Partner sandboxing in a shared multi-tenant billing system
First Claim
1. One or more non-transitory computer-readable media having computer-executable instructions embodied thereon that, when executed, provide a system that facilitates access to a plurality of shared software objects by disparate entities, the system comprising:
- a platform component executed by a computing device having a processor and a memory, that receives a request from a first entity to access one of the plurality of shared software objects, wherein the first entity is attempting to convert a subscription from a second type of a second entity to a first type of the first entity;
a data store that stores security information on one or more classes of the plurality of shared software objects, wherein the security information on each of the one or more classes is inherited by one or more shared software objects in each class, and wherein the security information includes a security parameter that indicates whether the first entity is permitted to convert the subscription from the second type to the first type; and
a verification component that employs the security information to verify that the first entity has permission to call an Application Programming Interface (API) for the one of the plurality of shared software objects to convert the subscription from the second type to the first type, wherein the verification component prevents the first entity from calling the API when the security parameter indicates that the first entity is not permitted to convert the subscription from the second type to the first type and the verification allows the first entity to call the API when the security parameter indicates that the first entity is permitted to convert the subscription from the second type to the first type.
2 Assignments
0 Petitions
Accused Products
Abstract
The present invention relates to a system and methodology for interacting with a Subscription Platform Service (SPS) and providing data security between entities that employ such service. The system includes a component that receives a request to access an object by an entity, and a data store that stores security information on classes of the objects. A verification component employs the security information to determine whether the entity has permission to call an Application Programming Interface (API) for the object and/or operate on the object, wherein the verification component exposes the object if permission exists or masks the object if permission does not exist.
-
Citations
28 Claims
-
1. One or more non-transitory computer-readable media having computer-executable instructions embodied thereon that, when executed, provide a system that facilitates access to a plurality of shared software objects by disparate entities, the system comprising:
-
a platform component executed by a computing device having a processor and a memory, that receives a request from a first entity to access one of the plurality of shared software objects, wherein the first entity is attempting to convert a subscription from a second type of a second entity to a first type of the first entity; a data store that stores security information on one or more classes of the plurality of shared software objects, wherein the security information on each of the one or more classes is inherited by one or more shared software objects in each class, and wherein the security information includes a security parameter that indicates whether the first entity is permitted to convert the subscription from the second type to the first type; and a verification component that employs the security information to verify that the first entity has permission to call an Application Programming Interface (API) for the one of the plurality of shared software objects to convert the subscription from the second type to the first type, wherein the verification component prevents the first entity from calling the API when the security parameter indicates that the first entity is not permitted to convert the subscription from the second type to the first type and the verification allows the first entity to call the API when the security parameter indicates that the first entity is permitted to convert the subscription from the second type to the first type. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16)
-
-
17. A method to facilitate security for subscription objects, comprising:
-
storing one or more security options in a database, at least a portion of the one or more security options being related to an automated billing and provisioning system, wherein at least a portion of the one or more security options includes at least conversion of a subscription from a first type associated with a first tenant to a second type associated with a second tenant, and wherein one or more of the security options indicate allowability of the second tenant to convert the subscription type from the first type to the second type; assigning one or more of the security options to a class; inheriting the one or more security options assigned to the class by object members of the class; verifying that the second tenant has permission to call an Application Program Interface (API) for one or more of the object members of the class to convert the subscription type from the first type to the second type; and preventing the second tenant from calling the API when the security options indicate that the second entity is not permitted to convert the subscription type from the first type to the second type;
orallowing the second tenant to call the API when the security options indicate that the second tenant is permitted to convert the subscription type from the first type to the second type. - View Dependent Claims (18, 19, 20, 21, 22, 23, 24, 25, 26, 27)
-
-
28. One or more non-transitory computer-readable media having computer-executable instructions embodied thereon that, when executed, provide a system to facilitate business object security, comprising:
-
an authentication component executing on a computing device having a memory and a processor that authenticates a first entity attempting to access an online billing and service system, wherein the first entity is attempting to convert a subscription from a second type of a second entity to a first type of the first entity; an authorization component that authorizes the first entity to convert the subscription from the second type of the second entity to the first type of the first entity upon verifying at least one security parameter, wherein the at least one security parameter is assigned to a class of objects and is inherited by objects of the class by one or more of explicitly and implicitly assigning the security parameter to the objects of the class, wherein the at least one security parameter is stored in a database and is accessible via an application program interface that is automatically authorized by analyzing one or more security credentials, and wherein the at least one security parameter indicates allowability of the first entity to convert the subscription from the second type to the first type.
-
Specification