PROVISIONING ACCESS TO CUSTOMER ORGANIZATION DATA IN A MULTI-TENANT SYSTEM

摘要

Methods and systems are described for providing support representative access to applications deployed in an enterprise network environment. An access provisioning system defines a support user class in a user profile database for an application executed on an organization partition within the network. The support user is granted read only privileges to metadata of the application. An organization administrator can grant support personnel access to the application as a support user, thus the ability to view, analyze, and possibly modify the metadata. The access provisioning system generates a Security Assertion Markup Language (SAML) assertion upon request by the support personnel to enable access to the data to the extent of the granted privileges. The SAML protocol includes authentication of the support representative as an authorized support user within the system.

主权项

1. A computer-implemented method for controlling access to data for an organization stored in an on-demand database system hosted on a server computer, the method comprising:
enabling access to the data of the organization upon request of a support representative within a management organization that maintains the data for the organization stored in an on-demand database system, the request establishing the identity of the support representative as a member of a support user class that is granted defined administrative privileges with respect to the data; initiating a network session to the organization upon request of the support representative, wherein the network session associates the administrative privileges to the support user representative to enable access to the data to the extent of the administrative privileges; and granting access to an on-demand database application to the support representative as an organization user for a limited term, wherein the support representative is granted use privileges of the on-demand database application for a limited term.