×

System, method and computer program product for portal user data access in a multi-tenant on-demand database system

  • US 9,633,101 B2
  • Filed: 03/12/2013
  • Issued: 04/25/2017
  • Est. Priority Date: 04/01/2010
  • Status: Active Grant
First Claim
Patent Images

1. A computer program product, comprising a non-transitory computer readable storage medium having a computer readable program code embodied therein, wherein the computer readable program code is executable to cause a computer to implement a method comprising:

  • providing first and second interfaces to users associated with a tenant of a multi-tenant system having hardware and software that is shared by multiple tenants, wherein the first and second interfaces have different data access mechanisms and wherein the second interface includes multiple portals that are each a web interface, specific to one of the multiple tenants, that redirects users of the one of the multiple tenants to the multi-tenant system;

    wherein the first interface is accessible to an administrator of each of the multiple tenants for enabling the administrator to access the multi-tenant system;

    for each of the multiple tenants, allowing the administrator of the tenant to manage, through the first interface, access of users of a first type and users of a second type to objects stored by the multi-tenant system;

    receiving a first request to access a data object stored by the multi-tenant system from a first user of the first type, wherein the first type of user is an internal user;

    determining whether to allow the first user to access the data object based on determining whether the user is included in a user group, wherein access control information specifying the user group and whether users in the user group are allowed to access the data object is stored externally to the data object;

    providing one of the multiple portals to users of a tenant to enable the users to access the multi-tenant system;

    receiving, via the provided portal, a second request to access the data object from a second user of the second type, wherein the second type of user is a portal user;

    determining whether to allow the second user to access the data object based on accessing the data object and determining whether the data object includes a reference, in a field of the data object, to a user identifier data structure associated with the second user; and

    providing the second user with access, through the provided portal, without using access control information that is external to the data object, to the data object as a result of determining that the data object includes a reference to a data structure associated with the second user.

View all claims
  • 1 Assignment
Timeline View
Assignment View
    ×
    ×