Methods and systems for controlling access to custom objects in a database

US 9,378,392 B2
Filed: 09/30/2013
Issued: 06/28/2016
Est. Priority Date: 10/03/2006
Status: Active Grant

First Claim

Patent Images

1. A method of controlling access to diverse custom objects in a custom entity share table, the method including:

storing a plurality of custom object types for a plurality of shared database tenants in a custom entity share table in a memory, wherein;

a first custom object for a first tenant has a first schema including a first set of custom fields;

a second custom object for a second tenant has a second schema including a second set of custom fields;

the first and second custom objects are both stored in a same custom entity share table despite having different sets of custom fields; and

the first and second custom objects are both associated with fields for tenant identifier (id) and object type;

receiving a user request for access to custom objects of a particular custom object type and identifying a particular group of users to which the user belongs with a particular tenant id in response to the user request; and

determining whether the particular group has access to the particular custom object type requested and, responsively, accessing and returning at least some custom objects in the custom entity share table based at least on the particular tenant id and the particular custom object type to select at least some of the plurality of the custom objects responsive to the user request.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

In embodiments, methods and systems for controlling access to custom objects are provided. These techniques for controlling access to custom objects can enable embodiments to utilize a key for the protection of the security of data that is to remain private while not compromising efficiency of a query. The key for a requested custom object is identified and then used so that only an appropriate portion of a custom entity share table is searched to locate access information. It is then determined whether the user can access at least a portion of the custom object, and the appropriate and allowed data is sent to the user.

Citations

19 Claims

1. A method of controlling access to diverse custom objects in a custom entity share table, the method including:
- storing a plurality of custom object types for a plurality of shared database tenants in a custom entity share table in a memory, wherein;
  
  a first custom object for a first tenant has a first schema including a first set of custom fields;
  
  a second custom object for a second tenant has a second schema including a second set of custom fields;
  
  the first and second custom objects are both stored in a same custom entity share table despite having different sets of custom fields; and
  
  the first and second custom objects are both associated with fields for tenant identifier (id) and object type;
  
  receiving a user request for access to custom objects of a particular custom object type and identifying a particular group of users to which the user belongs with a particular tenant id in response to the user request; and
  
  determining whether the particular group has access to the particular custom object type requested and, responsively, accessing and returning at least some custom objects in the custom entity share table based at least on the particular tenant id and the particular custom object type to select at least some of the plurality of the custom objects responsive to the user request.
- View Dependent Claims (2, 3)
- - 2. The method of claim 1, wherein the fields for the tenant id and object type are stored in the custom entity share table with the custom objects.
  - 3. The method of claim 1, wherein the fields for the tenant id and object type are stored in a custom entity access table that is linked to the custom objects.

4. A system that controls access to diverse custom objects in a custom entity share table, the system including:
- one or more processors coupled to memory, the memory loaded with computer instructions that, when executed on the processors, implement actions including;
  
  storing a plurality of custom object types for a plurality of shared database tenants in a custom entity share table in a memory, wherein;
  
  a first custom object for a first tenant has a first schema including a first set of custom fields;
  
  a second custom object for a second tenant has a second schema including a second set of custom fields;
  
  the first and second custom objects are both stored in a same custom entity share table despite having different sets of custom fields; and
  
  the first and second custom objects are both associated with fields for tenant identifier (id) and object type;
  
  receiving a user request for access to custom objects of a particular custom object type and identifying a particular group of users to which the user belongs with a particular tenant id in response to the user request; and
  
  determining whether the particular group has access to the particular custom object type requested and, responsively, accessing and returning at least some custom objects in the custom entity share table based at least on the particular tenant id and the particular custom object type to select at least some of the plurality of the custom objects responsive to the user request.
- View Dependent Claims (5, 6)
- - 5. The system of claim 4, wherein the fields for the tenant id and object type are stored in the custom entity share table with the custom objects.
  - 6. The system of claim 4, wherein the fields for the tenant id and object type are stored in a custom entity access table that is linked to the custom objects.

7. A non-transitory machine-readable storage medium storing a plurality of instructions for programming one or more processors to control access to diverse custom objects in a custom entity share table, the instructions, when executed on the processors, implementing actions including:
- storing a plurality of custom object types for a plurality of shared database tenants in a custom entity share table in a memory, wherein;
  
  a first custom object for a first tenant has a first schema including a first set of custom fields;
  
  a second custom object for a second tenant has a second schema including a second set of custom fields;
  
  the first and second custom objects are both stored in a same custom entity share table despite having different sets of custom fields; and
  
  the first and second custom objects are both associated with fields for tenant identifier (id) and object type;
  
  receiving a user request for access to custom objects of a particular custom object type and identifying a particular group of users to which the user belongs with a particular tenant id in response to the user request; and
  
  determining whether the particular group has access to the particular custom object type requested and, responsively, accessing and returning at least some custom objects in the custom entity share table based at least on the particular tenant id and the particular custom object type to select at least some of the plurality of the custom objects responsive to the user request.
- View Dependent Claims (8, 9)
- - 8. The non-transitory computer readable medium of claim 7, wherein the fields for the tenant id and object type are stored in the custom entity share table with the custom objects.
  - 9. The non-transitory computer readable medium of claim 7, wherein the fields for the tenant id and object type are stored in a custom entity access table that is linked to the custom objects.

10. A computer-implemented method of controlling access to custom objects in a custom entity share table, the method including:
- storing a plurality of custom objects for a plurality of shared database tenants in a custom entity share table in a memory;
  
  receiving a user request for access to the custom objects of a particular custom object type and identifying a particular group of users to which the user belongs based on a tenant identifier in response to the user request; and
  
  determining whether the particular group has access to the particular custom object type requested, including;
  
  when the user request is selective, accessing the custom entity share table based on the tenant identifier; and
  
  when the user request is unselective, accessing the custom entity share table based on a user group identifier; and
  
  responsive to the user request, returning at least some custom objects in the custom entity share table based at least on the tenant identifier or the group identifier and the particular custom object type.
- View Dependent Claims (11, 12, 13)
- - 11. The method of claim 10, further including storing one or more fields for the tenant identifier and particular custom object type in the custom entity share table with the custom objects.
  - 12. The method of claim 10, further including storing one or more fields for the tenant identifier and particular custom object type in a custom entity access table that is linked to the custom objects.
  - 13. The method of claim 10, wherein the custom objects are accessed using a key prefix.

14. A system including one or more processors coupled to memory, the memory loaded with computer instructions to control access to custom objects in a custom entity share table, the instructions, when executed on the processors, implement actions comprising:
- storing a plurality of custom objects for a plurality of shared database tenants in a custom entity share table in a memory;
  
  receiving a user request for access to the custom objects of a particular custom object type and identifying a particular group of users to which the user belongs based on a tenant identifier in response to the user request; and
  
  determining whether the particular group has access to the particular custom object type requested, including;
  
  when the user request is selective, accessing the custom entity share table based on the tenant identifier; and
  
  when the user request is unselective, accessing the custom entity share table based on a user group identifier; and
  
  responsive to the user request, returning at least some custom objects in the custom entity share table based at least on the tenant identifier or the group identifier and the particular custom object type.
- View Dependent Claims (15, 16)
- - 15. The system of claim 14, further implementing actions storing one or more fields for the tenant identifier and particular custom object type in a custom entity access table that is linked to the custom objects.
  - 16. The system of claim 14, wherein the custom objects are accessed using a key prefix.

17. A non-transitory computer readable storage medium impressed with computer program instructions to control access to custom objects in a custom entity share table, the instructions, when executed on the processors, implement a method comprising:
- storing a plurality of custom objects for a plurality of shared database tenants in a custom entity share table in a memory;
  
  receiving a user request for access to the custom objects of a particular custom object type and identifying a particular group of users to which the user belongs based on a tenant identifier in response to the user request; and
  
  determining whether the particular group has access to the particular custom object type requested, including;
  
  when the user request is selective, accessing the custom entity share table based on the tenant identifier; and
  
  when the user request is unselective, accessing the custom entity share table based on a user group identifier; and
  
  responsive to the user request, returning at least some custom objects in the custom entity share table based at least on the tenant identifier or the group identifier and the particular custom object type.
- View Dependent Claims (18, 19)
- - 18. The non-transitory computer readable storage medium of claim 17, implementing the method further comprising storing one or more fields for the tenant identifier and particular custom object type in a custom entity access table that is linked to the custom objects.
  - 19. The non-transitory computer readable storage medium of claim 17, wherein the custom objects are accessed using a key prefix.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Salesforce.com, Inc.
Original Assignee
Salesforce.com, Inc.
Inventors
Weissman, Craig, Oliver, Kevin, Jasik, Benji, Doshi, Kedar
Primary Examiner(s)
Trujillo, James
Assistant Examiner(s)
Le, Jessica N

Application Number

US14/042,514
Publication Number

US 20140095545A1
Time in Patent Office

1,002 Days
Field of Search
US Class Current

1/1
CPC Class Codes

G06F 16/176   Support for shared access t...

G06F 16/289   Object oriented databases

G06F 21/6227   where protection concerns t...

Y10S 707/99933   Query processing, i.e. sear...

Y10S 707/99939   Privileged access

Methods and systems for controlling access to custom objects in a database

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

19 Claims

Specification

Solutions

Use Cases

Quick Links

Methods and systems for controlling access to custom objects in a database

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

19 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links