Methods and systems for protecting shared tables against unauthorized overwriting from a tenant space in a mega-tenancy environment

US 20080162483A1
Filed: 12/29/2006
Published: 07/03/2008
Est. Priority Date: 12/29/2006
Status: Abandoned Application

First Claim

Patent Images

1. A method of assigning a permission to a tenant in a provider-tenant system, comprising:

selecting the tenant from a plurality of tenants in the provider-tenant system;

determining a set of data structures accessible to the plurality of tenants;

assigning the permission to the tenant, wherein the permission is associated with a subset of the set of data structures; and

storing the permission at a provider database.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Embodiments of methods and systems consistent with the present invention prevent unauthorized overwriting of shared data by tenants in a provider-tenant system by granting and verifying permissions associated with the tenant. Permissions may be related to table links to shared data stored at a provider database. Thus, tenants may write only to certain designated data structures or groups of data structures, and any attempted unauthorized access creates an exception.

65 Citations

View as Search Results

20 Claims

1. A method of assigning a permission to a tenant in a provider-tenant system, comprising:
- selecting the tenant from a plurality of tenants in the provider-tenant system;
  
  determining a set of data structures accessible to the plurality of tenants;
  
  assigning the permission to the tenant, wherein the permission is associated with a subset of the set of data structures; and
  
  storing the permission at a provider database.
- View Dependent Claims (2, 3, 4, 5, 6)
- - 2. The method of claim 1, further comprising:
    - assigning the permission to a group of users associated with the tenant.
  - 3. The method of claim 1, further comprising:
    - determining a second set of data structures accessible only to the tenant; and
      
      assigning a different permission to the tenant associated with the second set of data structures.
  - 4. The method of claim 1, wherein the permission allows the tenant to write to the set of data structures.
  - 5. The method of claim 1, wherein the permission prevents the tenant from writing to the set of data structures.
  - 6. The method of claim 1, further comprising:
    - storing the permission at a server associated with the tenant.

7. A method for a provider to protect a data structure at a provider database, wherein each of a plurality of tenants has varying levels of permissions to access the data structure, the method comprising:
- receiving, from a first tenant of the plurality of tenants, a data request identifying the data structure;
  
  querying, based on the data request, a tenant database associated with the first tenant for the data structure;
  
  determining, based on the data request, that the data structure is located at the provider database;
  
  determining the level of permission based on the data request and the first tenant; and
  
  redirecting the data request to the provider database based on a data structure link reflecting a logical connection to an address of the data structure.
- View Dependent Claims (8, 9, 10, 11, 12, 13, 14, 15, 16)
- - 8. The method of claim 7, further comprising:
    - verifying the level of permission is valid based on the data request, the first tenant, and a list of permissions associated with the first tenant at the provider database.
  - 9. The method of claim 7, further comprising:
    - determining the level of permission is not valid based on the data request, the first tenant, and a list of permissions associated with the first tenant at the provider database; and
      
      sending an error message to the first tenant.
  - 10. The method of claim 7, further comprising:
    - retrieving the level of permission associated with the first tenant after receiving the data request.
  - 11. The method of claim 7, further comprising:
    - storing the level of permission at a server associated with the first tenant.
  - 12. The method of claim 7, further comprising:
    - assigning the level of permission to a group of users associated with the first tenant.
  - 13. The method of claim 7, further comprising:
    - assigning the level of permission to the first tenant according to a business application associated with the first tenant.
  - 14. The method of claim 7, further comprising:
    - assigning the level of permission to a group of users associated with the first tenant.
  - 15. The method of claim 7, wherein the level of permission allows the first tenant to write to the set of data structures.
  - 16. The method of claim 7, wherein the level of permission prevents the first tenant from writing to the set of data structures.

17. A system of assigning permissions to a tenant in a provider-tenant system, comprising:
- means for selecting the tenant from a plurality of tenants in the provider-tenant system;
  
  means for determining a set of data structures accessible to the plurality of tenants;
  
  means for assigning the permission to the tenant, wherein the permission is associated with a subset of the set of data structures; and
  
  means for storing the permission at a provider database.
- View Dependent Claims (18, 19, 20)
- - 18. The system of claim 17, further comprising:
    - means for assigning the permission to a group of users associated with the tenant.
  - 19. The system of claim 17, further comprising:
    - means for determining a second set of data structures accessible only to the tenant; and
      
      means for assigning a different permission to the tenant associated with the second set of data structures.
  - 20. The system of claim 17, wherein the permission allows the tenant to write to the set of data structures.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
SAP AG (SAP SE)
Original Assignee
SAP AG (SAP SE)
Inventors
Gruener, Alex, Becker, Wolfgang A.

Application Number

US11/647,570
Publication Number

US 20080162483A1
Time in Patent Office

Days
Field of Search
US Class Current

707/9
CPC Class Codes

G06F 16/27   Replication, distribution o...

G06F 21/6218   to a system of files or obj...

G06F 21/6227   where protection concerns t...

G06F 2221/2147   Locking files

Methods and systems for protecting shared tables against unauthorized overwriting from a tenant space in a mega-tenancy environment

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

65 Citations

20 Claims

Specification

Use Cases

Quick Links

Others

Methods and systems for protecting shared tables against unauthorized overwriting from a tenant space in a mega-tenancy environment

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

65 Citations

20 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others