On-demand database service system, method and computer program product for conditionally allowing an application of an entity access to data of another entity

US 8,447,779 B2
Filed: 02/09/2012
Issued: 05/21/2013
Est. Priority Date: 07/19/2007
Status: Active Grant

First Claim

Patent Images

1. A method, comprising:

receiving a request from an application created by a first entity, wherein the application includes business logic and the request includes a request to access data of a second entity stored in a database of an on-demand database service;

determining, utilizing a hardware processor, whether the application is authorized to access the data of the second entity stored in the database of the on-demand database service using a plurality of data access limitations associated with the application and indicated in a profile, wherein the data access limitations are presented to the second entity for acceptance by the second entity;

conditionally allowing the access to the data of the second entity stored in the database of the on-demand database service, based on the determination and the acceptance; and

in response to an update associated with the application, requesting that the second entity accept the update associated with the application, and conditionally allowing the access to the data of the second entity stored in the database of the on-demand database service utilizing the application, based on the acceptance of the update associated with the application;

wherein the application is authenticated, and the application is conditionally installed based on the authentication;

wherein the data access limitations grant the application created by the first entity access to the data of the second entity;

wherein the first entity and the second entity are different tenants of the on-demand database service, such that the on-demand database service processes requests for each of the first entity and the second entity and stores information for each of the first entity and the second entity, and wherein the profile indicating the data access limitations granting the application created by the first entity access to the data of the second entity provides sharing with the first entity the data of the second entity that is stored in the database of the on-demand database service;

wherein a package includes the application and the data access limitations, and the package is installed by the second entity.

View all claims

0 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

In accordance with embodiments, there are provided mechanisms and methods for conditionally allowing an application of an entity access to data of another entity in an on-demand database service. These mechanisms and methods for conditionally allowing an application of an entity access to data of another entity in an on-demand database service can enable embodiments to limit such access to the data, as desired. Furthermore, embodiments of such mechanisms and methods may provide additional security when sharing data among different subscribers to an on-demand database service.

34 Citations

View as Search Results

13 Claims

1. A method, comprising:
- receiving a request from an application created by a first entity, wherein the application includes business logic and the request includes a request to access data of a second entity stored in a database of an on-demand database service;
  
  determining, utilizing a hardware processor, whether the application is authorized to access the data of the second entity stored in the database of the on-demand database service using a plurality of data access limitations associated with the application and indicated in a profile, wherein the data access limitations are presented to the second entity for acceptance by the second entity;
  
  conditionally allowing the access to the data of the second entity stored in the database of the on-demand database service, based on the determination and the acceptance; and
  
  in response to an update associated with the application, requesting that the second entity accept the update associated with the application, and conditionally allowing the access to the data of the second entity stored in the database of the on-demand database service utilizing the application, based on the acceptance of the update associated with the application;
  
  wherein the application is authenticated, and the application is conditionally installed based on the authentication;
  
  wherein the data access limitations grant the application created by the first entity access to the data of the second entity;
  
  wherein the first entity and the second entity are different tenants of the on-demand database service, such that the on-demand database service processes requests for each of the first entity and the second entity and stores information for each of the first entity and the second entity, and wherein the profile indicating the data access limitations granting the application created by the first entity access to the data of the second entity provides sharing with the first entity the data of the second entity that is stored in the database of the on-demand database service;
  
  wherein a package includes the application and the data access limitations, and the package is installed by the second entity.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
- - 2. The method of claim 1, wherein the first entity and the second entity include different organizations.
  - 3. The method of claim 1, wherein the first entity and the second entity include different divisions of a single organization.
  - 4. The method of claim 1, wherein the data access limitations are determined by the second entity.
  - 5. The method of claim 1, wherein the data access limitations include a plurality of data access levels.
  - 6. The method of claim 1, wherein the data access limitations include limitations on at least one type of the data of the second entity stored in the database of the on-demand database service that can be accessed.
  - 7. The method of claim 1, wherein the data access limitations include limitations on at least one action that may be performed on the data of the second entity stored in the database of the on-demand database service.
  - 8. The method of claim 1, and further comprising receiving the update associated with the application.
  - 9. The method of claim 8, and further comprising presenting the update to the second entity for acceptance by the second entity, and conditionally allowing the access to the data of the second entity stored in the database of the on-demand database service utilizing the update, based on the acceptance.
  - 10. The method of claim 1, wherein the application is served by the on-demand database service.

11. A non-transitory machine-readable medium carrying one or more sequences of instructions which, when executed by one or more processors, cause the one or more processors to carry out the steps of:
- receiving a request from an application created by a first entity, wherein the application includes business logic and the request includes a request to access data of a second entity stored in a database of an on-demand database service;
  
  determining whether the application is authorized to access the data of the second entity stored in the database of the on-demand database service using a plurality of data access limitations associated with the application and indicated in a profile, wherein the data access limitations are presented to the second entity for acceptance by the second entity;
  
  conditionally allowing the access to the data of the second entity stored in the database of the on-demand database service, based on the determination and the acceptance; and
  
  in response to an update associated with the application, requesting that the second entity accept the update associated with the application, and conditionally allowing the access to the data of the second entity stored in the database of the on-demand database service utilizing the application, based on the acceptance of the update associated with the application;
  
  wherein the application is authenticated, and the application is conditionally installed based on the authentication;
  
  wherein the data access limitations grant the application created by the first entity access to the data of the second entity;
  
  wherein the first entity and the second entity are different tenants of the on-demand database service, such that the on-demand database service processes requests for each of the first entity and the second entity and stores information for each of the first entity and the second entity, and wherein the profile indicating the data access limitations granting the application created by the first entity access to the data of the second entity provides sharing with the first entity the data of the second entity that is stored in the database of the on-demand database service;
  
  wherein a package includes the application and the data access limitations, and the package is installed by the second entity.

12. An apparatus, comprising:
- a processor; and
  
  one or more stored sequences of instructions which, when executed by the processor, cause the processor to carry out the steps of;
  
  receiving a request from an application created by a first entity, wherein the application includes business logic and the request includes a request to access data of a second entity stored in a database of an on-demand database service;
  
  determining whether the application is authorized to access the data of the second entity stored in the database of the on-demand database service using a plurality of data access limitations associated with the application and indicated in a profile, wherein the data access limitations are presented to the second entity for acceptance by the second entity;
  
  conditionally allowing the access to the data of the second entity stored in the database of the on-demand database service, based on the determination and the acceptance; and
  
  in response to an update associated with the application, requesting that the second entity accept the update associated with the application, and conditionally allowing the access to the data of the second entity stored in the database of the on-demand database service utilizing the application, based on the acceptance of the update associated with the application;
  
  wherein the application is authenticated, and the application is conditionally installed based on the authentication;
  
  wherein the data access limitations grant the application created by the first entity access to the data of the second entity;
  
  wherein the first entity and the second entity are different tenants of the on-demand database service, such that the on-demand database service processes requests for each of the first entity and the second entity and stores information for each of the first entity and the second entity, and wherein the profile indicating the data access limitations granting the application created by the first entity access to the data of the second entity provides sharing with the first entity the data of the second entity that is stored in the database of the on-demand database service;
  
  wherein a package includes the application and the data access limitations, and the package is installed by the second entity.

13. A method for transmitting code for use in a multi-tenant database system on a transmission medium, the method comprising:
- transmitting code for receiving a request from an application created by a first entity, wherein the application includes business logic and the request includes a request to access data of a second entity stored in a database of an on-demand database service;
  
  transmitting code for determining, utilizing a hardware processor, whether the application is authorized to access the data of the second entity stored in the database of the on-demand database service using a plurality of data access limitations associated with the application and indicated in a profile, wherein the data access limitations are presented to the second entity for acceptance by the second entity;
  
  transmitting code for conditionally allowing the access to the data of the second entity stored in the database of the on-demand database service, based on the determination and the acceptance;
  
  transmitting code for, in response to an update associated with the application, requesting that the second entity accept the update associated with the application, and conditionally allowing the access to the data of the second entity stored in the database of the on-demand database service utilizing the application, based on the acceptance of the update associated with the application; and
  
  wherein the application is authenticated, and the application is conditionally installed based on the authentication;
  
  wherein the data access limitations grant the application created by the first entity access to the data of the second entity;
  
  wherein the first entity and the second entity are different tenants of the on-demand database service, such that the on-demand database service processes requests for each of the first entity and the second entity and stores information for each of the first entity and the second entity, and wherein the profile indicating the data access limitations granting the application created by the first entity access to the data of the second entity provides sharing with the first entity the data of the second entity that is stored in the database of the on-demand database service;
  
  wherein a package includes the application and the data access limitations, and the package is installed by the second entity.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Salesforce.com, Inc.
Original Assignee
Salesforce.com, Inc.
Inventors
Viripaeff, Lexi, Mehra, Vinod, Warshavsky, Alex, Horne, Nate, Dapkus, Peter J.
Primary Examiner(s)
Lee, Wilson
Assistant Examiner(s)
BUI, THUY T

Application Number

US13/370,247
Publication Number

US 20120143916A1
Time in Patent Office

467 Days
Field of Search

707/781, 707/783, 707/784, 707/785
US Class Current

707/781
CPC Class Codes

G06F 16/24573   using data annotations, e.g...

G06F 21/31   User authentication

G06F 21/6218   to a system of files or obj...

G06F 21/6227   where protection concerns t...

G06F 2221/2105   Dual mode as a secondary as...

G06F 2221/2141   Access rights, e.g. capabil...

G06F 2221/2147   Locking files

G06F 8/61   Installation

G06F 8/65   Updates security arrangemen...

H04L 63/102   Entity profiles

H04L 67/306   User profiles

H04W 4/50   Service provisioning or rec...

On-demand database service system, method and computer program product for conditionally allowing an application of an entity access to data of another entity

First Claim

0 Assignments

0 Petitions

Accused Products

Abstract

34 Citations

13 Claims

Specification

Use Cases

Quick Links

Others

On-demand database service system, method and computer program product for conditionally allowing an application of an entity access to data of another entity

First Claim

0 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

34 Citations

13 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others