External access and partner delegation
First Claim
1. A method, performed in a multi-tenancy environment, for permitting a first tenant to provide services to a second tenant by specifying access permission that enables the second tenant to access the first tenant'"'"'s resources and/or data, the method comprising:
- hosting a multi-tenant service in a multi-tenancy environment, the multi-tenant service hosting a first and a second tenant;
receiving at the management console identity criteria for a user or group of users of the second tenant that desire access to the first tenant'"'"'s resources and/or data of the multi-tenant service without requiring the user or group of users of the second tenant to become users of the first tenant;
creating at the management console an external access object that is associated with the first tenant;
mapping at the management console the external access object to the user or group of users of the second tenant based on the identity criteria such that the external access object represents the user or group of users of the second tenant when the user or group of users access the multi-tenant service such that the user or group of users appear as a user or group of users of the first tenant when accessing the multi-tenant service to thereby enable the user or group of users to access the multi-tenant service as if the user or group of users of the second tenant were a user or group of users of the first tenant; and
at the management console, associating the external access object which has been mapped based on the identity criteria used to associate the user or group of users from the second tenant with a set of the first tenant'"'"'s resources and/or data of the multi-tenant service so that the user or group of users of the second tenant can access the associated set of resources and/or data.
2 Assignments
0 Petitions
Accused Products
Abstract
Embodiments disclosed herein extend to the use of external access objects in a multi-tenant environment. First and second tenants contract for operations that users of the second tenant will perform in the first tenant. Identity criteria for the users are determined. These users are mapped to an external access object that represents the second tenant users when performing the operations in the first tenant. The external access object is also associated with the resources and/or data that the users of the second tenant will be allowed access to when performing the operations. The users of the second tenant provide a request for access to the resources and/or data to perform operations. Identity criteria are determined and the users are mapped to an external access object based on the identity criteria. It is determined if the user has permission to access the resources and/or data and perform the operations.
33 Citations
20 Claims
-
1. A method, performed in a multi-tenancy environment, for permitting a first tenant to provide services to a second tenant by specifying access permission that enables the second tenant to access the first tenant'"'"'s resources and/or data, the method comprising:
-
hosting a multi-tenant service in a multi-tenancy environment, the multi-tenant service hosting a first and a second tenant; receiving at the management console identity criteria for a user or group of users of the second tenant that desire access to the first tenant'"'"'s resources and/or data of the multi-tenant service without requiring the user or group of users of the second tenant to become users of the first tenant; creating at the management console an external access object that is associated with the first tenant; mapping at the management console the external access object to the user or group of users of the second tenant based on the identity criteria such that the external access object represents the user or group of users of the second tenant when the user or group of users access the multi-tenant service such that the user or group of users appear as a user or group of users of the first tenant when accessing the multi-tenant service to thereby enable the user or group of users to access the multi-tenant service as if the user or group of users of the second tenant were a user or group of users of the first tenant; and at the management console, associating the external access object which has been mapped based on the identity criteria used to associate the user or group of users from the second tenant with a set of the first tenant'"'"'s resources and/or data of the multi-tenant service so that the user or group of users of the second tenant can access the associated set of resources and/or data. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
-
-
10. A method, performed in a multi-tenancy environment, for permitting a first tenant to provide services to a user or group of users associated with a second tenant by specifying access permission that enables the user or group of users of the second tenant to access the first tenant'"'"'s resources and/or data, the method comprising:
-
hosting a multi-tenant service in a multi-tenancy environment, the multi-tenant service hosting a first and a second tenant; receiving at the management console a user request of a user or group of users of the second tenant for access to the first tenant'"'"'s resources and/or data of the multi-tenant service to perform operations on the first tenant'"'"'s resource and/or data; determining at the management console identity criteria of the user or group of users of the second tenant; at the management console, based on the identify criteria determined for the user or group of users of the second tenant, mapping the user or group of users of the second tenant to an external access object that is associated with the first tenant, wherein the external access object is configured to represent the user or group of users of the second tenant when the user or group of users of the second tenant accesses the multi-tenant service such that the user or group of users appears as a user or group of users of the first tenant when accessing the multi-tenant service to thereby enable the user or group of users of the second tenant to access the first tenant'"'"'s resources and/or data of the multi-tenant service; and determining at the management console that the user or group of users of the second tenant has permission to access the first tenant'"'"'s resources and/or data of the multi-tenant service and to perform the operations based on access permissions specified within the external access object. - View Dependent Claims (11, 12, 13, 14, 15, 16, 17, 18)
-
-
19. One or more hardware storage devices having stored thereon computer-executable instructions that, when executed by the one or more processors, perform a computer-implemented method for permitting a first tenant to provide services to a user or group of users associated with a second tenant by specifying access permission that enables the user or group of users of the second tenant to access the first tenant'"'"'s resources and/or data, the computer-implemented method comprising:
-
determining identity criteria for one or more users or group of users of the second tenant who will provide the contracted for specified operations; receiving at the management console a request from one of the one or more users or group of users of the second tenant for access to the first tenant'"'"'s resources and/or data of the multi-tenant service that are to be subjected to the specified operations; mapping an external access object associated with the first tenant to the one of the one or more users or group of users of the second tenant based on the identity criteria, wherein the external access object is configured to represent the one of the one or more users or group of users of the second tenant when the user or group of users of the second tenant accesses the multi-tenant service such that the user or group of users appears as a user or group of users of the first tenant when accessing the multi-tenant service to thereby enable the user or group of users of the second tenant to access the first tenant'"'"'s resources and/or data of the multi-tenant service; based on the identity criteria, associating the external access object with a set of the one or more administrative tasks, wherein the set of administrative tasks define the specified operations that may be performed on the first tenant'"'"'s resources and/or data by the one of the one or more users or group of users; determining that access is to be granted to the first tenant'"'"'s resources and/or data by determining that the one or more administrative tasks are permitted by the external access object; and determining that a designated target object of the first tenant'"'"'s resources and/or data is permitted to be subjected to the one or more administrative tasks. - View Dependent Claims (20)
-
Specification