PROVISIONING ACCESS TO CUSTOMER ORGANIZATION DATA IN A MULTI-TENANT SYSTEM
First Claim
1. A computer-implemented method for controlling access to data for an organization stored in an on-demand database system hosted on a server computer, the method comprising:
- enabling access to the data of the organization upon request of a support representative within a management organization that maintains the data for the organization stored in an on-demand database system, the request establishing the identity of the support representative as a member of a support user class that is granted defined administrative privileges with respect to the data;
initiating a network session to the organization upon request of the support representative, wherein the network session associates the administrative privileges to the support user representative to enable access to the data to the extent of the administrative privileges; and
granting access to an on-demand database application to the support representative as an organization user for a limited term, wherein the support representative is granted use privileges of the on-demand database application for a limited term.
2 Assignments
0 Petitions
Accused Products
Abstract
Methods and systems are described for providing support representative access to applications deployed in an enterprise network environment. An access provisioning system defines a support user class in a user profile database for an application executed on an organization partition within the network. The support user is granted read only privileges to metadata of the application. An organization administrator can grant support personnel access to the application as a support user, thus the ability to view, analyze, and possibly modify the metadata. The access provisioning system generates a Security Assertion Markup Language (SAML) assertion upon request by the support personnel to enable access to the data to the extent of the granted privileges. The SAML protocol includes authentication of the support representative as an authorized support user within the system.
-
Citations
27 Claims
-
1. A computer-implemented method for controlling access to data for an organization stored in an on-demand database system hosted on a server computer, the method comprising:
-
enabling access to the data of the organization upon request of a support representative within a management organization that maintains the data for the organization stored in an on-demand database system, the request establishing the identity of the support representative as a member of a support user class that is granted defined administrative privileges with respect to the data; initiating a network session to the organization upon request of the support representative, wherein the network session associates the administrative privileges to the support user representative to enable access to the data to the extent of the administrative privileges; and granting access to an on-demand database application to the support representative as an organization user for a limited term, wherein the support representative is granted use privileges of the on-demand database application for a limited term. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
-
-
10. A system for controlling access to application program data in a computer network, comprising:
-
one or more processors; and a non-transitory computer readable medium storing a plurality of instructions, which when executed, cause the one or more processors to; enable access to the data of the organization upon request of a support representative within a management organization that maintains the data for the organization stored in an on-demand database system, the request establishing the identity of the support representative as a member of a support user class that is granted defined administrative privileges with respect to the data; initiate a network session to the organization upon request of the support representative, wherein the network session associates the administrative privileges to the support user representative to enable access to the data to the extent of the administrative privileges; and grant access to a on-demand database application to the support representative as an organization user for a limited term, wherein the support representative is granted use privileges of the on-demand database application for a limited term. - View Dependent Claims (11, 12, 13, 14, 15, 16, 17, 18)
-
-
19. A computer program product comprising machine-readable program code stored on a non-transitory computer-readable medium to be executed by one or more processors, the program code including instructions to:
-
enable access to the data of the organization upon request of a support representative within a management organization that maintains the data for the organization stored in an on-demand database system, the request establishing the identity of the support representative as a member of a support user class that is granted defined administrative privileges with respect to the data; initiate a network session to the organization upon request of the support representative, wherein the network session associates the administrative privileges to the support user representative to enable access to the data to the extent of the administrative privileges; and grant access to the on-demand database application to the support representative as an organization user for a limited term, wherein the support representative is granted use privileges of the on-demand database application for a limited term. - View Dependent Claims (20, 21, 22, 23, 24, 25, 26, 27)
-
Specification