Strict tenant isolation in multi-tenant enabled systems

US 8,706,772 B2
Filed: 12/30/2010
Issued: 04/22/2014
Est. Priority Date: 12/30/2010
Status: Active Grant

First Claim

Patent Images

1. A computer program product comprising a machine-readable medium storing instructions that, when executed by at least one programmable processor, cause the at least one programmable processor to perform operations comprising:

defining a plurality of partitions in a database for a multi-tenant computing system provided on one or more processors, each partition of the plurality of partitions corresponding to only one business tenant of a set of business tenants supported by the multi-tenant system;

storing, in the database, shared content that is shared among and accessible to all tenants of the multi-tenant computing system;

storing tenant content for each business tenant in the corresponding partition of the plurality of partitions of the database, at least a portion of the tenant content being unique to and associated with the associated business tenant; and

generating, as a result of a code check executed at run time, one or more errors to prevent tenant content associated with a first business tenant of the set of business tenants from being accessed by a second business tenant of the set of business tenants, the code check identifying application code within the multi-tenant computing system that comprises a database coding construct that fails to forbid cross-tenant access by the second business tenant to tenant content associated with the first business tenant, the code check comprising determining the existence of at least one of a CLIENT SPECIFIED addition;

one or more of an IMPORT, an EXPORT, and a DELETE with a CLIENT addition;

usage of Native SQL;

a write access into a system field SY-MANDT; and

usage of a parameter IV_CLIENT in a method attach that mediates access to one or more shared memory objects.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A plurality of partitions can be defined in a database for a multi-tenant computing system provided on one or more processors such that each partition of the plurality of partitions is associated with only one business tenant of a set of business tenants supported by the multi-tenant system. The database can stored shared content that is shared among and accessible to all tenants of the multi-tenant computing system while tenant content for each business tenant can be stored in the database in one partition of the plurality of partitions. The one partition can be assigned to an associated business tenant. At least a portion of the tenant content can be unique to and associated with the associated business tenant. One or more errors can be generated to prevent tenant content associated with a first business tenant of the set of business tenants from being accessed by a second business tenant of the set of business tenants when an application code executed within the multi-tenant computing system comprises a construct that would otherwise enable cross-tenant access by the second business tenant to tenant content associated with the first business tenant. Related systems, methods, and computer program products are described.

Citations

20 Claims

1. A computer program product comprising a machine-readable medium storing instructions that, when executed by at least one programmable processor, cause the at least one programmable processor to perform operations comprising:
- defining a plurality of partitions in a database for a multi-tenant computing system provided on one or more processors, each partition of the plurality of partitions corresponding to only one business tenant of a set of business tenants supported by the multi-tenant system;
  
  storing, in the database, shared content that is shared among and accessible to all tenants of the multi-tenant computing system;
  
  storing tenant content for each business tenant in the corresponding partition of the plurality of partitions of the database, at least a portion of the tenant content being unique to and associated with the associated business tenant; and
  
  generating, as a result of a code check executed at run time, one or more errors to prevent tenant content associated with a first business tenant of the set of business tenants from being accessed by a second business tenant of the set of business tenants, the code check identifying application code within the multi-tenant computing system that comprises a database coding construct that fails to forbid cross-tenant access by the second business tenant to tenant content associated with the first business tenant, the code check comprising determining the existence of at least one of a CLIENT SPECIFIED addition;
  
  one or more of an IMPORT, an EXPORT, and a DELETE with a CLIENT addition;
  
  usage of Native SQL;
  
  a write access into a system field SY-MANDT; and
  
  usage of a parameter IV_CLIENT in a method attach that mediates access to one or more shared memory objects.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
- - 2. The computer program product of claim 1, wherein the second business tenant is prevented from accessing the content associated with the first business tenant at a plurality of persistency levels.
  - 3. The computer program product of claim 1, wherein the database further stores system content that is provided by a hosting provider of the multi-tenant computing system, and wherein the method further comprises:
    - designating, using one or more processors of the multi-tenant computing system, a set of system tenants of the tenants of the multi-tenant computing system, each system tenant of the set of system tenants providing system services for the multi-tenant computing system using system content, and also having access to tenant content of other tenants.
  - 4. The computer program product of claim 3, wherein:
    - the system content is generated by a run-time execution of an application system in the multi-tenant computing system; and
      
      customers associated with tenants of the multi-tenant computing system and system administrator of the system are inhibited from modifying the system content.
  - 5. The computer program product of claim 1, wherein the shared content is provided by a hosting provider of the multi-tenant computing system and is the same for all tenants of the multi-tenant computing system.
  - 6. The computer program product of claim 5, wherein the shared content comprises kernel binaries, support packages, add-ons, data dictionary definitions, and metadata associated with an application, a same instance of which is accessible by tenants of the multi-tenant computing system.
  - 7. The computer program product of claim 6, wherein the shared content is modifable by a system administrator, while users associated with the tenants are inhibited from modifying the shared content.
  - 8. The computer program product of claim 1, wherein the tenant content includes business configuration data, extensions, audit data, and archived data associated with each business tenant.

9. A computer-implemented method comprising:
- defining a plurality of partitions in a database for a multi-tenant computing system provided on one or more processors, each partition of the plurality of partitions corresponding to only one business tenant of a set of business tenants supported by the multi-tenant system;
  
  storing, in the database, shared content that is shared among and accessible to all tenants of the multi-tenant computing system;
  
  storing tenant content for each business tenant in the corresponding partition of the plurality of partitions of the database, at least a portion of the tenant content being unique to and associated with the associated business tenant; and
  
  generating, as a result of a code check executed at run time, one or more errors to prevent tenant content associated with a first business tenant of the set of business tenants from being accessed by a second business tenant of the set of business tenants, the code check identifying application code within the multi-tenant computing system that comprises a database coding construct that fails to forbid cross-tenant access by the second business tenant to tenant content associated with the first business tenant, the code check comprising determining the existence of at least one of a CLIENT SPECIFIED addition;
  
  one or more of an IMPORT, an EXPORT, and a DELETE with a CLIENT addition;
  
  usage of Native SQL;
  
  a write access into a system field SY-MANDT; and
  
  usage of a parameter IV_CLIENT in a method attach that mediates access to one or more shared memory objects.
- View Dependent Claims (10, 11, 12, 13, 14, 15)
- - 10. The computer implemented method of claim 9, wherein the operations further comprise:
    - defining, using the one or more processors, the plurality of partitions in the database, each partition of the plurality of partitions being associated with only one business tenant of the set of business tenants.
  - 11. The computer implemented method of claim 9, wherein the second business tenant is prevented from accessing the content associated with the first business tenant at a plurality of persistency levels.
  - 12. The computer implemented method of claim 9, wherein:
    - the database further stores system content that is provided by a hosting provider of the multi-tenant computing system, the system content being generated by a run-time execution of an application system in the multi-tenant computing system;
      
      customers associated with tenants of the multi-tenant computing system and system administrator of the system are inhibited from modifying the system content; and
      
      the operations further comprises;
      
      designating, using one or more processors of the multi-tenant computing system, a set of system tenants of the tenants of the multi-tenant computing system, each system tenant of the set of system tenants providing system services for the multi-tenant computing system using system content, and having access also tenant content of other tenants.
  - 13. The computer implemented method of claim 9, wherein:
    - the shared content is provided by a hosting provider of the multi-tenant computing system, and is the same for all tenants of the multi-tenant computing system; and
      
      the shared content comprises kernel binaries, support packages, add-ons, data dictionary definitions, and metadata associated with an application, a same instance of which is accessible by tenants of the multi-tenant computing system; and
      
      an application logic of the application code is executed on the business tenants.
  - 14. The computer implemented method of claim 9, wherein the shared content can be modified by a system administrator, while users associated with the tenants are inhibited from modifying the shared content.
  - 15. The computer implemented method of claim 9, wherein the tenant content includes business configuration data, extensions, audit data and archived data associated with each business tenant.

16. A system comprising:
- at least one programmable processor; and
  
  a machine-readable medium storing instructions that, when executed by the at least one processor, cause the at least one programmable processor to perform operations to isolate tenant content of business tenants in a multi-tenancy landscape, the operations comprising;
  
  defining a plurality of partitions in a database for a multi-tenant computing system provided on one or more processors, each partition of the plurality of partitions corresponding to only one business tenant of a set of business tenants supported by the multi-tenant system;
  
  storing, in the database, shared content that is shared among and accessible to all tenants of the multi-tenant computing system;
  
  storing tenant content for each business tenant in the corresponding partition of the plurality of partitions of the database, at least a portion of the tenant content being unique to and associated with the associated business tenant; and
  
  generating, as a result of a code check executed at run time, one or more errors to prevent tenant content associated with a first business tenant of the set of business tenants from being accessed by a second business tenant of the set of business tenants, the code check identifying application code within the multi-tenant computing system that comprises a database coding construct that fails to forbid cross-tenant access by the second business tenant to tenant content associated with the first business tenant, the code check comprising determining the existence of at least one of a CLIENT SPECIFIED addition;
  
  one or more of an IMPORT, an EXPORT, and a DELETE with a CLIENT addition;
  
  usage of Native SQL;
  
  a write access into a system field SY-MANDT; and
  
  usage of a parameter IV_CLIENT in a method attach that mediates access to one or more shared memory objects.
- View Dependent Claims (17, 18, 19, 20)
- - 17. The system of claim 16, wherein the operations further comprise:
    - defining, using the one or more processors, the plurality of partitions in the database, each partition of the plurality of partitions being associated with only one business tenant of the set of business tenants.
  - 18. The system of claim 16, wherein the second business tenant is prevented from accessing the content associated with the first business tenant at a plurality of persistency levels.
  - 19. The system of claim 16, wherein:
    - the database further stores system content that is provided by a hosting provider of the multi-tenant computing system, the system content being generated by a run-time execution of an application system in the multi-tenant computing system;
      
      customers associated with tenants of the multi-tenant computing system and system administrator of the system are inhibited from modifying the system content; and
      
      the operations further comprise;
      
      designating, using one or more processors of the multi-tenant computing system, a set of system tenants of the tenants of the multi-tenant computing system, each system tenant of the set of system tenants providing system services for the multi-tenant computing system using system content, and having access also tenant content of other tenants.
  - 20. The system of claim 16, wherein:
    - the shared content is provided by a hosting provider of the multi-tenant computing system, and is the same for all tenants of the multi-tenant computing system; and
      
      the shared content comprises kernel binaries, support packages, add-ons, data dictionary definitions, and metadata associated with an application, a same instance of which is accessible by tenants of the multi-tenant computing system; and
      
      an application logic of the application code is executed on the business tenants.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
SAP SE
Original Assignee
SAP AG (SAP SE)
Inventors
Hartig, Martin, Mielenhausen, Bjoern, Prestel, Helmut, Eberlein, Peter
Primary Examiner(s)
Yen, Syling

Application Number

US12/982,299
Publication Number

US 20120173581A1
Time in Patent Office

1,209 Days
Field of Search

707/769, 707/791, 707/802, 707/803, 707809-812, 707/999.101, 726/25, 715/234, 715/765, 370/395.53
US Class Current

707/803
CPC Class Codes

G06F 11/0745   in an input/output transact...

G06F 11/0787   Storage of error reports, e...

G06F 21/52   during program execution, e...

Strict tenant isolation in multi-tenant enabled systems

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Strict tenant isolation in multi-tenant enabled systems

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links