Soap-based Web services in a multi-tenant database system
First Claim
1. A method of dynamically generating a network communication contract in a multi-tenant database server for use between the server and a client system, the method comprising:
- receiving an authentication request from a client system for a specific user;
responsive to the authentication request, determining a set of objects available to the specific user in the multi-tenant database using one or more metadata tables that describe objects available in the multi-tenant database for each of a plurality of users;
automatically creating a communication contract for the specific user, the contract including an identification of parameters and properties required for accessing each object in said set of objects available to the specific user;
sending the communication contract to the client system; and
receiving an access request from the client system, the access request identifying a specific object to be accessed, wherein the server only allows access to the specific object if the access request from the client system adheres to the properties and parameters identified in the contract for that object.
1 Assignment
0 Petitions
Accused Products
Abstract
Systems and methods for generating dynamic communication contracts in a multi-tenant database system based on the datamodel of the user using the service. The communication contract contains objects, e.g., SOAP-objects, custom to the specific user'"'"'s datamodel, including standard objects customized to the user'"'"'s own security model and business purpose as well as entirely unique custom objects that are created by the user and available to only the user'"'"'s organization. A database server queries the database for all objects available to that user (standard and custom), and all the fields on all those objects that are available to that user. The server iterates over the set of objects and each of their sets of fields and generates a contract that is specifically tailored to the user'"'"'s own datamodel and field level security. The unique contract can be used to communicate with the server to access information in the user'"'"'s own schema. For server-side implementation, all SOAP-objects—standard or custom—are translated across all users into a singular programmatic object on the server, which acts as a datamodel dictionary and which is used for looking up datamodel information for any given user and for any given object available to that user. With this datamodel information, the Web service performs access checking of the SOAP object against the given customer making a request, ensuring both the object and the fields on that object are defined and accessible to the user.
-
Citations
27 Claims
-
1. A method of dynamically generating a network communication contract in a multi-tenant database server for use between the server and a client system, the method comprising:
-
receiving an authentication request from a client system for a specific user;
responsive to the authentication request, determining a set of objects available to the specific user in the multi-tenant database using one or more metadata tables that describe objects available in the multi-tenant database for each of a plurality of users;
automatically creating a communication contract for the specific user, the contract including an identification of parameters and properties required for accessing each object in said set of objects available to the specific user;
sending the communication contract to the client system; and
receiving an access request from the client system, the access request identifying a specific object to be accessed, wherein the server only allows access to the specific object if the access request from the client system adheres to the properties and parameters identified in the contract for that object. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
-
-
12. A method of creating a datamodel dictionary for use in communicating with a plurality of users in a multi-tenant database system, comprising:
-
accessing a plurality of metadata tables, each metadata table describing one or more objects available to one or more of said plurality of users in the database system; and
building a single datamodel object using said plurality of metadata tables, said datamodel object including access information for all of said objects available to all of said users across all of said tenants, wherein said access information includes, for each object, information identifying one or more users that are allowed to access the object and the parameters and properties required for a client system to access the object. - View Dependent Claims (13)
-
-
14. A computer readable medium storing code for controlling a multi-tenant database system to dynamically generate a network communication contract for use in communicating between the database system and a plurality of client systems, the code including instructions to:
-
receive an authentication request from a client system for a specific user;
responsive to the authentication request, determine a set of objects available to the specific user in the multi-tenant database using one or more metadata tables that describe objects available in the multi-tenant database for each of a plurality of users;
automatically generate a communication contract for the specific user, the contract including an identification of parameters and properties required for accessing each object in said set of objects available to the specific user;
send the communication contract to the client system; and
receive an access request from the client system, the access request identifying a specific object to be accessed, wherein the database system only allows access to the specific object if the access request from the client system adheres to the properties and parameters identified in the contract for that object. - View Dependent Claims (15, 16, 17, 18, 19, 20, 21, 22, 23, 24)
-
-
25. A multi-tenant database system, comprising:
-
a database for storing multi-tenant database objects;
one or more processors; and
a database management process executing on the one or more processors, the process configured to;
receive an authentication request from a client system for a specific user;
responsive to the authentication request, determine a set of objects available to the specific user in the multi-tenant database using one or more metadata tables that describe objects available in the multi-tenant database for each of a plurality of users;
automatically generate a communication contract for the specific user, the contract including an identification of parameters and properties required for accessing each object in said set of objects available to the specific user;
send the communication contract to the client system; and
receive an access request from the client system, the access request identifying a specific object to be accessed, wherein the database system only allows access to the specific object if the access request from the client system adheres to the properties and parameters identified in the contract for that object.
-
-
26. A computer readable medium storing code for controlling a processor in a multi-tenant database system to build a datamodel dictionary for use in communicating with a plurality of users, the code including instructions to:
-
access a plurality of metadata tables, each metadata table describing one or more objects available to one or more of said plurality of users in the database system; and
build a single datamodel object using said plurality of metadata tables, said datamodel object including access information for all of said objects available to all of said users across all of said tenants, wherein said access information includes, for each object, information identifying one or more users that are allowed to access the object and the parameters and properties required for a client system to access the object.
-
-
27. A multi-tenant database system, comprising:
-
a database for storing multi-tenant database objects;
one or more processors; and
a database management process executing on the one or more processors, the process configured to;
access a plurality of metadata tables, each metadata table describing one or more objects available to one or more of said plurality of users in the database system; and
build a single datamodel object using said plurality of metadata tables, said datamodel object including access information for all of said objects available to all of said users across all of said tenants, wherein said access information includes, for each object, information identifying one or more users that are allowed to access the object and the parameters and properties required for a client system to access the object.
-
Specification