On-demand database service system, method and computer program product for conditionally allowing an application of an entity access to data of another entity

US 9,697,377 B2
Filed: 02/18/2016
Issued: 07/04/2017
Est. Priority Date: 07/19/2007
Status: Active Grant

First Claim

Patent Images

1. A method, comprising:

responsive to determining that first entity that is a user of a database service is authorized to obtain a package that includes an application of a second entity, a computer system installing the package;

extracting, by the computer system, one or more profiles from the package, wherein a first profile of the one or more profiles specifies a plurality of limitations on the application'"'"'s access to data of the first entity within the database service, including actions that may be performed on the data by the application;

responsive to an acceptance of the plurality of limitations of the first profile by the first entity, the computer system permitting the application to access data of the first entity within the database service according to the plurality of limitations of the first profile;

receiving, at the computer system, an upgrade to the package, wherein the upgrade pertains to the application and includes a modification to the first profile that includes a different set of limitations indicating an updated level of access to data of the first entity, including removal of a subset of the plurality of limitations; and

responsive to an acceptance of the upgrade, the computer system permitting the application to access data of the first entity within the database service according to the modified first profile.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

In accordance with embodiments, there are provided mechanisms and methods for conditionally allowing an application of an entity access to data of another entity in an on-demand database service. These mechanisms and methods for conditionally allowing an application of an entity access to data of another entity in an on-demand database service can enable embodiments to limit such access to the data, as desired. Furthermore, embodiments of such mechanisms and methods may provide additional security when sharing data among different subscribers to an on-demand database service.

Citations

17 Claims

1. A method, comprising:
- responsive to determining that first entity that is a user of a database service is authorized to obtain a package that includes an application of a second entity, a computer system installing the package;
  
  extracting, by the computer system, one or more profiles from the package, wherein a first profile of the one or more profiles specifies a plurality of limitations on the application'"'"'s access to data of the first entity within the database service, including actions that may be performed on the data by the application;
  
  responsive to an acceptance of the plurality of limitations of the first profile by the first entity, the computer system permitting the application to access data of the first entity within the database service according to the plurality of limitations of the first profile;
  
  receiving, at the computer system, an upgrade to the package, wherein the upgrade pertains to the application and includes a modification to the first profile that includes a different set of limitations indicating an updated level of access to data of the first entity, including removal of a subset of the plurality of limitations; and
  
  responsive to an acceptance of the upgrade, the computer system permitting the application to access data of the first entity within the database service according to the modified first profile.
- View Dependent Claims (2, 3, 4, 5)
- - 2. The method of claim 1, wherein, prior to the installing the package, the computer system authenticates the first entity.
  - 3. The method of claim 1, wherein the action includes one or more of the following actions:
    - create, read, update, delete.
  - 4. The method of claim 1, wherein the one or more profiles are defined either at package level or at component level within the package.
  - 5. The method of claim 1, wherein the one or more profiles determine what objects may be accessed by the application.

6. A non-transitory computer-readable medium having instructions stored thereon executable by a computing device to perform operations comprising:
- responsive to determining that a first entity is authorized to obtain a package that includes an application of a second entity, installing the package, wherein the first entity is a user of a database service, wherein the package further includes one or more profiles, wherein a first profile of the one or more profiles specifies a plurality of limitations on the application'"'"'s access to data of the first entity within the database service, including actions that may be performed on the data by the application;
  
  extracting the one or more profiles from the package;
  
  responsive to an acceptance of the plurality of limitations of the first profile by the first entity, permitting the application to access data of the first entity within the database service according to the plurality of limitations of the first profile;
  
  receiving an upgrade to the package, wherein the upgrade pertains to the application and includes a modification to the first profile that includes a different set of limitations indicating an updated level of access to data of the first entity, including removal of a subset of the plurality of limitations; and
  
  responsive to an acceptance of the upgrade, permitting the application to access data of the first entity within the database service according to the modified first profile.
- View Dependent Claims (7, 8, 9, 10, 11)
- - 7. The non-transitory computer-readable medium of claim 6, wherein the operations further comprise:
    - authenticating the first entity prior to installing the package, wherein the authenticating is based on authentication information provided by the first entity.
  - 8. The non-transitory computer-readable medium of claim 6, wherein the plurality of limitations indicate a set of objects the first entity may access.
  - 9. The non-transitory computer-readable medium of claim 6, wherein the plurality of limitations are presented to the first entity for acceptance via a graphical user interface.
  - 10. The non-transitory computer-readable medium of claim 6, wherein the plurality of limitations indicate how the first entity may utilize one or more object types.
  - 11. The non-transitory computer-readable medium of claim 6, wherein the package is stored at a database of the database service such that the package is available to users of the database service.

12. A non-transitory computer-readable medium having instructions stored thereon executable by a computing device to perform operations comprising:
- submitting authentication information of a first entity to a database service;
  
  in response to submitting the authentication information, receiving a package that includes an application of a second entity and one or more profiles;
  
  installing the package on the computing device;
  
  extracting the one or more profiles from the package, wherein a first profile of the one or more profiles specifies a plurality of limitations on the application'"'"'s access to data of the first entity within the database service, including actions that may be performed on the data by the application;
  
  responsive to an acceptance of the plurality of limitations of the first profile by the first entity, permitting the application to access data of the first entity within the database service according to the plurality of limitations of the first profile;
  
  receiving an upgrade to the package, wherein the upgrade pertains to the application and includes a modification to the first profile that includes a different set of limitations indicating an updated level of access to data of the first entity, including removal of a subset of the plurality of limitations; and
  
  responsive to an acceptance of the upgrade, permitting the application to access data of the first entity within the database service according to the modified first profile.
- View Dependent Claims (13, 14, 15, 16, 17)
- - 13. The non-transitory computer-readable medium of claim 12, wherein the authentication information includes a user name and a password associated with the first entity.
  - 14. The non-transitory computer-readable medium of claim 12, wherein the plurality of limitations on the application'"'"'s access to data indicate a set of objects the first entity may access.
  - 15. The non-transitory computer-readable medium of claim 14, wherein the plurality of limitations on the application'"'"'s access to data further indicate with respect to each object in the set of objects whether the first entity may perform one or more of the following actions with respect to the respective object:
    - create, read, update, and delete.
  - 16. The non-transitory computer-readable medium of claim 12, wherein the plurality of limitations of the first profile are presented to the first entity via a user interface and wherein an indication that the first entity has accepted the plurality of limitations of the first profile is received via the user interface.
  - 17. The non-transitory computer-readable medium of claim 12, wherein the operations further comprise performing an action on the data of the first entity in compliance with the plurality of limitations of the first profile.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Salesforce.com, Inc.
Original Assignee
Salesforce.com, Inc.
Inventors
Horne, Nate, Dapkus, Peter J., Viripaeff, Alexis, Mehra, Vinod, Warshavsky, Alex
Primary Examiner(s)
Mackes, Kris
Assistant Examiner(s)
Bui, Tiffany

Application Number

US15/047,530
Publication Number

US 20160196443A1
Time in Patent Office

502 Days
Field of Search

707781
US Class Current
CPC Class Codes

G06F 16/24573   using data annotations, e.g...

G06F 21/31   User authentication

G06F 21/6218   to a system of files or obj...

G06F 21/6227   where protection concerns t...

G06F 2221/2105   Dual mode as a secondary as...

G06F 2221/2141   Access rights, e.g. capabil...

G06F 2221/2147   Locking files

G06F 8/61   Installation

G06F 8/65   Updates security arrangemen...

H04L 63/102   Entity profiles

H04L 67/306   User profiles

H04W 4/50   Service provisioning or rec...

On-demand database service system, method and computer program product for conditionally allowing an application of an entity access to data of another entity

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

17 Claims

Specification

Solutions

Use Cases

Quick Links

On-demand database service system, method and computer program product for conditionally allowing an application of an entity access to data of another entity

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

17 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links