SECURITY CONFIGURATION SYSTEMS AND METHODS FOR PORTAL USERS IN A MULTI-TENANT DATABASE ENVIRONMENT

US 20110270885A1
Filed: 12/21/2010
Published: 11/03/2011
Est. Priority Date: 04/28/2010
Status: Active Grant

First Claim

Patent Images

1. A method, comprising the steps of:

receiving a data request for data in a database from a user;

determining if the user is an internal user or a portal user;

consulting, if the user is the internal user, a first security setting associated with the data to determine if the requested data is public or private, and if the user is the portal user, consulting a second security setting separate from the first security setting to determine if the requested data is public or private;

providing, if the requested data is public, access information to the user;

performing, if the requested data is private, additional processing to determine if the user has access to the requested data.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A computer-implemented system and method includes method includes receiving a data request for data in a database from a user; determining if the user is an internal user or a portal user; consulting, if the user is the internal user, a first security setting associated with the data to determine if the requested data is public or private, and if the user is the portal user, consulting a second security setting separate from the first security setting to determine if the requested data is public or private; providing, if the requested data is public, access information to the user; performing, if the requested data is private, additional processing to determine if the user has access to the requested data.

17 Citations

View as Search Results

25 Claims

1. A method, comprising the steps of:
- receiving a data request for data in a database from a user;
  
  determining if the user is an internal user or a portal user;
  
  consulting, if the user is the internal user, a first security setting associated with the data to determine if the requested data is public or private, and if the user is the portal user, consulting a second security setting separate from the first security setting to determine if the requested data is public or private;
  
  providing, if the requested data is public, access information to the user;
  
  performing, if the requested data is private, additional processing to determine if the user has access to the requested data.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
- - 2. The method of claim 1, wherein the step of performing additional processing includes consulting a membership table that includes a first listing of groups associated with the user.
  - 3. The method of claim 2, wherein the step of performing additional processing further includes consulting a share table that includes a second listing of groups that have access to the requested data.
  - 4. The method of claim 3, further comprising the step of providing, if the requested data is private, access information to the user based on the membership table and the share table.
  - 5. The method of claim 1, further comprising the step of evaluating the data request to determine a type of requested operation.
  - 6. The method of claim 5, wherein the consulting step includes consulting the first security setting or the second security setting with respect to the type of requested operation.
  - 7. The method of claim 6, wherein the evaluating step includes evaluating the data request to determine a first type of requested operation that includes updating the requested data and a second type of requested operation that includes reading the requested data.
  - 8. The method of claim 7, wherein the consulting step includes consulting the first security setting or second security setting with an access checker if the data request is the first type of requested operation and consulting the first security setting or the second security setting with a sharing provider if the data request is the second type of requested operation.
  - 9. The method of claim 1, wherein the requested data corresponds to an object, and wherein the step of consulting includes consulting the first security setting or the second security setting according to the object.
  - 10. The method of claim 9, wherein the step of consulting includes consulting the first security setting or the second security setting in a common object table.
  - 11. The method of claim 1, further comprising the step of providing, if the requested data is public, the requested data to the user without additional security processing.

12. A multi-tenant data processing system, comprising:
- a database that stores data specific to each one of a plurality of tenants such that at least two of the tenants store at least a portion of data specific to the at least two tenants in a common structure within the database, wherein each tenant is permitted access only to data associated with the respective tenant, and wherein a first tenant of the plurality of tenants is affiliated with an internal user and a portal user; and
  
  an application server that receives, from one of the internal user or the portal user, a data request to access data in the database, wherein the requested data has a first security setting for the internal user and a second security setting separate from the first security setting for the portal user.
- View Dependent Claims (13, 14, 15, 21, 22)
- - 13. The multi-tenant data processing system of claim 12, wherein the application server is configured to identify the data request as being received from the internal user or the portal user.
  - 14. The multi-tenant data processing system of claim 13, wherein the application server is configured toconsult, if the user is the internal user, the first security setting associated with the data to determine if the data is public or private, and if the user is the portal user, consult the second security setting to determine if the requested data is public or private;
    - provide, if the requested data is public, access information to the user;
      
      perform, if the requested data is private, additional processing to determine if the user has access to the requested data
  - 15. The multi-tenant data processing system of claim 12, further comprising a membership table stored in the database that includes group memberships for the internal user and the portal user.
  - 21. The multi-tenant data processing system of claim 15, further comprising a share table stored in the database that includes access characteristics of each of the group memberships.
  - 22. The multi-tenant data processing system of claim 12, wherein the application server is configured to provide, if the requested data is public, the access information based on the first security setting or the second security setting without performing additional security processing.

16-20. -20. (canceled)

23. A security configuration for a multi-tenant database system with a database layer and an application server layer configured to access data in the database layer in response to an access request from users associated with a tenant, the users including at least one of an internal user and a portal user, the security configuration comprising:
- an organization wide default table that stores a first security setting associated with data requested by the internal user and a second security setting associated with data requested by the portal user;
  
  an access checker with operable access to the organization wide default table; and
  
  a sharing provider with operable access to the organization wide default table,wherein the access checker and the sharing provider are configured to consult the organization wide default table when the user is the internal user and to consult the organization wide default table when the user is the portal user.
- View Dependent Claims (24, 25)
- - 24. The security configuration of claim 23, further comprisinga membership table that stores membership groups associated with the internal user and the external user;
    - anda share table that stores access information according to the membership groups of the membership table,wherein the access checker and the sharing provider are configured to consult the membership table and the share table when the first security setting is private and the access request is from the internal user and when the second security setting is private and the access request is from the portal user.
  - 25. The security configuration of claim 24, wherein, in response to the access request, the sharing provider and the access checker are configured to provide the user access when the first security setting is public and the access request is from the internal user and when the second security setting is public and the access request is from the portal user.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Salesforce.com, Inc.
Original Assignee
Salesforce.com, Inc.
Inventors
Wu, Yongsheng, Jain, Punit, Grignon, Yanik, Vieira, Alfred

Granted Patent

US 9,355,270 B2
Time in Patent Office

Days
Field of Search
US Class Current

707/785
CPC Class Codes

G06F 21/604   Tools and structures for ma...

G06F 21/6218   to a system of files or obj...

G06F 21/6227   where protection concerns t...

G06F 21/805   using a security table for ...

SECURITY CONFIGURATION SYSTEMS AND METHODS FOR PORTAL USERS IN A MULTI-TENANT DATABASE ENVIRONMENT

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

17 Citations

25 Claims

Specification

Solutions

Use Cases

Quick Links

SECURITY CONFIGURATION SYSTEMS AND METHODS FOR PORTAL USERS IN A MULTI-TENANT DATABASE ENVIRONMENT

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

17 Citations

25 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links