Method and system for granting access to secure data
First Claim
Patent Images
1. A method comprising:
- identifying, by a database system, a plurality of potential delegates in response to an electronic request to perform a task using a subset of private data, the private data being cloud data stored on the database system, the plurality of potential delegates having no access to the private data unless authorization is provided to the potential delegate, the plurality of potential delegates being identified based on an ability to resolve the electronic request;
determining, by the database system, attributes corresponding to the plurality of potential delegates, the attributes relating to the identity of a corresponding potential delegate;
determining, by the database system, at least one authorization filter, the at least one filter including authorization criterion pertaining to desired attributes;
applying the at least one authorization filter to the plurality of potential delegates to identify at least one delegate to be assigned to resolve the electronic request, the authorization filter determining a correspondence between at least one of the attributes of the corresponding delegate and at least one of the authorization criterion; and
issuing an authorization to the at least one delegate, wherein issuing an authorization includes providing authorization for reviewing the subset of private data and providing a link facilitating login as the at least one delegate.
0 Assignments
0 Petitions
Accused Products
Abstract
Techniques described herein can be implemented as one or a combination of methods, systems or processor executed code to form embodiments capable of improved protection of data or other computing resources based at least in part upon limiting access to a select number of delegates. Limited access to cloud data based on customer selected or other criterion, reducing the possibility of security exposures and/or improving privacy is provided for.
148 Citations
20 Claims
-
1. A method comprising:
-
identifying, by a database system, a plurality of potential delegates in response to an electronic request to perform a task using a subset of private data, the private data being cloud data stored on the database system, the plurality of potential delegates having no access to the private data unless authorization is provided to the potential delegate, the plurality of potential delegates being identified based on an ability to resolve the electronic request; determining, by the database system, attributes corresponding to the plurality of potential delegates, the attributes relating to the identity of a corresponding potential delegate; determining, by the database system, at least one authorization filter, the at least one filter including authorization criterion pertaining to desired attributes; applying the at least one authorization filter to the plurality of potential delegates to identify at least one delegate to be assigned to resolve the electronic request, the authorization filter determining a correspondence between at least one of the attributes of the corresponding delegate and at least one of the authorization criterion; and issuing an authorization to the at least one delegate, wherein issuing an authorization includes providing authorization for reviewing the subset of private data and providing a link facilitating login as the at least one delegate. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
-
8. A computer program product comprising computer-readable program code to be executed by one or more processors when retrieved from a non-transitory computer-readable medium, the program code including instructions to:
-
identify, by a database system, a plurality of potential delegates in response to an electronic request to perform a task using a subset of private data, the private data being cloud data stored on the database system, the plurality of potential delegates having no access to the private data unless authorization is provided to the potential delegate, the plurality of potential delegates being identified based on an ability to resolve the electronic request; determine, by the database system, attributes corresponding to the plurality of potential delegates, the attributes relating to the identity of a corresponding potential delegate; determine, by the database system, at least one authorization filter, the at least one filter including authorization criterion pertaining to desired attributes; apply the at least one authorization filter to the plurality of potential delegates to identify at least one delegate to be assigned to resolve the electronic request, the authorization filter determining a correspondence between at least one of the attributes of the corresponding delegate and at least one of the authorization criterion; and issue an authorization to the at least one delegate, wherein issuing an authorization includes providing authorization for reviewing the subset of private data and providing a link facilitating login as the at least one delegate. - View Dependent Claims (9, 10, 11, 12, 13, 14, 16, 17)
-
-
15. An apparatus comprising:
-
one or more processors; and a non-transitory computer readable medium storing a plurality of instructions, which when executed, cause the one or more processors to; identify, by a database system, a plurality of potential delegates in response to an electronic request to perform a task using a subset of private data, the private data being cloud data stored on the database system, the plurality of potential delegates having no access to the private data unless authorization is provided to the potential delegate, the plurality of potential delegates being identified based on an ability to resolve the electronic request; determine, by the database system, attributes corresponding to the plurality of potential delegates, the attributes relating to the identity of a corresponding potential delegate; determine, by the database system, at least one authorization filter, the at least one filter including authorization criterion pertaining to desired attributes; apply the at least one authorization filter to the plurality of potential delegates to identify at least one delegate to be assigned to resolve the electronic request, the authorization filter determining a correspondence between at least one of the attributes of the corresponding delegate and at least one of the authorization criterion; and issue an authorization to the at least one delegate, wherein issuing an authorization includes providing authorization for reviewing the subset of private data and providing a link facilitating login as the at least one delegate. - View Dependent Claims (18, 19, 20)
-
Specification