System, method and computer program product for portal user data access in a multi-tenant on-demand database system

US 9,633,101 B2
Filed: 03/12/2013
Issued: 04/25/2017
Est. Priority Date: 04/01/2010
Status: Active Grant

First Claim

Patent Images

1. A computer program product, comprising a non-transitory computer readable storage medium having a computer readable program code embodied therein, wherein the computer readable program code is executable to cause a computer to implement a method comprising:

providing first and second interfaces to users associated with a tenant of a multi-tenant system having hardware and software that is shared by multiple tenants, wherein the first and second interfaces have different data access mechanisms and wherein the second interface includes multiple portals that are each a web interface, specific to one of the multiple tenants, that redirects users of the one of the multiple tenants to the multi-tenant system;

wherein the first interface is accessible to an administrator of each of the multiple tenants for enabling the administrator to access the multi-tenant system;

for each of the multiple tenants, allowing the administrator of the tenant to manage, through the first interface, access of users of a first type and users of a second type to objects stored by the multi-tenant system;

receiving a first request to access a data object stored by the multi-tenant system from a first user of the first type, wherein the first type of user is an internal user;

determining whether to allow the first user to access the data object based on determining whether the user is included in a user group, wherein access control information specifying the user group and whether users in the user group are allowed to access the data object is stored externally to the data object;

providing one of the multiple portals to users of a tenant to enable the users to access the multi-tenant system;

receiving, via the provided portal, a second request to access the data object from a second user of the second type, wherein the second type of user is a portal user;

determining whether to allow the second user to access the data object based on accessing the data object and determining whether the data object includes a reference, in a field of the data object, to a user identifier data structure associated with the second user; and

providing the second user with access, through the provided portal, without using access control information that is external to the data object, to the data object as a result of determining that the data object includes a reference to a data structure associated with the second user.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

In accordance with embodiments, there are provided mechanisms and methods for portal user data access in a multi-tenant on-demand database system. These mechanisms and methods for portal user data access in a multi-tenant on-demand database system can enable embodiments to provide portal-specific user accounts to the multi-tenant on-demand database system which have reduced configuration requirements than users directly accessing the multi-tenant on-demand database system. The ability of embodiments to provide portal-specific user accounts can reduce processing requirements of the database system.

Citations

11 Claims

1. A computer program product, comprising a non-transitory computer readable storage medium having a computer readable program code embodied therein, wherein the computer readable program code is executable to cause a computer to implement a method comprising:
- providing first and second interfaces to users associated with a tenant of a multi-tenant system having hardware and software that is shared by multiple tenants, wherein the first and second interfaces have different data access mechanisms and wherein the second interface includes multiple portals that are each a web interface, specific to one of the multiple tenants, that redirects users of the one of the multiple tenants to the multi-tenant system;
  
  wherein the first interface is accessible to an administrator of each of the multiple tenants for enabling the administrator to access the multi-tenant system;
  
  for each of the multiple tenants, allowing the administrator of the tenant to manage, through the first interface, access of users of a first type and users of a second type to objects stored by the multi-tenant system;
  
  receiving a first request to access a data object stored by the multi-tenant system from a first user of the first type, wherein the first type of user is an internal user;
  
  determining whether to allow the first user to access the data object based on determining whether the user is included in a user group, wherein access control information specifying the user group and whether users in the user group are allowed to access the data object is stored externally to the data object;
  
  providing one of the multiple portals to users of a tenant to enable the users to access the multi-tenant system;
  
  receiving, via the provided portal, a second request to access the data object from a second user of the second type, wherein the second type of user is a portal user;
  
  determining whether to allow the second user to access the data object based on accessing the data object and determining whether the data object includes a reference, in a field of the data object, to a user identifier data structure associated with the second user; and
  
  providing the second user with access, through the provided portal, without using access control information that is external to the data object, to the data object as a result of determining that the data object includes a reference to a data structure associated with the second user.
- View Dependent Claims (2, 3)
- - 2. The computer program product of claim 1, wherein the data structure associated with the second user is a user object corresponding to the second user.
  - 3. The computer program product of claim 1, wherein the data structure associated with the second user is an account object that is associated with one or more user objects including a user object of the second user.

4. A method, comprising:
- providing, by a computing system, first and second interfaces to users associated with a tenant of a multi-tenant system having hardware and software that is shared by multiple tenants, wherein the first and second interfaces have different data access mechanisms and wherein the second interface includes multiple portals that are each a web interface, specific to one of the multiple tenants, that redirects users of the one of the multiple tenants to the multi-tenant system;
  
  wherein the first interface is accessible to an administrator of each of the multiple tenants for enabling the administrator to access the multi-tenant system;
  
  for each of the multiple tenants, the computing system allowing the administrator of the tenant to manage, through the first interface, access of users of a first type and users of a second type to objects stored by the multi-tenant system;
  
  receiving, by the computing system, a first request to access a data object stored by the multi-tenant system from a first user of the first type, wherein the first type of user is an internal user;
  
  determining, by the computing system, whether to allow the first user to access the data object based on determining whether the user is included in a user group, wherein access control information specifying the user group and whether users in the user group are allowed to access the data object is stored externally to the data object;
  
  providing, by the computing system, one of the multiple portals to users of a tenant to enable the users to access the multi-tenant system;
  
  receiving, by the computing system via the provided portal, a second request to access the data object from a second user of the second type, wherein the second type of user is a portal user;
  
  determining, by the computing system, whether to allow the second user to access the data object based on accessing the data object and determining whether the data object includes a reference, in a field of the data object, to a user identifier data structure associated with the second user; and
  
  providing, by the computing system, the second user with access, through the provided portal, without using access control information that is external to the data object, to the data object as a result of determining that the data object includes a reference to a data structure associated with the second user.
- View Dependent Claims (5, 6, 7)
- - 5. The method of claim 4, wherein the data structure associated with the second user is at least one of:
    - a user object, an account object, or a contact object.
  - 6. The method of claim 4, wherein the portal is a web interface that is similar in appearance to a website of the tenant.
  - 7. The method of claim 4, wherein the data structure associated with the second user is a user object that is directly referenced by the data object.

8. An apparatus, comprising:
- one or more processing elements; and
  
  one or more memories having program instructions stored thereon that are executable by the one or more processing elements to perform operations comprising;
  
  providing first and second interfaces to users associated with a tenant of a multi-tenant system having hardware and software that is shared by multiple tenants, wherein the first and second interfaces have different data access mechanisms and wherein the second interface includes multiple portals that are each a web interface, specific to one of the multiple tenants, that redirects users of the one of the multiple tenants to the multi-tenant system;
  
  wherein the first interface is accessible to an administrator of each of the multiple tenants for enabling the administrator to access the multi-tenant system;
  
  for each of the multiple tenants, allowing the administrator of the tenant to manage, through the first interface, access of users of a first type and users of a second type to objects stored by the multi-tenant system;
  
  receiving a first request to access a data object stored by the multi-tenant system from a first user of the first type, wherein the first type of user is an internal user;
  
  determining whether to allow the first user to access the data object based on determining whether the user is included in a user group, wherein access control information specifying the user group and whether users in the user group are allowed to access the data object is stored externally to the data object;
  
  providing, one of the multiple portals to users of a tenant to enable the users to access the multi-tenant system;
  
  receiving, via the provided portal, a second request to access the data object from a second user of the second type, wherein the second type of user is a portal user;
  
  determining whether to allow the second user to access the data object based on accessing the data object and determining whether the data object includes a reference, in a field of the data object, to a user identifier data structure associated with the second user; and
  
  providing the second user with access, through the provided portal, without using access control information that is external to the data object, to the data object as a result of determining that the data object includes a reference to a data structure associated with the second user.
- View Dependent Claims (9, 10, 11)
- - 9. The apparatus of claim 8, wherein the data structure associated with the second user is at least one of:
    - a user object, an account object, or a contact object.
  - 10. The apparatus of claim 8, wherein the portal is a web interface that is similar in appearance to a website of the tenant.
  - 11. The apparatus of claim 8, wherein the data structure associated with the second user is a user object that is directly referenced by the data object.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Salesforce.com, Inc.
Original Assignee
Salesforce.com, Inc.
Inventors
Wu, Yongsheng, Vieira, Alfred, Jain, Punit
Primary Examiner(s)
LIN, SHEW FEN

Application Number

US13/797,784
Publication Number

US 20130198184A1
Time in Patent Office

1,505 Days
Field of Search
US Class Current
CPC Class Codes

G06F 16/284   Relational databases

G06F 21/6209   to a single file or object,...

G06F 2221/2117   User registration

G06F 2221/2119   Authenticating web pages, e...

G06F 2221/2143   Clearing memory, e.g. to pr...

System, method and computer program product for portal user data access in a multi-tenant on-demand database system

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

11 Claims

Specification

Solutions

Use Cases

Quick Links

System, method and computer program product for portal user data access in a multi-tenant on-demand database system

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

11 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links