发明名称 |
Techniques for processing group membership data in a multi-tenant database system |
摘要 |
In accordance with embodiments, there are provided techniques for processing group membership data in a multi-tenant database system. These techniques for processing group membership data in a multi-tenant database system may enable embodiments to provide great flexibility to a tenant of the architecture to select the content that may be perceived by the tenant users while allowing the owner of the architecture control over the content. |
申请公布号 |
US9411852(B2) |
申请公布日期 |
2016.08.09 |
申请号 |
US201313916441 |
申请日期 |
2013.06.12 |
申请人 |
salesforce.com, inc. |
发明人 |
Yancey Scott;Doshi Kedar;Wu Yongsheng |
分类号 |
G06F17/30;G06F21/60 |
主分类号 |
G06F17/30 |
代理机构 |
Blakely Sokoloff Taylor & Zafman LLP |
代理人 |
Blakely Sokoloff Taylor & Zafman LLP |
主权项 |
1. A system having at least a processor and a memory therein to execute instructions to process group membership data of a database system, wherein the system comprises:
a portal user interface to allow users access to the database system over a network; the database system to store content; the database system to store the group membership data within a first dataset at the database system associating individual users as members of one or more groups or sub-groups; the database system to store Access Authorization Relationship (AAR) data within a second dataset at the database system, wherein the AAR data defines additional access rights for one or more users of a first sub-group to data which is accessible to one or more users of a second sub-group due to a managerial relationship between the one or more users of the first and second sub-groups; wherein the AAR data is independent of the group membership data stored by the first dataset which associates the individual users to the one or more groups or sub-groups and further wherein the AAR data exists independent of any individual users associated with the first and second sub-groups; the system to receive a request for access to a sub-portion of the content stored within the database system, wherein the request includes requester identification data uniquely identifying an individual user of the database system; the database system to determine the one or more groups and sub-groups having access to the sub-portion of the content stored at the database system; the database system to determine the users associated with the one or more groups and sub-groups via a join operation between the first dataset having the group membership data and the second dataset having the AAR data; and the database system to compare the identification of the user that provided the request for access to the sub-portion of the content with the users associated with the determined users associated with the one or more groups and sub-groups to determine whether access should be granted; and the portal user interface to transmit the sub-portion of the content in response to the request for access when determined that access should be granted. |
地址 |
San Francisco CA US |