Method and system for granting access to secure data
First Claim
Patent Images
1. A computer-implemented method for granting access to private customer data, the method comprising:
- receiving, by a database system, an electronic format request on behalf of a customer, the electronic format request being a request to perform a task using a subset of private data of the customer, the private data being cloud data stored on the database system;
identifying, by the database system, a plurality of potential delegates corresponding to the electronic format request, the plurality of potential delegates having no access to the private data unless authorization is provided to the plurality of potential delegates, the plurality of potential delegates being identified based on an ability to resolve the electronic format request;
determining, by the database system, attributes corresponding to the plurality of potential delegates, the attributes relating to the identity of a corresponding potential delegate;
determining, by the database system, at least one authorization filter, the at least one filter including customer-specific authorization criterion pertaining to desired attributes;
applying the at least one authorization filter to the attributes corresponding to the plurality of potential delegates to determine a set of authorized delegates, based at least in part on determining a correspondence between at least one of the attributes to at least one of the authorization criterion;
determining, by the database system, from the set of authorized delegates, at least one delegate to be assigned to resolve the electronic format request, andissuing an authorization to the at least one delegate to be assigned to the electronic format request, wherein issuing an authorization includes providing authorization for reviewing the subset of private data of the customer and providing a link facilitating login as the at least one delegate.
2 Assignments
0 Petitions
Accused Products
Abstract
Techniques described herein can be implemented as one or a combination of methods, systems or processor executed code to form embodiments capable of improved protection of data or other computing resources based at least in part upon limiting access to a select number of delegates. Limited access to cloud data based on customer selected or other criterion, reducing the possibility of security exposures and/or improving privacy is provided for.
-
Citations
21 Claims
-
1. A computer-implemented method for granting access to private customer data, the method comprising:
-
receiving, by a database system, an electronic format request on behalf of a customer, the electronic format request being a request to perform a task using a subset of private data of the customer, the private data being cloud data stored on the database system; identifying, by the database system, a plurality of potential delegates corresponding to the electronic format request, the plurality of potential delegates having no access to the private data unless authorization is provided to the plurality of potential delegates, the plurality of potential delegates being identified based on an ability to resolve the electronic format request; determining, by the database system, attributes corresponding to the plurality of potential delegates, the attributes relating to the identity of a corresponding potential delegate; determining, by the database system, at least one authorization filter, the at least one filter including customer-specific authorization criterion pertaining to desired attributes; applying the at least one authorization filter to the attributes corresponding to the plurality of potential delegates to determine a set of authorized delegates, based at least in part on determining a correspondence between at least one of the attributes to at least one of the authorization criterion; determining, by the database system, from the set of authorized delegates, at least one delegate to be assigned to resolve the electronic format request, and issuing an authorization to the at least one delegate to be assigned to the electronic format request, wherein issuing an authorization includes providing authorization for reviewing the subset of private data of the customer and providing a link facilitating login as the at least one delegate. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18)
-
-
19. A computer-implemented method for granting access to private customer data, the method comprising:
-
receiving, by a database system, via a computing device an electronic format request on behalf of a customer, the electronic format request being a request to perform a task using a subset of private data of the customer, the private data being cloud data stored on the database system; identifying, by the database system, a plurality of potential delegates corresponding to the electronic format request, the plurality of potential delegates having no access to the private data unless authorization is provided to the plurality of potential delegates, the plurality of potential delegates being identified based on an ability to resolve the electronic format request; determining, by the database system, attributes corresponding to the plurality of potential delegates, the attributes relating to the identity of a corresponding potential delegate; determining, by the database system, at least one authorization filter, the at least one filter including customer-specific authorization criterion pertaining to desired attributes; applying the at least one authorization filter to the attributes corresponding to the plurality of potential delegates to determine a set of authorized delegates, based at least in part on determining a correspondence between at least one of the attributes to at least one of the authorization criterion; determining, by the database system, from the set of authorized delegates, at least one delegate to be assigned to resolve the electronic format request; issuing, by the database system, an authorization to the at least one delegate to be assigned to the electronic format request, wherein issuing an authorization includes providing authorization for reviewing the a subset of private data of the customer; granting, by the database system, the at least one delegate access to the private data of the customer by providing a link facilitating login as the at least one delegate; and
providing, by the database system, the at least one delegate at least one permission of the customer to enable the at least one delegate to impersonate a user at the customer while tracking activities of the at least one delegate.
-
-
20. A non-transitory machine readable medium, storing one or more instructions which when executed by one or more processors cause the one or more processors to perform the following:
-
receiving via a computing device an electronic format request on behalf of a customer, the electronic format request being a request to perform a task using a subset of private data of the customer, the private data being cloud data stored on the database system; identifying, by the database system, a plurality of potential delegates corresponding to the electronic format request, the plurality of potential delegates having no access to the private data unless authorization is provided to the plurality of potential delegates, the plurality of potential delegates being identified based on an ability to resolve the electronic format request; determining attributes corresponding to the plurality of potential delegates, the attributes relating to the identity of a corresponding potential delegate; determining, by the database system, at least one authorization filter, the at least one filter including customer-specific authorization criterion pertaining to desired attributes; applying the at least one authorization filter to the attributes corresponding to the plurality of potential delegates to determine a set of authorized delegates, based at least in part on determining a correspondence between at least one of the attributes to at least one of the authorization criterion; determining, from the set of authorized delegates, at least one delegate to be assigned to resolve the electronic format request; issuing an authorization to the at least one delegate to be assigned to the electronic format request, wherein issuing an authorization includes providing authorization for reviewing the subset of private data of the customer; granting the at least one delegate access to the private data of the customer to enable the at least one delegate to impersonate a user at the customer while tracking activities of the at least one delegate.
-
-
21. A computer-implemented method for determining a number of candidates available to meet a criterion of interest, comprising:
-
receiving, by a database system, a criterion of interest on behalf of a customer, the criterion of interest pertaining to desired attributes; identifying, by the database system, a plurality of potential delegates corresponding to the criterion of interest, the plurality of potential delegates having no access to private data of the customer unless authorization is provided to the potential delegate, the plurality of potential delegates being identified based on an ability to resolve a received electronic format request to perform a task using a subset of the private data of the customer, the private data being cloud data stored on the database system; determining, by the database system, attributes corresponding to the plurality of potential delegates, the attributes relating to the identity of a corresponding potential delegate; determining, by the database system, at least one authorization filter, the at least one filter including authorization criterion that comprises the criterion of interest; applying the at least one authorization filter to the attributes corresponding to the plurality of potential delegates to determine a set of authorized delegates, based at least in part on determining a correspondence between at least one of the attributes corresponding to the plurality of potential delegates to the criterion of interest; determining, by the database system, from the set of authorized delegates, a number of candidates available to meet the criterion of interest; and issuing an authorization to at least one of the number of available candidates, the authorization allowing the at least one of the number of available candidates to review the subset of private data of the customer and providing a link facilitating login as the at least one of the number of available candidates.
-
Specification