Method and system for controlling access to a multi-tenant database system using a virtual portal

US 9,361,366 B1
Filed: 06/03/2008
Issued: 06/07/2016
Est. Priority Date: 06/03/2008
Status: Active Grant

First Claim

Patent Images

1. A method for controlling access to a multi-tenant database system using a virtual portal, the multi-tenant database system to provide a customer relationship management (CRM) system via one or more server computing system that provide CRM applications, related data, code, forms pages and database system related data, objects and content, wherein the system stores data for multiple tenants in the same physical database object with tenant data arranged so that data corresponding to respective tenants is kept logically separate from that of other tenants so that one tenant does not have access to another tenant'"'"'s data unless such data is expressly shared, the method comprising:

receiving from one of a plurality of tenants, a request to permit at least one first tenant user to access a sub-portion of authorized content on the database authorized to the one of a plurality of tenants to access, which is stored with remaining content authorized to remaining tenants of the plurality of tenants to access on-demand;

configuring a plurality of portal display registries to be associated with one of the plurality of tenants such that anyone of the plurality of tenants is associated with a display registry that is different from the portal display registry associated with the remaining tenants of the plurality of tenants storing in one of the plurality of portal display registries information identifying accessible content that may be accessed by the tenant associated therewith and a subpart of the accessible content that the tenant may not allow the at least one first tenant user to access, with the accessible content including said authorized content and the sub-part including content provided by an owner of the multi-tenant based system; and

permitting the at least one first tenant user to access the sub-portion through a portal in response to determining that the sub-portion is not included in the sub-part.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

In accordance with embodiments, there are provided mechanisms and methods for controlling access to a multi-tenant database system using a virtual portal. These mechanisms and methods for controlling access to a multi-tenant database system using a virtual portal can enable embodiments to provide great flexibility to a tenant of the architecture to select the content that may be perceived by the tenant users while allowing the owner of the architecture control over the content.

245 Citations

19 Claims

1. A method for controlling access to a multi-tenant database system using a virtual portal, the multi-tenant database system to provide a customer relationship management (CRM) system via one or more server computing system that provide CRM applications, related data, code, forms pages and database system related data, objects and content, wherein the system stores data for multiple tenants in the same physical database object with tenant data arranged so that data corresponding to respective tenants is kept logically separate from that of other tenants so that one tenant does not have access to another tenant'"'"'s data unless such data is expressly shared, the method comprising:
- receiving from one of a plurality of tenants, a request to permit at least one first tenant user to access a sub-portion of authorized content on the database authorized to the one of a plurality of tenants to access, which is stored with remaining content authorized to remaining tenants of the plurality of tenants to access on-demand;
  
  configuring a plurality of portal display registries to be associated with one of the plurality of tenants such that anyone of the plurality of tenants is associated with a display registry that is different from the portal display registry associated with the remaining tenants of the plurality of tenants storing in one of the plurality of portal display registries information identifying accessible content that may be accessed by the tenant associated therewith and a subpart of the accessible content that the tenant may not allow the at least one first tenant user to access, with the accessible content including said authorized content and the sub-part including content provided by an owner of the multi-tenant based system; and
  
  permitting the at least one first tenant user to access the sub-portion through a portal in response to determining that the sub-portion is not included in the sub-part.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
- - 2. The method of claim 1, further comprising:
    - permitting a second tenant user to access a second sub-portion of the remaining content through an additional portal, the second sub-portion being defined in an additional portal display registry of the plurality of display registries included with the multi-tenant database system associated with a second tenant of the plurality of tenants.
  - 3. The method of claim 1, wherein receiving further includes:
    - receiving from the one of a plurality of tenants, a request to permit additional tenant users to access the sub-portion.
  - 4. The method of claim 1, wherein receiving further includes:
    - receiving from the one of a plurality of tenants, a request to permit additional tenant users to access a segment of the sub-portion, with the at least one first tenant user and the additional tenant users defining a plurality of tenant users, with the information contained in the segment perceived by one of the plurality of tenant users being different from the information contained in the segment perceived by the remaining tenant users of the plurality of tenant users.
  - 5. The method as recited in claim 1, wherein permitting further includes:
    - permitting a second tenant user to perceive a second sub-portion of the remaining content through an additional portal, the second sub-portion being defined in an additional portal display registry included with the multi-tenant database system associated with a second tenant of the plurality of tenants, with the at least one first tenant user accessing the first sub-portion through a uniform resource locator (URL) that is different than a URL through which the second tenant user communicates with the database.
  - 6. The method of claim 1, wherein permitting further includes:
    - receiving a communication from the at least one first tenant user requesting access to the sub-portion;
      
      identifying, among the authorized content, the sub-portion;
      
      comparing information in the sub-portion to information contained in the one of a plurality of portal display registries to determine whether information in the sub-portion may be transmitted to the at least one first tenant user; and
      
      sending the information in the sub-portion in response to determining that the at least one first tenant user is authorized to perceive the information in the sub-portion.
  - 7. The method of claim 1, wherein permitting further includes providing, in the sub-portion, first branding information that is perceivable by the one of a plurality of tenants and allowing further includes providing to the at least one first tenant user second branding information that is defined by the one of a plurality of tenants.
  - 8. The method of claim 1, wherein permitting further includes providing, in the sub-portion, first branding information that is perceivable by the one of a plurality of tenants and allowing further includes providing to the at least one first tenant user second branding information that is different than the first branding information.
  - 9. The method of claim 1, wherein permitting further includes providing, in the sub-portion, first branding information that is perceivable by the one of a plurality of tenants and allowing further includes providing to a plurality of first tenant users, additional branding information that is different than the first branding information, with the additional branding information perceived by one of the plurality of first tenant users being different from the branding information perceived by the remaining first tenant users of the plurality of first tenant users.

10. A non-transitory machine-readable medium carrying one or more sequences of instructions for controlling access to a multi-tenant database system using a virtual portal, the multi-tenant database system to provide a customer relationship management (CRM) system via one or more server computing system that provide CRM applications, related data, code, forms pages and database system related data, objects and content, wherein the system stores data for multiple tenants in the same physical database object with tenant data arranged so that data corresponding to respective tenants is kept logically separate from that of other tenants so that one tenant does not have access to another tenant'"'"'s data unless such data is expressly shared, which instructions, when executed by one or more processors, cause the one or more processors to carry out the steps of:
- receiving from one of a plurality of tenants, a request to permit at least one first tenant user to access a sub-portion of authorized content on the database authorized to the one of a plurality of tenants to access, which is stored with remaining content authorized to remaining tenants of the plurality of tenants to access on-demand;
  
  configuring a plurality of portal display registries to be associated with one of the plurality of tenants such that anyone of the plurality of tenants is associated with a display registry that is different from the portal display registry associated with the remaining tenants of the plurality of tenants storing in one of the plurality of portal display registries information identifying accessible content that may be accessed by the tenant associated therewith and a subpart of the accessible content that the tenant may not allow the at least one first tenant user to access, with the accessible content including said authorized content and the sub-part including content provided by an owner of the multi-tenant based system; and
  
  permitting the at least one first tenant user to access the sub-portion through a portal in response to determining that the sub-portion is not included in the sub-part.
- View Dependent Claims (11, 12, 13, 14, 15, 16, 17)
- - 11. The non-transitory machine-readable medium as recited in claim 10, further including instructions for carrying out the step of:
    - permitting a second tenant user to access a second sub-portion of the remaining content through an additional portal, the second sub-portion being defined in an additional portal display registry of the plurality of display registries included with the multi-tenant database system associated with a second tenant of the plurality of tenants.
  - 12. The non-transitory machine-readable medium as recited in claim 10, further including instructions for carrying out the step of:
    - allowing a plurality of first tenant users to access a segment of the sub-portion, with the information contained in the segment perceived by one of the plurality of first tenant users being different from the information contained in the segment perceived by the remaining first tenant users of the plurality of tenant users.
  - 13. The non-transitory machine-readable medium as recited in claim 10, wherein the instructions to carrying out the step of permitting further includes instructions for carrying out the step of:
    - permitting a second tenant user to perceive a second sub-portion of the remaining content through an additional portal, the second sub-portion being defined in an additional portal display registry included with the multi-tenant database system associated with a second tenant of the plurality of tenants, with the at least one first tenant user accessing the first sub-portion through a uniform resource locator (URL) that is different than a URL through which the second tenant user communicates with the database.
  - 14. The non-transitory machine-readable medium as recited in claim 10, wherein the instructions to carrying out the step of permitting further includes instructions for carrying out the steps of:
    - receiving a communication from the at least one first tenant user for access to the sub-portion;
      
      identifying, among the authorized content, the sub-portion;
      
      comparing information in the sub-portion to information contained in the one of a plurality of portal display registries to determine whether information in the sub-portion may be transmitted to the at least one first tenant user; and
      
      sending the information in the sub-portion in response to determining that the at least one first tenant user is authorized to perceive the information in the sub-portion.
  - 15. The non-transitory machine-readable medium as recited in claim 10, wherein the instructions to carrying out the step of permitting further includes instructions for carrying out the step of providing, in the sub-portion, first branding information that is perceivable by the at least one first tenant and the instructions for allowing further include instructions to carry out the step of providing to the at least one first tenant user second branding information that is defined by the one of a plurality of tenants.
  - 16. The non-transitory machine-readable medium as recited in claim 10, wherein the instructions to carrying out the step of permitting further includes instructions for carrying out the step of providing, in the sub-portion, first branding information that is perceivable by the one of a plurality of tenants and the instructions for carrying out the step of allowing further includes instructions for carrying out the step of providing, to the at least one first tenant user, second branding information that is different than the first branding information.
  - 17. The non-transitory machine-readable medium as recited in claim 10, wherein the instructions to carrying out the step of permitting further includes instructions for carrying out the step of providing, in the sub-portion, first branding information that is perceivable by the one of a plurality of tenants and the instructions for carrying out the step of allowing further includes instructions for carrying-out the step of providing to a plurality of first tenant users, additional branding information that is different than the first branding information, with the additional branding information perceived by one of the plurality of first tenant users being different from the branding information perceived by the remaining first tenant users of the plurality of first tenant users.

18. An apparatus for controlling access to a multi-tenant database system using a virtual portal, the multi-tenant database system to provide a customer relationship management (CRM) system via one or more server computing system that provide CRM applications, related data, code, forms pages and database system related data, objects and content, wherein the system stores data for multiple tenants in the same physical database object with tenant data arranged so that data corresponding to respective tenants is kept logically separate from that of other tenants so that one tenant does not have access to another tenant'"'"'s data unless such data is expressly shared, the apparatus comprising:
- a processor; and
  
  one or more stored sequences of instructions which, when executed by the processor, cause the processor to carry out the steps of;
  
  receiving from one of a plurality of tenants, a request to permit at least one first tenant user to access a sub-portion of authorized content on the database authorized to the one of a plurality of tenants to access, which is stored with remaining content authorized to remaining tenants of the plurality of tenants to access on-demand;
  
  configuring a plurality of portal display registries to be associated with one of the plurality of tenants such that anyone of the plurality of tenants is associated with a display registry that is different from the portal display registry associated with the remaining tenants of the plurality of tenants storing in one of the plurality of portal display registries information identifying accessible content that may be accessed by the tenant associated therewith and a subpart of the accessible content that the tenant may not allow the at least one first tenant user to access, with the accessible content including said authorized content and the sub-part including content provided by an owner of the multi-tenant based system; and
  
  permitting the at least one first tenant user to access the sub-portion through a portal in response to determining that the sub-portion is not included in the sub-part.

19. A method for transmitting code, for controlling access to a multi-tenant database system using a virtual portal, the multi-tenant database system to provide a customer relationship management (CRM) system via one or more server computing system that provide CRM applications, related data, code, forms pages and database system related data, objects and content, wherein the system stores data for multiple tenants in the same physical database object with tenant data arranged so that data corresponding to respective tenants is kept logically separate from that of other tenants so that one tenant does not have access to another tenant'"'"'s data unless such data is expressly shared, on a transmission medium, the method comprising:
- transmitting code to receive from one of a plurality of tenants, a request to permit at least one first tenant user to access a sub-portion of authorized content on the database authorized to the one of a plurality of tenants to access, which is stored with remaining content authorized to remaining tenants of the plurality of tenants to access on-demand;
  
  transmitting code to configure one of a plurality of portal display registries to be associated with one of the plurality of tenants such that anyone of the plurality of tenants is associated with a display registry that is different from the portal display registry associated with the remaining tenants of the plurality of tenants transmitting code to store in one of the plurality of portal display registries information identifying accessible content that may be accessed by the tenant associated therewith and a sub-part of the accessible content that the tenant may not allow the at least one first tenant user to access, with the accessible content including said authorized content and the sub-part including content provided by an owner of the multi-tenant based system; and
  
  transmitting code to permit the at least one first tenant user to access the subportion through a portal in response to determining that the sub-portion is not included in the sub-part.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Salesforce.com, Inc.
Original Assignee
Salesforce.com, Inc.
Inventors
Yancey, Scott, Doshi, Kedar
Primary Examiner(s)
Trujillo, James
Assistant Examiner(s)
Mueller, Kurt

Application Number

US12/132,409
Time in Patent Office

2,926 Days
Field of Search

707/694, 707/783
US Class Current

1/1
CPC Class Codes

G06F 16/27   Replication, distribution o...

G06F 16/335   Filtering based on addition...

G06F 16/9535   Search customisation based ...

G06F 16/9538   Presentation of query results

G06F 21/604   Tools and structures for ma...

G06F 21/6218   to a system of files or obj...

Method and system for controlling access to a multi-tenant database system using a virtual portal

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

245 Citations

19 Claims

Specification

Use Cases

Quick Links

Others

Method and system for controlling access to a multi-tenant database system using a virtual portal

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

245 Citations

19 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others