Methods and systems for protecting shared tables against unauthorized overwriting from a tenant space in a mega-tenancy environment
First Claim
Patent Images
1. A method of assigning a permission to a tenant in a provider-tenant system, comprising:
- selecting the tenant from a plurality of tenants in the provider-tenant system;
determining a set of data structures accessible to the plurality of tenants;
assigning the permission to the tenant, wherein the permission is associated with a subset of the set of data structures; and
storing the permission at a provider database.
1 Assignment
0 Petitions
Accused Products
Abstract
Embodiments of methods and systems consistent with the present invention prevent unauthorized overwriting of shared data by tenants in a provider-tenant system by granting and verifying permissions associated with the tenant. Permissions may be related to table links to shared data stored at a provider database. Thus, tenants may write only to certain designated data structures or groups of data structures, and any attempted unauthorized access creates an exception.
65 Citations
20 Claims
-
1. A method of assigning a permission to a tenant in a provider-tenant system, comprising:
-
selecting the tenant from a plurality of tenants in the provider-tenant system; determining a set of data structures accessible to the plurality of tenants; assigning the permission to the tenant, wherein the permission is associated with a subset of the set of data structures; and storing the permission at a provider database. - View Dependent Claims (2, 3, 4, 5, 6)
-
-
7. A method for a provider to protect a data structure at a provider database, wherein each of a plurality of tenants has varying levels of permissions to access the data structure, the method comprising:
-
receiving, from a first tenant of the plurality of tenants, a data request identifying the data structure; querying, based on the data request, a tenant database associated with the first tenant for the data structure; determining, based on the data request, that the data structure is located at the provider database; determining the level of permission based on the data request and the first tenant; and redirecting the data request to the provider database based on a data structure link reflecting a logical connection to an address of the data structure. - View Dependent Claims (8, 9, 10, 11, 12, 13, 14, 15, 16)
-
-
17. A system of assigning permissions to a tenant in a provider-tenant system, comprising:
-
means for selecting the tenant from a plurality of tenants in the provider-tenant system; means for determining a set of data structures accessible to the plurality of tenants; means for assigning the permission to the tenant, wherein the permission is associated with a subset of the set of data structures; and means for storing the permission at a provider database. - View Dependent Claims (18, 19, 20)
-
Specification