Techniques for processing group membership data in a multi-tenant database system
First Claim
Patent Images
1. A system having at least a processor and a memory therein to execute instructions to process group membership data of a database system, wherein the system comprises:
- a portal user interface to allow users access to the database system over a network;
the database system to store content;
the database system to store the group membership data within a first dataset at the database system associating individual users as members of one or more groups or sub-groups;
the database system to store Access Authorization Relationship (AAR) data within a second dataset at the database system, wherein the AAR data defines additional access rights for one or more users of a first sub-group to data which is accessible to one or more users of a second sub-group due to a managerial relationship between the one or more users of the first and second sub-groups;
wherein the AAR data is independent of the group membership data stored by the first dataset which associates the individual users to the one or more groups or sub-groups and further wherein the AAR data exists independent of any individual users associated with the first and second sub-groups;
the system to receive a request for access to a sub-portion of the content stored within the database system, wherein the request includes requester identification data uniquely identifying an individual user of the database system;
the database system to determine the one or more groups and sub-groups having access to the sub-portion of the content stored at the database system;
the database system to determine the users associated with the one or more groups and sub-groups via a join operation between the first dataset having the group membership data and the second dataset having the AAR data; and
the database system to compare the identification of the user that provided the request for access to the sub-portion of the content with the users associated with the determined users associated with the one or more groups and sub-groups to determine whether access should be granted; and
the portal user interface to transmit the sub-portion of the content in response to the request for access when determined that access should be granted.
1 Assignment
0 Petitions
Accused Products
Abstract
In accordance with embodiments, there are provided techniques for processing group membership data in a multi-tenant database system. These techniques for processing group membership data in a multi-tenant database system may enable embodiments to provide great flexibility to a tenant of the architecture to select the content that may be perceived by the tenant users while allowing the owner of the architecture control over the content.
-
Citations
20 Claims
-
1. A system having at least a processor and a memory therein to execute instructions to process group membership data of a database system, wherein the system comprises:
-
a portal user interface to allow users access to the database system over a network; the database system to store content; the database system to store the group membership data within a first dataset at the database system associating individual users as members of one or more groups or sub-groups; the database system to store Access Authorization Relationship (AAR) data within a second dataset at the database system, wherein the AAR data defines additional access rights for one or more users of a first sub-group to data which is accessible to one or more users of a second sub-group due to a managerial relationship between the one or more users of the first and second sub-groups; wherein the AAR data is independent of the group membership data stored by the first dataset which associates the individual users to the one or more groups or sub-groups and further wherein the AAR data exists independent of any individual users associated with the first and second sub-groups; the system to receive a request for access to a sub-portion of the content stored within the database system, wherein the request includes requester identification data uniquely identifying an individual user of the database system; the database system to determine the one or more groups and sub-groups having access to the sub-portion of the content stored at the database system; the database system to determine the users associated with the one or more groups and sub-groups via a join operation between the first dataset having the group membership data and the second dataset having the AAR data; and the database system to compare the identification of the user that provided the request for access to the sub-portion of the content with the users associated with the determined users associated with the one or more groups and sub-groups to determine whether access should be granted; and the portal user interface to transmit the sub-portion of the content in response to the request for access when determined that access should be granted. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
-
-
11. A computer-implemented method to execute within a system having at least a processor and a memory therein to execute instructions for processing group membership data, wherein the method comprises:
-
allowing users access to the database system over a network via a portal user interface; storing content at the database system; storing the group membership data within a first dataset at the database system associating individual users as members of one or more groups or sub-groups; storing Access Authorization Relationship (AAR) data within a second dataset at the database system, wherein the AAR data defines additional access rights for one or more users of a first sub-group to data which is accessible to one or more users of a second sub-group due to a managerial relationship between the one or more users of the first and second sub-groups; wherein the AAR data is independent of the group membership data stored by the first dataset which associates the individual users to the one or more groups or sub-groups and further wherein the AAR data exists independent of any individual users associated with the first and second sub-groups; receiving a request for access to a sub-portion of the content stored within the database system, wherein the request includes requester identification data uniquely identifying an individual user of the database system; determining the one or more groups and sub-groups having access to the sub-portion of the content stored at the database system; determining the users associated with the one or more groups and sub-groups by joining the first dataset having the group membership data and the second dataset having the AAR data; and comparing the identification of the user that provided the request for access to the sub-portion of the content with the users associated with the determined users associated with the one or more groups and sub-groups to determine whether access should be granted; and transmitting the sub-portion of the content in response to the request for access when determined that access should be granted. - View Dependent Claims (12, 13, 14, 15, 16, 17, 18)
-
-
19. Non-transitory machine-readable storage media having instructions stored thereupon for processing group membership data in a system having at least a processor and a memory therein, that, when the instructions are executed by the processor of the system, the instructions cause the system to perform operations including:
-
allowing users access to the database system over a network via a portal user interface; storing content at the database system; storing the group membership data within a first dataset at the database system associating individual users as members of one or more groups or sub-groups; storing Access Authorization Relationship (AAR) data within a second dataset at the database system, wherein the AAR data defines additional access rights for one or more users of a first sub-group to data which is accessible to one or more users of a second sub-group due to a managerial relationship between the one or more users of the first and second sub-groups; wherein the AAR data is independent of the group membership data stored by the first dataset which associates the individual users to the one or more groups or sub-groups and further wherein the AAR data exists independent of any individual users associated with the first and second sub-groups; receiving a request for access to a sub-portion of the content stored within the database system, wherein the request includes requester identification data uniquely identifying an individual user of the database system; determining the one or more groups and sub-groups having access to the sub-portion of the content stored at the database system; determining the users associated with the one or more groups and sub-groups by joining the first dataset having the group membership data and the second dataset having the AAR data; and comparing the identification of the user that provided the request for access to the sub-portion of the content with the users associated with the determined users associated with the one or more groups and sub-groups to determine whether access should be granted; and transmitting the sub-portion of the content in response to the request for access when determined that access should be granted. - View Dependent Claims (20)
-
Specification