METHODS AND SYSTEMS FOR CONTROLLING ACCESS TO CUSTOM OBJECTS IN A DATABASE
First Claim
1. A method for controlling access to custom objects in a database, wherein the database stores data specific to each one of a plurality of tenants such that at least two of the tenants store at least a portion of data specific to the at least two tenants in a common table within the database and wherein each tenant is permitted access only to data associated with that tenant, and wherein each tenant has one or more users, the method comprising(a) receiving, from a user associated with a first tenant, a request to access data of a first custom object in the database, wherein the common table includes at least two custom objects associated with the first tenant, and wherein the at least two custom objects each contain one or more data types specified by the first tenant;
- (b) identifying a key associated with the first custom object;
(c) searching only that portion of a custom entity share table appropriate to the key to locate access information for the first custom object;
(d) determining whether the user has permission to access at least a portion of the custom object based at least in part on the access information; and
(e) sending, to the user, the requested data of the first custom object to which the user has permission to access.
1 Assignment
0 Petitions
Accused Products
Abstract
In embodiments, methods and systems for controlling access to custom objects are provided. These techniques for controlling access to custom objects can enable embodiments to utilize a key for the protection of the security of data that is to remain private while not compromising efficiency of a query. The key for a requested custom object is identified and then used so that only an appropriate portion of a custom entity share table is searched to locate access information. It is then determined whether the user can access at least a portion of the custom object, and the appropriate and allowed data is sent to the user.
213 Citations
20 Claims
-
1. A method for controlling access to custom objects in a database, wherein the database stores data specific to each one of a plurality of tenants such that at least two of the tenants store at least a portion of data specific to the at least two tenants in a common table within the database and wherein each tenant is permitted access only to data associated with that tenant, and wherein each tenant has one or more users, the method comprising
(a) receiving, from a user associated with a first tenant, a request to access data of a first custom object in the database, wherein the common table includes at least two custom objects associated with the first tenant, and wherein the at least two custom objects each contain one or more data types specified by the first tenant; -
(b) identifying a key associated with the first custom object; (c) searching only that portion of a custom entity share table appropriate to the key to locate access information for the first custom object; (d) determining whether the user has permission to access at least a portion of the custom object based at least in part on the access information; and (e) sending, to the user, the requested data of the first custom object to which the user has permission to access. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13)
-
-
14. A method for transmitting code, over a machine accessible transmission medium, to control access to custom objects in a database, wherein the database stores data specific to each one of a plurality of tenants such that at least two of the tenants store at least a portion of data specific to the at least two tenants in a common table within the database and wherein each tenant is permitted access only to data associated with that tenant, and wherein each tenant has one or more users, the method including:
-
(a) transmitting code that causes one or more processors to receive, from a user associated with a first tenant, a request to access data of a first custom object in the database, wherein the common table includes at least two custom objects associated with the first tenant, and wherein the at least two custom objects each contain one or more data types specified by the first tenant; (b) transmitting code that causes one or more processors to identify a key associated with the first custom object; (c) transmitting code that causes one or more processors to search only that portion of a custom entity share table appropriate to the key to locate access information for the first custom object; (d) transmitting code that causes one or more processors to determine whether the user has permission to access at least a portion of the custom object based at least in part on the access information; and (e) transmitting code that causes one or more processors to send, to the user, the requested data of the first custom object to which the user has permission to access. - View Dependent Claims (15, 16, 17)
-
-
18. A multi-tenant database system comprising:
-
a database that stores data specific to each one of a plurality of tenants such that at least two of the tenants store at least a portion of data specific to the at least two tenants in a common table within the database, wherein each tenant is permitted access only to data associated with that tenant, and wherein each tenant has one or more users; an input that receives, from a user associated with a first tenant, a request to access data of a first custom object in the database, wherein the common table includes at least two custom objects associated with the first tenant, wherein the at least two custom objects each contain one or more data types specified by the first tenant, and wherein the database contains a custom entity share table containing access information for the custom objects; logic for identifying a key associated with the first custom object; an optimized query module that searches only that portion of the custom entity share table appropriate to the key to locate access information for the first custom object; logic for determining whether the user has permission to access at least a portion of the custom object based at least in part on the access information; and an output that sends, to the user, the requested data of the first custom object to which the user has permission to access. - View Dependent Claims (19, 20)
-
Specification