What technology area does this patent fall under?

Primary CPC classification G06F16/162. Mapped technology areas include Physics.

When was this patent published?

Publication date Tue Jan 16 2024 00:00:00 GMT+0000 (Coordinated Universal Time) (B1). Legal status and post-grant events are not shown on this page.

What related patents are in patentsdb?

We list 1 related publication on this page (citations in our corpus or others sharing the same primary CPC).

Smart privilege escalation in a cloud platform

US11874797B1 · US · B1

Patent metadata
Field	Value
Publication number	US-11874797-B1
Application number	US-202217847826-A
Country	US
Kind code	B1
Filing date	Jun 23, 2022
Priority date	Jun 23, 2022
Publication date	Jan 16, 2024
Grant date	Jan 16, 2024

How to read this patent

A practical reading order for non-experts. Skip the full description unless you need deep technical detail.

Title
What the patent document calls the invention.
Abstract
A short plain-language summary of the technical disclosure.
Assignees and inventors
Who owns or filed the patent and who is credited as inventor.
Key dates
Filing, priority, publication, and grant dates set the timeline.
First independent claim
The legal scope of protection — read this for what is actually claimed.
CPC / IPC classifications
Technology tags used to group this patent with similar filings.
Citations and related patents
Prior art links and similar publications in this corpus.

Abstract

Official abstract text for this publication.

Privilege escalation in a cloud platform comprises provisioning to a client access privileges to the database entities that are covered by a license. A base escalation matrix is provisioned to the client with additional access privileges not covered by the license. An API request is received and the requested CRUD operation is attempted on a first database entity. Responsive to the requested CRUD operation initially failing because the client does not have required access privileges activation of an exception signaling failure of the requested CRUD operation is detected and used as a trigger to fetch the base escalation matrix. The access privileges of the client are escalated by applying the additional access privileges from the base escalation matrix to a user context of the current API query request, and repeating the requested CRUD operation. The escalated access privileges are then removed.

First claim

Opening claim text (preview).

What is claimed is: 1. A method for privilege escalation in a cloud platform having database entities, the cloud platform exposing one or more application programming interfaces (APIs) as a payload for a client to perform CRUD (Create, Delete, Update Delete) operations on the database entities, the method performed by a server cluster of the cloud platform comprising; provisioning to a client access privileges to the database entities that are covered by a license; provisioning a base escalation matrix to the client with additional access privileges not covered by the license, and providing the base escalation matrix with one or more entries comprising an API identifier (ID) through which an access request is made, a database entity ID for which access is required, and allowed CRUD operations; receiving an API request comprising: a database ID of a first database entity of the database entities, and a requested CRUD operation to be performed on the first database entity; attempting to perform the requested CRUD operation on the first database entity; responsive to the requested CRUD operation initially failing because the client does not have required access privileges provisioned under the license: detecting activation of an exception signaling failure of the requested CRUD operation, and using the exception as a trigger to fetch the base escalation matrix; escalating the access privileges of a user context of the current API query request, by applying the additional access privileges from the base escalation matrix to the requested CRUD operation, and repeating the requested CRUD operation; and removing the escalated access privileges. 2. The method of claim 1 , further comprising: creating an extended escalation matrix when a change in business logic requires new access privileges subsequent to creation of the base escalation matrix. 3. The method of claim 2 , wherein fetching the base escalation matrix further comprises: creating a union of the base escalation matrix and the extended escalation matrix to provide a final escalation matrix. 4. The method of claim 3 , further comprising: caching the final escalation matrix to avoid repeatedly creating the union and service many API for different clients at a same time. 5. The method of claim 2 , further comprising: displaying, by the server cluster, a user interface (UI) that enables an operator to create or modify the extended escalation matrix. 6. The method of claim 2 , further comprising: storing the base escalation matrix as a file and storing the extended escalation matrix as a database table. 7. The method of claim 1 , further comprising: creating a single base escalation matrix for all of the one or more APIs that includes a series of records each having the API ID, the database entity ID, the allowed CRUD operations, and a client ID. 8. The method of claim 1 , further comprising: creating, controlling, and storing the base escalation matrix and an extended escalation matrix by the cloud platform. 9. The method of claim 1 , further comprising: implementing in a service in an internal layer of the cloud platform the detecting of the activation of the exception, the fetching the base escalation matrix, and the escalating the access privileges of the client by applying the additional access privileges from the base escalation matrix to the requested CRUD operation. 10. A non-transitory machine-readable storage medium (NMRSM) of a cloud platform having database entities, the cloud platform exposing one or more application programming interfaces (APIs) as a payload for a client to perform CRUD (Create, Delete, Update Delete) operations on the database entities, the NMRSM provides instructions that, if executed by a server cluster of the cloud platform, are configurable to cause the server cluster to perform operations comprising: provisioning to a client access privileges to the database entities that are covered by a license; provisioning a base escalation matrix to the client with additional access privileges not covered by the license, and providing the base escalation matrix with one or more entries comprising an API identifier (ID) through which an access request is made, a database entity ID for which access is required, and allowed CRUD operations; receiving an API request comprising: a database ID of a first database entity of the database entities, and a requested CRUD operation to be performed on the first database entity; attempting to perform the requested CRUD operation on the first database entity; responsive to the requested CRUD operation initially failing because the client does not have required access privileges provisioned under the license: detecting activation of an exception signaling failure of the requested CRUD operation, and using the exception as a trigger to fetch the base escalation matrix; escalating the access privileges of the client by applying the additional access privileges from the base escalation matrix to a user context of the current API query request, and repeating the requested CRUD operation; and removing the escalated access privileges. 11. The NMRSM of claim 10 , further comprising instructions for: creating an extended escalation matrix when a change in business logic requires new access privileges subsequent to creation of the base escalation matrix. 12. The NMRSM of claim 11 , wherein fetching the base escalation matrix further comprises instructions for: creating a union of the base escalation matrix and the extended escalation matrix to provide a final escalation matrix. 13. The NMRSM of claim 12 , further comprising instructions for: caching the final escalation matrix to avoid repeatedly creating the union and service many API for different clients at a same time. 14. The NMRSM of claim 11 , further comprising instructions for: displaying, by the server cluster, a user interface (UI) that enables an operator to create or modify, the extended escalation matrix. 15. The NMRSM of claim 11 , further comprising instructions for: storing the base escalation matrix as a file and storing the extended escalation matrix as a database table. 16. The NMRSM of claim 10 , further comprising instructions for: creating a single base escalation matrix for all of the one or more APIs that includes a series of records each having the API ID, the database entity ID, the allowed CRUD operations, and a client ID. 17. The NMRSM of claim 10 , further comprising instructions for: creating, controlling, and storing the base escalation matrix and an extended escalation matrix by the cloud platform. 18. The NMRSM of claim 10 , further comprising instructions for: implementing in a service in an internal layer of the cloud platform the detecting of the activation of the exception, the fetching the base escalation matrix, and the escalating the access privileges of the client by applying the additional access privileges from the base escalation matrix to the requested CRUD operation. 19. A cloud platform comprising: a server cluster; database entities accessible by the server cluster; one or more application programming interfaces (APIs) used as a payload for a client to perform CRUD (Create, Delete, Update Delete) operations on the database entities; and a non-transitory machine-readable storage medium that provides instructions that, if executed by the server cluster, are configurable to cause the cloud platform to perform operations comprising: provisioning to a client access privileges to the database entities that are covered by a license; provi

Assignees

Salesforce Inc

Inventors

Singh Manish

Classifications

G06F16/162Primary
Delete operations (erasing in storage systems G06F3/0652) · CPC title
G06F16/24557
Efficient disk access during query execution · CPC title
G06F21/6218Primary
to a system of files or objects, e.g. local or distributed file system or database · CPC title

Patent family

Related publications grouped by family.

View patent family 89322973

External sources

Frequently asked questions

Answers are generated from the same data shown on this page.

What does patent US11874797B1 cover?: Privilege escalation in a cloud platform comprises provisioning to a client access privileges to the database entities that are covered by a license. A base escalation matrix is provisioned to the client with additional access privileges not covered by the license. An API request is received and the requested CRUD operation is attempted on a first database entity. Responsive to the requested CR…
Who is the assignee on this patent?: Salesforce Inc
What technology area does this patent fall under?: Primary CPC classification G06F16/162. Mapped technology areas include Physics.
When was this patent published?: Publication date Tue Jan 16 2024 00:00:00 GMT+0000 (Coordinated Universal Time) (B1). Legal status and post-grant events are not shown on this page.
What related patents are in patentsdb?: We list 1 related publication on this page (citations in our corpus or others sharing the same primary CPC).