External platform extensions in a multi-tenant environment

US 9,825,964 B2
Filed: 11/09/2016
Issued: 11/21/2017
Est. Priority Date: 07/25/2013
Status: Active Grant

First Claim

Patent Images

1. A method comprising:

determining, by a computer system providing a cloud environment, a first configuration file compatible with a file schema, wherein one or more features of one or more services in the cloud environment are configurable for multi-tenant access;

receiving a delta file created based on a modification to the first configuration file, wherein the delta file includes one or more configurations for one or more class definitions of a feature of a service in the cloud environment, wherein the delta file includes an access rule to control multi-tenant access for the feature of the service, and wherein the delta file is compatible with the file schema;

creating, by the computer system, a second configuration file for the feature of the service, the second configuration file being executable and including the access rule, wherein the second configuration file is created based on merging the delta file with the first configuration file;

initiating the computer system to restart, wherein restarting the computer system causes the computer system to read the second configuration file;

instantiating, by the computer system, one or more objects for the feature of the service based on the second configuration file that is read based on restarting the computer system; and

determining access to the feature of the service for a user requesting access to the feature, wherein the access to the feature of the service for the user is determined using the access rule in the second configuration file used to instantiate the one or more objects.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Enforcing access control to individual extensions of services in a multi-tenant cloud environment by initializing objects for the extension based on public and private configuration files with service access rules that are merged is described. This allows third party vendors to specify payment rules for their own extensions while securely keeping the core extension configuration files. Tenants of the multi-tenant cloud environment can pick and choose which services to purchase, and the cloud environment automates the process of accessing the service using the third-party developer'"'"'s tenant access list rules.

52 Citations

View as Search Results

20 Claims

1. A method comprising:
- determining, by a computer system providing a cloud environment, a first configuration file compatible with a file schema, wherein one or more features of one or more services in the cloud environment are configurable for multi-tenant access;
  
  receiving a delta file created based on a modification to the first configuration file, wherein the delta file includes one or more configurations for one or more class definitions of a feature of a service in the cloud environment, wherein the delta file includes an access rule to control multi-tenant access for the feature of the service, and wherein the delta file is compatible with the file schema;
  
  creating, by the computer system, a second configuration file for the feature of the service, the second configuration file being executable and including the access rule, wherein the second configuration file is created based on merging the delta file with the first configuration file;
  
  initiating the computer system to restart, wherein restarting the computer system causes the computer system to read the second configuration file;
  
  instantiating, by the computer system, one or more objects for the feature of the service based on the second configuration file that is read based on restarting the computer system; and
  
  determining access to the feature of the service for a user requesting access to the feature, wherein the access to the feature of the service for the user is determined using the access rule in the second configuration file used to instantiate the one or more objects.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15)
- - 2. The method of claim 1, further comprising:
    - configuring, by the computing system, the feature of the service based on the one or more objects instantiated for the feature of the service.
  - 3. The method of claim 1, further comprising:
    - denying the access to the feature of the service based on determining that the access to the feature of the service is not permitted according to the access rule; and
      
      granting the access to the feature of the service based on determining that the access to the feature of the service is permitted according to the access rule.
  - 4. The method of claim 1, further comprising:
    - managing a counter for access to the feature of the service based on determining the access to the feature of the service.
  - 5. The method of claim 1, wherein the one or more objects for the feature of the service are instantiated based on the second configuration file such that multiple tenants in the cloud environment have access to the feature of the service.
  - 6. The method of claim 1, further comprising:
    - delivering, by the computer system, a copy of the first configuration file to the user.
  - 7. The method of claim 6, wherein the user is a third-party developer, wherein the delta file is received in an archive file, wherein the modification is by the user, and wherein the modification to the first configuration file is based on the user editing the copy of the first configuration file.
  - 8. The method of claim 1, wherein the file schema defines an element, a child element, and an attribute.
  - 9. The method of claim 1, wherein the access rule is a tenant access list rule.
  - 10. The method of claim 1, wherein the access rule indicates access by a plurality of tenants to a plurality of services.
  - 11. The method of claim 10, wherein a tenant of the plurality of tenants is charged for each of the plurality of services permitted to be accessed based on the access rule.
  - 12. The method of claim 1, wherein the access rule indicates access by one or more tenants of the cloud environment to the one or more features of the one or more services.
  - 13. The method of claim 1, wherein the second configuration file includes executable code, and wherein the second configuration file is compatible with the file schema.
  - 14. The method of claim 1, wherein the user is one of a plurality of tenants.
  - 15. The method of claim 1, further comprising:
    - detecting an error reading a configuration from the second configuration file; and
      
      upon detecting the error, preventing the configuration from being read from the second configuration file;
      
      wherein the one or more objects for the feature of the service are instantiated without using the configuration that is prevented from being read from the second configuration file.

16. A system comprising:
- one or more processors; and
  
  a memory accessible to the one or more processors, the memory storing one or more instructions that, upon execution by the one or more processors, causes the one or more processors to;
  
  determine, by a computer system providing a cloud environment, a first configuration file compatible with a file schema, wherein one or more features of one or more services in the cloud environment are configurable for multi-tenant access;
  
  receive a delta file created based on a modification to the first configuration file, wherein the delta file includes one or more configurations for one or more class definitions of a feature of a service in the cloud environment, wherein the delta file includes an access rule to control multi-tenant access for the feature of the service, and wherein the delta file is compatible with the file schema;
  
  create, by the computer system, a second configuration file for the feature of the service, the second configuration file being executable and including the access rule, wherein the second configuration file is created based on merging the delta file with the first configuration file;
  
  initiate the computer system to restart, wherein restarting the computer system causes the computer system to read the second configuration file;
  
  instantiate, by the computer system, one or more objects for the feature of the service based on the second configuration file that is read based on restarting the computer system; and
  
  determine access to the feature of the service for a user requesting access to the feature, wherein the access to the feature of the service for the user is determined using the access rule in the second configuration file used to instantiate the one or more objects.
- View Dependent Claims (17)
- - 17. The system of claim 16, wherein the one or more instructions, which upon execution by the one or more processors, further causes the one or more processors to:
    - configure the feature of the service based on the one or more objects instantiated for the feature of the service;
      
      deny the access to the feature of the service based on determining that the access to the feature of the service is not permitted according to the access rule; and
      
      grant the access to the feature of the service based on determining that the access to the feature of the service is permitted according to the access rule.

18. A non-transitory computer-readable medium storing one or more instructions for causing one or more computers to perform operations comprising:
- determining, by a computer providing a cloud environment, a first configuration file compatible with a file schema, wherein one or more features of one or more services in the cloud environment are configurable for multi-tenant access;
  
  receiving a delta file created based on a modification to the first configuration file, wherein the delta file includes one or more configurations for one or more class definitions of a feature of a service in the cloud environment, wherein the delta file includes an access rule to control multi-tenant access for the feature of the service, and wherein the delta file is compatible with the file schema;
  
  creating, by the computer, a second configuration file for the feature of the service, the second configuration file being executable and including the access rule, wherein the second configuration file is created based on merging the delta file with the first configuration file;
  
  initiating the computer to restart, wherein restarting the computer causes the computer to read the second configuration file;
  
  instantiating, by the computer, one or more objects for the feature of the service based on the second configuration file that is read based on restarting the computer; and
  
  determining access to the feature of the service for a user requesting access to the feature, wherein the access to the feature of the service for the user is determined using the access rule in the second configuration file used to instantiate the one or more objects.
- View Dependent Claims (19, 20)
- - 19. The non-transitory computer-readable medium of claim 18, wherein the one or more instructions further causes the one or more computers to perform operations comprising:
    - delivering a copy of the first configuration file to the user;
      
      wherein the user is a third-party developer, wherein the delta file is received in an archive file, wherein the modification is by the user, and wherein the modification to the first configuration file is based on the user editing the copy of the first configuration file.
  - 20. The non-transitory computer-readable medium of claim 18, wherein the one or more instructions further causes the one or more computers to perform operations comprising:
    - configuring the feature of the service based on the one or more objects instantiated for the feature of the service;
      
      denying the access to the feature of the service based on determining that the access to the feature of the service is not permitted according to the access rule; and
      
      granting the access to the feature of the service based on determining that the access to the feature of the service is permitted according to the access rule.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Oracle International Corporation (Oracle Corporation)
Original Assignee
Oracle International Corporation (Oracle Corporation)
Inventors
Mellor, David R., Jones, Andrew H., Lattimer, Charles
Primary Examiner(s)
PLECHA, THADDEUS J

Application Number

US15/347,640
Publication Number

US 20170078302A1
Time in Patent Office

377 Days
Field of Search
US Class Current
CPC Class Codes

G06F 16/113   Details of archiving lifecy...

G06F 16/1756   based on delta files

G06F 16/211   Schema design and management

G06F 16/83   Querying

G06F 21/604   Tools and structures for ma...

G06F 21/62   Protecting access to data v...

G06F 21/6209   to a single file or object,...

G06F 21/6218   to a system of files or obj...

G06F 2221/2141   Access rights, e.g. capabil...

G06F 8/65   Updates security arrangemen...

G06F 8/658   Incremental updates; Differ...

G06F 8/71   Version control security ar...

G06F 9/44505   Configuring for program ini...

H04L 41/0803   Configuration setting

H04L 63/101   Access control lists [ACL]

H04L 63/102   Entity profiles

H04L 67/1001   for accessing one among a p...

External platform extensions in a multi-tenant environment

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

52 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

External platform extensions in a multi-tenant environment

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

52 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links