JUST-IN-TIME USER PROVISIONING FRAMEWORK IN A MULTITENANT ENVIRONMENT
First Claim
1. A method of provisioning organization users in a multi-tenant database system, including:
- receiving a request via a single sign-on protocol from an organization user to create a new multi-tenant database user account for access to the multi-tenant database system;
retrieving rules that specify how to derive user permissions for access to the multi-tenant database system from stored user attributes of the organization user;
applying the rules to the stored user attributes to determine permissions for the user to access particular objects in the multi-tenant database system; and
creating the new user account with the determined user permissions for access to the multi-tenant database system.
1 Assignment
0 Petitions
Accused Products
Abstract
A method of provisioning organization users in a multi-tenant database system includes receiving a request via a single sign-on protocol from an organization user to create a new multi-tenant database user account for access to the multi-tenant database system. The method retrieves rules that specify how to derive user permissions for access to the multi-tenant database system from stored user attributes of the organization user. The method continues with applying the rules to the stored user attributes to determine permissions for the users to access particular objects in the multi-tenant database system, and creating the new user account with the determined user permissions for access to the multi-tenant database system.
52 Citations
21 Claims
-
1. A method of provisioning organization users in a multi-tenant database system, including:
-
receiving a request via a single sign-on protocol from an organization user to create a new multi-tenant database user account for access to the multi-tenant database system; retrieving rules that specify how to derive user permissions for access to the multi-tenant database system from stored user attributes of the organization user; applying the rules to the stored user attributes to determine permissions for the user to access particular objects in the multi-tenant database system; and creating the new user account with the determined user permissions for access to the multi-tenant database system. - View Dependent Claims (2, 3, 4)
-
-
5. A method of initializing rules for provisioning organization users in a multi-tenant database system, including:
-
receiving data specifying rules to apply when setting up an organization user as a new multi-tenant database user, wherein the rules specify how to derive user permissions to access particular objects in the multi-tenant database system from attributes of the organization user stored in an organization directory; and storing the rules with a system user profile, wherein the profiled system user has limited rights to create new multi-tenant database users and to determine the new multi-tenant database user'"'"'s permissions to access the particular objects based on applying the rules to the attributes of the organization user as stored in the organization directory. - View Dependent Claims (6, 7)
-
-
8. A computer system for provisioning organization users in a multi-tenant database system, the computer system including one or more processors configured to perform operations including:
-
receiving a request via a single sign-on protocol from an organization user to create a new multi-tenant database user account for access to the multi-tenant database system; retrieving rules that specify how to derive user permissions for access to the multi-tenant database system from stored user attributes of the organization user; applying the rules to the stored user attributes to determine permissions for the user to access particular objects in the multi-tenant database system; and creating the new user account with the determined user permissions for access to the multi-tenant database system. - View Dependent Claims (9, 10, 11)
-
-
12. A computer system for initializing rules for provisioning organization users in a multi-tenant database system, the computer system including one or more processors configured to perform operations including:
-
receiving data specifying rules to apply when setting up an organization user as a new multi-tenant database user, wherein the rules specify how to derive user permissions to access particular objects in the multi-tenant database system from attributes of the organization user stored in an organization directory; and storing the rules with a system user profile, wherein the profiled system user has limited rights to create new multi-tenant database users and to determine the new multi-tenant database user'"'"'s permissions to access the particular objects based on applying the rules to the attributes of the organization user as stored in the organization directory. - View Dependent Claims (13, 14)
-
-
15. A computer readable storage medium has instructions stored for provisioning organization users in a multi-tenant database system thereon which, when executed by one or more computers, cause the one or more computers to perform operations including:
-
receiving a request via a single sign-on protocol from an organization user to create a new multi-tenant database user account for access to the multi-tenant database system; retrieving rules that specify how to derive user permissions for access to the multi-tenant database system from stored user attributes of the organization user; applying the rules to the stored user attributes to determine permissions for the user to access particular objects in the multi-tenant database system; and creating the new user account with the determined user permissions for access to the multi-tenant database system. - View Dependent Claims (16, 17, 18)
-
-
19. A computer readable storage medium has instructions stored for initializing rules for provisioning organization users in a multi-tenant database system thereon which, when executed by one or more computers, cause the one or more computers to perform operations including:
-
receiving data specifying rules to apply when setting up an organization user as a new multi-tenant database user, wherein the rules specify how to derive user permissions to access particular objects in the multi-tenant database system from attributes of the organization user stored in an organization directory; and storing the rules with a system user profile, wherein the profiled system user has limited rights to create new multi-tenant database users and to determine the new multi-tenant database user'"'"'s permissions to access the particular objects based on applying the rules to the attributes of the organization user as stored in the organization directory. - View Dependent Claims (20, 21)
-
Specification