Soap-based Web services in a multi-tenant database system

US 20050283478A1
Filed: 06/16/2004
Published: 12/22/2005
Est. Priority Date: 06/16/2004
Status: Active Grant

First Claim

Patent Images

1. A method of dynamically generating a network communication contract in a multi-tenant database server for use between the server and a client system, the method comprising:

receiving an authentication request from a client system for a specific user;

responsive to the authentication request, determining a set of objects available to the specific user in the multi-tenant database using one or more metadata tables that describe objects available in the multi-tenant database for each of a plurality of users;

automatically creating a communication contract for the specific user, the contract including an identification of parameters and properties required for accessing each object in said set of objects available to the specific user;

sending the communication contract to the client system; and

receiving an access request from the client system, the access request identifying a specific object to be accessed, wherein the server only allows access to the specific object if the access request from the client system adheres to the properties and parameters identified in the contract for that object.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Systems and methods for generating dynamic communication contracts in a multi-tenant database system based on the datamodel of the user using the service. The communication contract contains objects, e.g., SOAP-objects, custom to the specific user'"'"'s datamodel, including standard objects customized to the user'"'"'s own security model and business purpose as well as entirely unique custom objects that are created by the user and available to only the user'"'"'s organization. A database server queries the database for all objects available to that user (standard and custom), and all the fields on all those objects that are available to that user. The server iterates over the set of objects and each of their sets of fields and generates a contract that is specifically tailored to the user'"'"'s own datamodel and field level security. The unique contract can be used to communicate with the server to access information in the user'"'"'s own schema. For server-side implementation, all SOAP-objects—standard or custom—are translated across all users into a singular programmatic object on the server, which acts as a datamodel dictionary and which is used for looking up datamodel information for any given user and for any given object available to that user. With this datamodel information, the Web service performs access checking of the SOAP object against the given customer making a request, ensuring both the object and the fields on that object are defined and accessible to the user.

Citations

27 Claims

1. A method of dynamically generating a network communication contract in a multi-tenant database server for use between the server and a client system, the method comprising:
- receiving an authentication request from a client system for a specific user;
  
  responsive to the authentication request, determining a set of objects available to the specific user in the multi-tenant database using one or more metadata tables that describe objects available in the multi-tenant database for each of a plurality of users;
  
  automatically creating a communication contract for the specific user, the contract including an identification of parameters and properties required for accessing each object in said set of objects available to the specific user;
  
  sending the communication contract to the client system; and
  
  receiving an access request from the client system, the access request identifying a specific object to be accessed, wherein the server only allows access to the specific object if the access request from the client system adheres to the properties and parameters identified in the contract for that object.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
- - 2. The method of claim 1, further including validating the specific user prior to determining a set of available objects.
  - 3. The method of claim 1, wherein determining includes accessing said one or more metadata tables and identifying all objects associated with the specific user.
  - 4. The method of claim 3, further including traversing all objects in the metadata tables in an order.
  - 5. The method of claim 1, wherein sending includes serializing the communication contract.
  - 6. The method of claim 1, wherein determining includes:
    - building a datamodel dictionary using said one or more metadata tables, said datamodel dictionary identifying the set of objects available for each of said plurality of users; and
      
      responsive to the authentication request, checking the datamodel dictionary to determine the set of objects available to the specific user.
  - 7. The method of claim 6, wherein each object includes a plurality of fields, and wherein the datamodel dictionary also identifies, for each object, the fields available to each of said plurality of users, and wherein checking includes determining the fields available to the specific user for the set of objects available to the specific user.
  - 8. The method of claim 1, wherein the access request includes a method call selected from the group consisting of an update call, a query call and an insert call.
  - 9. The method of claim 1, wherein the contract is a SOAP contract.
  - 10. The method of claim 1, further including:
    - receiving a describe object request from the client system, the describe object request identifying a specific object; and
      
      returning an object to the client system including detailed information for the specific object.
  - 11. The method of claim 10, wherein the detailed information includes one or more of information identifying the specific object, operations that can be performed on the specific object and information about the set of fields available for the specific object.

12. A method of creating a datamodel dictionary for use in communicating with a plurality of users in a multi-tenant database system, comprising:
- accessing a plurality of metadata tables, each metadata table describing one or more objects available to one or more of said plurality of users in the database system; and
  
  building a single datamodel object using said plurality of metadata tables, said datamodel object including access information for all of said objects available to all of said users across all of said tenants, wherein said access information includes, for each object, information identifying one or more users that are allowed to access the object and the parameters and properties required for a client system to access the object.
- View Dependent Claims (13)
- - 13. The method of claim 12, further comprising:
    - receiving a request from a client system to access an object in the database; and
      
      checking the request using the datamodel dictionary to determine whether the request is valid.

14. A computer readable medium storing code for controlling a multi-tenant database system to dynamically generate a network communication contract for use in communicating between the database system and a plurality of client systems, the code including instructions to:
- receive an authentication request from a client system for a specific user;
  
  responsive to the authentication request, determine a set of objects available to the specific user in the multi-tenant database using one or more metadata tables that describe objects available in the multi-tenant database for each of a plurality of users;
  
  automatically generate a communication contract for the specific user, the contract including an identification of parameters and properties required for accessing each object in said set of objects available to the specific user;
  
  send the communication contract to the client system; and
  
  receive an access request from the client system, the access request identifying a specific object to be accessed, wherein the database system only allows access to the specific object if the access request from the client system adheres to the properties and parameters identified in the contract for that object.
- View Dependent Claims (15, 16, 17, 18, 19, 20, 21, 22, 23, 24)
- - 15. The computer readable medium of claim 14, wherein the code further includes instructions to validate the specific user prior to determining a set of available objects.
  - 16. The computer readable medium of claim 14, wherein the code is executed in one or more processors in the database system.
  - 17. The computer readable medium of claim 14, wherein the instructions to determine includes instructions to access said one or more metadata tables and identify all objects associated with the specific user.
  - 18. The computer readable medium of claim 17, wherein the code further includes instructions to traverse all objects in the metadata tables in an order.
  - 19. The computer readable medium of claim 14, wherein the instructions to send includes instructions to serialize the communication contract.
  - 20. The computer readable medium of claim 14, wherein the instructions to determine includes instructions to:
    - build a datamodel dictionary using said one or more metadata tables, said datamodel dictionary identifying the set of objects available for each of said plurality of users; and
      
      responsive to the authentication request, check the datamodel dictionary to determine the set of objects available to the specific user.
  - 21. The computer readable medium of claim 20, wherein each object includes a plurality of fields, and wherein the datamodel dictionary also identifies, for each object, the fields available to each of said plurality of users, and wherein checking includes determining the fields available to the specific user for the set of objects available to the specific user.
  - 22. The computer readable medium of claim 14, wherein the code further includes instructions to return an object to the client system including detailed information for a specific object in response to receiving a describe object request from the client system, the describe object request identifying the specific object.
  - 23. The computer readable medium of claim 22, wherein the detailed information includes one or more of information identifying the specific object, operations that can be performed on the specific object and information about the set of fields available for the specific object.
  - 24. The computer readable medium of claim 14, wherein the access request includes a method call selected from the group consisting of an update call, a query call and an insert call.

25. A multi-tenant database system, comprising:
- a database for storing multi-tenant database objects;
  
  one or more processors; and
  
  a database management process executing on the one or more processors, the process configured to;
  
  receive an authentication request from a client system for a specific user;
  
  responsive to the authentication request, determine a set of objects available to the specific user in the multi-tenant database using one or more metadata tables that describe objects available in the multi-tenant database for each of a plurality of users;
  
  automatically generate a communication contract for the specific user, the contract including an identification of parameters and properties required for accessing each object in said set of objects available to the specific user;
  
  send the communication contract to the client system; and
  
  receive an access request from the client system, the access request identifying a specific object to be accessed, wherein the database system only allows access to the specific object if the access request from the client system adheres to the properties and parameters identified in the contract for that object.

26. A computer readable medium storing code for controlling a processor in a multi-tenant database system to build a datamodel dictionary for use in communicating with a plurality of users, the code including instructions to:
- access a plurality of metadata tables, each metadata table describing one or more objects available to one or more of said plurality of users in the database system; and
  
  build a single datamodel object using said plurality of metadata tables, said datamodel object including access information for all of said objects available to all of said users across all of said tenants, wherein said access information includes, for each object, information identifying one or more users that are allowed to access the object and the parameters and properties required for a client system to access the object.

27. A multi-tenant database system, comprising:
- a database for storing multi-tenant database objects;
  
  one or more processors; and
  
  a database management process executing on the one or more processors, the process configured to;
  
  access a plurality of metadata tables, each metadata table describing one or more objects available to one or more of said plurality of users in the database system; and
  
  build a single datamodel object using said plurality of metadata tables, said datamodel object including access information for all of said objects available to all of said users across all of said tenants, wherein said access information includes, for each object, information identifying one or more users that are allowed to access the object and the parameters and properties required for a client system to access the object.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Salesforce.com, Inc.
Original Assignee
Salesforce.com, Inc.
Inventors
Choi, Ryan, Weissman, Craig

Granted Patent

US 8,533,229 B2
Time in Patent Office

Days
Field of Search
US Class Current

1/1
CPC Class Codes

H04L 67/02 based on web technology, e....

Soap-based Web services in a multi-tenant database system

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

27 Claims

Specification

Solutions

Use Cases

Quick Links

Soap-based Web services in a multi-tenant database system

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

27 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links