Security configuration systems and methods for portal users in a multi-tenant database environment
First Claim
1. A method, comprising the steps of:
- receiving a data request at a server with an application platform from a user via a user device, the data request being associated with a respective data object of a plurality of data objects stored in a database;
determining when the user is an internal user from a plurality of internal users of the application platform or when a portal user from a plurality of portal users of the application platform, the user additionally having a group membership in at least one of a plurality of groups;
consulting an organizational wide default table that stores a list of the data objects and, for each of the data objects, a first default security setting for all of the plurality of internal users regardless of the group membership and a second default security setting for all of the plurality of portal users regardless of the group membership, wherein the consulting step includesconsulting, when the user is the internal user, the first default security setting for the respective data object in the organizational wide default table to determine when the requested data is public or private, andconsulting, when the user is the portal user, the second default security setting for the respective data object in the organizational wide default table to determine when the requested data is public or private;
providing, when the user is the internal user and the requested data is public, access information to the user via the user device;
providing, when the user is the portal user and the requested data is public, access information to the user via the user device;
consulting, when the user is the internal user and only when the requested data is private, a membership table that includes a first listing of the groups associated with the user and a share table that includes a second listing of the groups that have access to the requested data, wherein the membership table and the share table are formed from tenant metadata, and providing the requested data to the user when the membership table and the share table indicates that the group membership of the user has access; and
consulting, when the user is the portal user and only when the requested data is private, the membership table and the share table, and providing the requested data to the user when the membership table and the share table indicates that the group membership of the user has access.
1 Assignment
0 Petitions
Accused Products
Abstract
A computer-implemented system and method includes method includes receiving a data request for data in a database from a user; determining if the user is an internal user or a portal user; consulting, if the user is the internal user, a first security setting associated with the data to determine if the requested data is public or private, and if the user is the portal user, consulting a second security setting separate from the first security setting to determine if the requested data is public or private; providing, if the requested data is public, access information to the user; performing, if the requested data is private, additional processing to determine if the user has access to the requested data.
127 Citations
13 Claims
-
1. A method, comprising the steps of:
-
receiving a data request at a server with an application platform from a user via a user device, the data request being associated with a respective data object of a plurality of data objects stored in a database; determining when the user is an internal user from a plurality of internal users of the application platform or when a portal user from a plurality of portal users of the application platform, the user additionally having a group membership in at least one of a plurality of groups; consulting an organizational wide default table that stores a list of the data objects and, for each of the data objects, a first default security setting for all of the plurality of internal users regardless of the group membership and a second default security setting for all of the plurality of portal users regardless of the group membership, wherein the consulting step includes consulting, when the user is the internal user, the first default security setting for the respective data object in the organizational wide default table to determine when the requested data is public or private, and consulting, when the user is the portal user, the second default security setting for the respective data object in the organizational wide default table to determine when the requested data is public or private; providing, when the user is the internal user and the requested data is public, access information to the user via the user device; providing, when the user is the portal user and the requested data is public, access information to the user via the user device; consulting, when the user is the internal user and only when the requested data is private, a membership table that includes a first listing of the groups associated with the user and a share table that includes a second listing of the groups that have access to the requested data, wherein the membership table and the share table are formed from tenant metadata, and providing the requested data to the user when the membership table and the share table indicates that the group membership of the user has access; and consulting, when the user is the portal user and only when the requested data is private, the membership table and the share table, and providing the requested data to the user when the membership table and the share table indicates that the group membership of the user has access. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
-
-
11. A multi-tenant data processing system, comprising:
-
a database that stores data specific to each one of a plurality of tenants such that at least two of the tenants store at least a portion of data specific to the at least two tenants as data objects in a common structure within the database, wherein each individual tenant is permitted access only to data associated with the individual tenant, and wherein a first tenant of the plurality of tenants is affiliated with an internal user from a plurality of internal users and a portal user from a plurality of portal users; and an application server that receives, from one of the internal user or the portal user, a data request associated with a respective data object of the data objects stored in the database, the one of the internal user or the portal user additionally having a group membership in at least one of a plurality of groups, wherein application server includes an organization wide default table that stores, for each data object, a first default security setting for all of the internal users regardless of the group membership and a second default security setting for all of the portal users regardless of the group membership, wherein the application server is configurable to access a membership table that includes a listing of group memberships for each of the internal users and the portal users and a share table that includes access characteristics of each of the group memberships, the membership table and the share table being formed from tenant metadata; wherein the application server is configured to consult, when the user is the internal user, the first default security setting for the respective data object in the organization wide default table to determine when the requested data is public or private, and when the user is the portal user, consult the second default security setting for the respective data object in the organization wide default table to determine when the requested data is public or private; provide, when the requested data is public, the requested information based on the first default security setting for the respective data object or the second default security setting for the respective data object without performing additional security processing; consulting, when the user is the internal user and only when the requested data is private, a membership table that includes a first listing of the groups associated with the user and a share table that includes a second listing of the groups that have access to the requested data, wherein the membership table and the share table are formed from tenant metadata, and providing the requested data to the user when the membership table and the share table indicates that the group membership of the user has access; and consulting, when the user is the portal user and only when the requested data is private, the membership table and the share table, and providing the requested data to the user when the membership table and the share table indicates that the group membership of the user has access. - View Dependent Claims (12, 13)
-
Specification