinnable inheritance of the additional field level security for the received additional fields to additional reference fields in the one or more secured, primary database sources, wherein the additional reference fields are distinct from the received additional fields and the extracted fields.
  - 12. The system of claim 10, wherein assigning the field level security to the fields further comprises:
    - assigning the field level security by overriding inheritance of field level security from the one or more secured, primary database sources with explicit specification of the field level security.
  - 13. The system of claim 10, wherein the one or more analytical, read-only databases implement response times of under two seconds when searching over twenty million records and compiling aggregate statistics from selected records.
  - 14. The system of claim 10, wherein the memory comprises further computer instructions that, when executed on the processors, cause the system to:
    - calculate a new field from data in two or more fields in the one or more secured, primary database sources; and
      
      calculate field level security in the new field based on a combination of field level security settings in the two or more fields.
  - 15. The system of claim 10, wherein the memory comprises further computer instructions that, when executed on the processors, cause the system to:
    - join data from two or more objects in the one or more secured, primary database sources; and
      
      calculate field level security in one or more fields in the joined data based on a combination of field level security settings in the two or more objects.
  - 16. The system of claim 10, wherein the memory comprises further computer instructions that, when executed on the processors, cause the system to:
    - flag user-selected reference fields in the one or more secured, primary database sources as a basis for pinning; and
      
      cause display of a user interface that lists the flagged reference fields and enables user pinning of the second subset of the fields to the reference fields.
  - 17. The system of claim 10, wherein a specification for extracting the fields of data includes an advanced search comprising a user-entered string recognized as a field to which the user does not have field level access, the memory further comprising computer instructions that, when executed on the processors, cause the system to:
    - treat the recognized string as not recognized.
  - 18. The system of claim 10, wherein the memory comprises further computer instructions that, when executed on the processors, cause the system to:
    - cache current values of the field level security for the fields in the one or more analytical, read-only databases for a limited time before querying for an update to the current values.

19. One or more non-transitory tangible computer readable media impressed with instructions that are executable by a computer device and one or more servers to:
- extract fields of data from one or more secured, primary database sources on a batch basis;
  
  assign field level security to the fields, wherein the assigning comprises;
  
  identifying a first subset of the fields with user selectable inheritance, wherein the field level security for each field of the first subset of the fields is determined based at least in part on inheriting security from one or more source fields associated with the first subset of the fields extracted from the one or more secured, primary database sources; and
  
  identifying a second subset of the fields with pinnable inheritance, wherein the field level security for each field of the second subset of the fields is determined based at least in part on a user pinning inheritance of field level security for the second subset of the fields to reference fields, wherein the reference fields are bound to one or more attributes in the one or more secured, primary database sources and are distinct from the second subset of the fields;
  
  compile the fields with the assigned field level security to obtain compiled fields, wherein the compiled fields support real-time querying by a dashboard for display in a graphical user interface (GUI);
  
  store the compiled fields in one or more analytical, read-only databases, wherein the one or more analytical, read-only databases are distinct from the one or more secured, primary database sources;
  
  receive a request for query results from a user; and
  
  produce, for display in the GUI, the query results from the compiled fields supporting the real-time querying based at least in part on the assigned field level security and subject to field level security permissions of the user.
- View Dependent Claims (20, 21, 22, 23, 24, 25)
- - 20. The one or more tangible computer readable media of claim 19, wherein the instructions are further executable by the computer device and the one or more servers to:
    - receive additional fields as unsecured data sets; and
      
      assign additional field level security to the received additional fields by combining user selectable explicit specification of the additional field level security for the received additional fields with pinnable inheritance of the additional field level security for the received additional fields to additional reference fields in the one or more secured, primary database sources, wherein the additional reference fields are distinct from the received additional fields and the extracted fields.
  - 21. The one or more tangible computer readable media of claim 19, wherein assigning the field level security to the fields further comprises:
    - assigning the field level security by overriding inheritance of field level security from the one or more secured, primary database sources with explicit specification of the field level security.
  - 22. The one or more tangible computer readable media of claim 19, wherein the one or more analytical, read-only databases implement response times of under two seconds when searching over twenty million records and compiling aggregate statistics from selected records.
  - 23. The one or more tangible computer readable media of claim 19, wherein the instructions are further executable by the computer device and the one or more servers to:
    - calculate a new field from data in two or more fields in the one or more secured, primary database sources; and
      
      calculate field level security in the new the field based on a combination of field level security settings in the two or more fields.
  - 24. The one or more tangible computer readable media of claim 19, wherein the instructions are further executable by the computer device and the one or more servers to:
    - join data from two or more objects in the one or more secured, primary database sources; and
      
      calculate field level security in one or more fields in the joined data based on a combination of field level security settings in the two or more objects.
  - 25. The one or more tangible computer readable media of claim 19, wherein the instructions are further executable by the computer device and the one or more servers to:
    - flag user-selected reference fields in the one or more secured, primary database sources as a basis for pinning; and
      
      cause display of a user interface that lists the flagged reference fields and enables user pinning of the second subset of the fields to the reference fields.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Salesforce.com, Inc.
Original Assignee
Salesforce.com, Inc.
Inventors
Timmerman, Jan Michael, Schneider, Donovan, Gitelman, Alex
Primary Examiner(s)
Alam, Hosain T
Assistant Examiner(s)
Allen, Nicholas E

Application Number

US15/099,533
Publication Number

US 20170300712A1
Time in Patent Office

1,552 Days
Field of Search

707785
US Class Current
CPC Class Codes

G06F 16/23   Updating

G06F 16/2456   Join operations

G06F 16/25   Integrating or interfacing ...

G06F 16/283   Multi-dimensional databases...

G06F 16/9535   Search customisation based ...

G06F 16/9538   Presentation of query results

G06F 21/6227   where protection concerns t...

Fine grain security for analytic data sets

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

194 Citations

25 Claims

Specification

Use Cases

Quick Links

Others

Fine grain security for analytic data sets

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

194 Citations

25 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others