On-demand database service system, method and computer program product for conditionally allowing an application of an entity access to data of another entity

US 8,977,647 B2
Filed: 04/19/2013
Issued: 03/10/2015
Est. Priority Date: 07/19/2007
Status: Active Grant

First Claim

Patent Images

1. A non-transitory machine-readable medium carrying one or more sequences of instructions which, when executed by one or more processors, cause the one or more processors to carry out the steps of:

presenting a user with an interface which describes permissions that are required for an application created by a first entity of an on-demand database service;

permitting the user to authorize the application based on the required permissions;

after permitting the user to authorize the application, receiving by the on-demand database service a request from the application, the request including a request to access data of the user associated with a database of the on-demand database service, wherein the first entity and the user are different users of the on-demand database service, and the on-demand database service stores data on behalf of each of the users in a logically separated manner such that, without authorization, data of one user is inaccessible to another user;

determining by the on-demand database service whether the application is authorized to access the data of the user associated with the database of the on-demand database service using a plurality of data access limitations associated with the application and indicated in a profile, wherein the data access limitations associated with the application are included with the application in a package, and the package is installed by the user;

conditionally allowing the access to the data of the user associated with the database of the on-demand database service, based on the determination;

receiving an update associated with the application; and

after receiving the update, presenting the update to the user for acceptance by the user;

wherein when the package is uninstalled, the profile indicating the plurality of data access limitations is also uninstalled.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

In accordance with embodiments, there are provided mechanisms and methods for conditionally allowing an application of an entity access to data of another entity in an on-demand database service. These mechanisms and methods for conditionally allowing an application of an entity access to data of another entity in an on-demand database service can enable embodiments to limit such access to the data, as desired. Furthermore, embodiments of such mechanisms and methods may provide additional security when sharing data among different subscribers to an on-demand database service.

168 Citations

13 Claims

1. A non-transitory machine-readable medium carrying one or more sequences of instructions which, when executed by one or more processors, cause the one or more processors to carry out the steps of:
- presenting a user with an interface which describes permissions that are required for an application created by a first entity of an on-demand database service;
  
  permitting the user to authorize the application based on the required permissions;
  
  after permitting the user to authorize the application, receiving by the on-demand database service a request from the application, the request including a request to access data of the user associated with a database of the on-demand database service, wherein the first entity and the user are different users of the on-demand database service, and the on-demand database service stores data on behalf of each of the users in a logically separated manner such that, without authorization, data of one user is inaccessible to another user;
  
  determining by the on-demand database service whether the application is authorized to access the data of the user associated with the database of the on-demand database service using a plurality of data access limitations associated with the application and indicated in a profile, wherein the data access limitations associated with the application are included with the application in a package, and the package is installed by the user;
  
  conditionally allowing the access to the data of the user associated with the database of the on-demand database service, based on the determination;
  
  receiving an update associated with the application; and
  
  after receiving the update, presenting the update to the user for acceptance by the user;
  
  wherein when the package is uninstalled, the profile indicating the plurality of data access limitations is also uninstalled.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
- - 2. The non-transitory machine-readable medium of claim 1, and further comprising presenting the data access limitations to the user for acceptance by the user, and conditionally allowing the access to the data of the user stored in the database of the on-demand database service, based on the acceptance of the data access limitations.
  - 3. The non-transitory machine-readable medium of claim 1, wherein the data access limitations include a plurality of data access levels.
  - 4. The non-transitory machine-readable medium of claim 1, wherein the data access limitations include limitations on at least one type of the data of the user stored in the database of the on-demand database service that can be accessed.
  - 5. The non-transitory machine-readable medium of claim 1, wherein the data access limitations include limitations on at least one action that may be performed on the data of the user stored in the database of the on-demand database service.
  - 6. The non-transitory machine-readable medium of claim 1, wherein the application includes business logic.
  - 7. The non-transitory machine-readable medium of claim 1, and further comprising authenticating the application, and conditionally installing the application based on the authentication.
  - 8. The non-transitory machine-readable medium of claim 1, wherein the application is served by the on-demand database service.
  - 9. The method of claim 1, wherein the on-demand database service includes a multi-tenant on-demand database service.
  - 10. The non-transitory machine-readable medium of claim 1, wherein the interface is presented during the user installation of the application, and wherein the user authorization of the application is required for the installation of the application.
  - 11. The non-transitory machine-readable medium of claim 1, wherein the package includes a standalone client object to be installed on a device of the user.

12. An apparatus, comprising:
- a processor; and
  
  one or more stored sequences of instructions which, when executed by the processor, cause the processor to carry out the steps of;
  
  presenting a user with an interface which describes permissions that are required for an application created by a first entity of an on-demand database service;
  
  permitting the user to authorize the application based on the required permissions;
  
  after permitting the user to authorize the application, receiving by the on-demand database service a request from the application, the request including a request to access data of the user associated with a database of the on-demand database service, wherein the first entity and the user are different users of the on-demand database service, and the on-demand database service stores data on behalf of each of the users in a logically separated manner such that, without authorization, data of one user is inaccessible to another user;
  
  determining by the on-demand database service whether the application is authorized to access the data of the user associated with the database of the on-demand database service using a plurality of data access limitations associated with the application and indicated in a profile, wherein the data access limitations associated with the application are included with the application in a package, and the package is installed by the user;
  
  conditionally allowing the access to the data of the user associated with the database of the on-demand database service, based on the determination;
  
  receiving an update associated with the application; and
  
  after receiving the update, presenting the update to the user for acceptance by the user.;
  
  wherein when the package is uninstalled, the profile indicating the plurality of data access limitations is also uninstalled.

13. A method for transmitting code for use in a multi-tenant database system on a transmission medium, the method comprising:
- transmitting code for presenting a user with an interface which describes permissions that are required for an application created by a first entity of an on-demand database service;
  
  transmitting code for permitting the user to authorize the application based on the required permissions;
  
  transmitting code for, after permitting the user to authorize the application, receiving by the on-demand database service a request from the application, the request including a request to access data of the user associated with a database of the on-demand database service, wherein the first entity and the user are different users of the on-demand database service, and the on-demand database service stores data on behalf of each of the users in a logically separated manner such that, without authorization, data of one user is inaccessible to another user;
  
  transmitting code for determining by the on-demand database service whether the application is authorized to access the data of the user associated with the database of the on-demand database service using a plurality of data access limitations associated with the application and indicated in a profile, wherein the data access limitations associated with the application are included with the application in a package, and the package is installed by the user;
  
  transmitting code for conditionally allowing the access to the data of the user associated with the database of the on-demand database service, based on the determination;
  
  transmitting code for receiving an update associated with the application; and
  
  transmitting code for presenting the update to the user for acceptance by the user;
  
  wherein when the package is uninstalled, the profile indicating the plurality of data access limitations is also uninstalled.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Salesforce.com, Inc.
Original Assignee
Salesforce.com, Inc.
Inventors
Mehra, Vinod, Warshavsky, Alex, Horne, Nate, Dapkus, Peter J., Viripaeff, Alexis
Primary Examiner(s)
Perveen, Rehana
Assistant Examiner(s)
BUI, THUY T

Application Number

US13/866,801
Publication Number

US 20130238660A1
Time in Patent Office

690 Days
Field of Search

707/781, 707783-785
US Class Current

707/781
CPC Class Codes

G06F 16/24573   using data annotations, e.g...

G06F 21/31   User authentication

G06F 21/6218   to a system of files or obj...

G06F 21/6227   where protection concerns t...

G06F 2221/2105   Dual mode as a secondary as...

G06F 2221/2141   Access rights, e.g. capabil...

G06F 2221/2147   Locking files

G06F 8/61   Installation

G06F 8/65   Updates security arrangemen...

H04L 63/102   Entity profiles

H04L 67/306   User profiles

H04W 4/50   Service provisioning or rec...

On-demand database service system, method and computer program product for conditionally allowing an application of an entity access to data of another entity

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

168 Citations

13 Claims

Specification

Solutions

Use Cases

Quick Links

On-demand database service system, method and computer program product for conditionally allowing an application of an entity access to data of another entity

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

168 Citations

13 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links