System, method and computer program product for portal user data access in a multi-tenant on-demand database system

摘要

In accordance with embodiments, there are provided mechanisms and methods for portal user data access in a multi-tenant on-demand database system. These mechanisms and methods for portal user data access in a multi-tenant on-demand database system can enable embodiments to provide portal-specific user accounts to the multi-tenant on-demand database system which have reduced configuration requirements than users directly accessing the multi-tenant on-demand database system. The ability of embodiments to provide portal-specific user accounts can reduce processing requirements of the database system.

主权项

1. A computer program product, comprising a non-transitory computer readable storage medium having a computer readable program code embodied therein, wherein the computer readable program code is executable to cause a computer to implement a method comprising:
providing first and second interfaces to users associated with a tenant of a multi-tenant system having hardware and software that is shared by multiple tenants, wherein the first and second interfaces have different data access mechanisms and wherein the second interface includes multiple portals that are each a web interface, specific to one of the multiple tenants, that redirects users of the one of the multiple tenants to the multi-tenant system; wherein the first interface is accessible to an administrator of each of the multiple tenants for enabling the administrator to access the multi-tenant system; for each of the multiple tenants, allowing the administrator of the tenant to manage, through the first interface, access of users of a first type and users of a second type to objects stored by the multi-tenant system; receiving a first request to access a data object stored by the multi-tenant system from a first user of the first type, wherein the first type of user is an internal user; determining whether to allow the first user to access the data object based on determining whether the user is included in a user group, wherein access control information specifying the user group and whether users in the user group are allowed to access the data object is stored externally to the data object; providing one of the multiple portals to users of a tenant to enable the users to access the multi-tenant system; receiving, via the provided portal, a second request to access the data object from a second user of the second type, wherein the second type of user is a portal user; determining whether to allow the second user to access the data object based on accessing the data object and determining whether the data object includes a reference, in a field of the data object, to a user identifier data structure associated with the second user; and providing the second user with access, through the provided portal, without using access control information that is external to the data object, to the data object as a result of determining that the data object includes a reference to a data structure associated with the second user.