Role and attribute based data multi-tenancy architecture

What is claimed is: 1 . A computerized method comprising: receiving, from a user, a request to perform an operation on data stored in a shared data resource, wherein the shared data resource stores physically integrated data from a plurality of tenants; determining whether the user is authorized to access the shared data resource storing the data associated with the request based on a role attribute corresponding to the user; and in response to the user having access to the shared data resource storing the data: identifying user attributes associated with the user; determining, using the user attributes, a first set of tenants whose data the user is authorized to access to perform the operation of the request; and generating, for the user, a view of the shared data resource, wherein the view represents data stored in that shared data resource that corresponds to the first set of tenants whose data the user is authorized to access to perform the operation of the request and not showing data that corresponds to a second set of tenants whose data the use is not authorized to access; wherein determining of the first set of tenants using the user attributes is transparent to the user in that the view does not provide information to the user indicating whether the user has access to all of the plurality of tenants versus just a proper subset of the plurality of tenants. 2 . The method of claim 1 wherein the request is a run-time request. 3 . The method of claim 2 wherein determining the first set of tenants whose data the user is authorized to access to perform the operation of the request includes: identifying a set of session attributes for the user; determining whether at least one session attribute is subject to a data use restriction associated with one or more tenants of the set of tenants; and in response to at least one session attribute being subject to the data use restriction, filtering data corresponding to the one or more tenants of the set of tenants from the view of the shared data resource. 4 . The method of claim 2 wherein determining the first set of tenants whose data the user is authorized to access to perform the operation of the request includes: identifying a set of session attributes for the user; determining whether at least one session attribute is subject to a data sharing restriction associated with one or more tenants of the set of tenants; and in response to at least one session attribute being subject to the data sharing restriction, filtering data corresponding to the one or more tenants of the set of tenants from the view of the shared data resource. 5 . The method of claim 1 wherein: the shared data resource includes a plurality of rows with data from the plurality of tenants, each row of the plurality of rows corresponds to a respective tenant of the plurality of tenants and includes a set of fields that uniquely indicates the respective tenant, and generating the view includes incorporating only ones of the plurality of rows that correspond to the set of tenants whose data the user is authorized to access. 6 . The method of claim 5 wherein, for each row of the plurality of rows, the set of fields that uniquely indicate the respective tenant includes a tenant identifier field that uniquely identifies the respective tenant. 7 . The method of claim 6 wherein: determining the first set of tenants includes identifying a set of tenant identifiers associated with the user; and the view is generated such that, for each row of the view, the respective tenant identifier matches one of the set of tenant identifiers. 8 . The method of claim 1 wherein the shared data resource is a relational database. 9 . The method of claim 8 wherein: the request is a structured query language (SQL) statement; and the method includes determining, using the user attributes, the first set of tenants whose data the user is authorized to access to perform the operation of the request includes dynamically modifying the SQL statement of the request to include a where condition that filters the SQL statement based on the user attributes of the user. 10 . The method of claim 1 wherein: the shared data resource is an object store; and the method further comprises maintaining a mapping from each object of the object store to one of the plurality of tenants. 11 . The method of claim 1 wherein determining whether the user is authorized to access the shared data resource is also based on the user attributes. 12 . The method of claim 1 wherein each tenant is associated with a triplet of information including an entity, a role for the entity, and a service organization that provides managed services using the shared data resource. 13 . The method of claim 1 wherein: the user attributes are accessed from a passport specific to the user; and updates to authorization of the user for data access are reflected in changes to the passport. 14 . The method of claim 13 wherein changes to the passport do not cause changes to an application used by the user to access the shared data resource. 15 . The method of claim 13 wherein the passport is centrally managed remotely from the shared data resource. 16 . The method of claim 15 wherein the passport is received independently of the request. 17 . The method of claim 1 wherein determination of the set of tenants based on the user attributes is performed following receipt of the request. 18 . The method of claim 1 wherein determination of the set of tenants based on the user attributes cannot be controlled or bypassed by the user. 19 . A computerized method comprising: receiving, from a user, a request to perform an operation on data stored in a shared data resource, wherein: the shared data resource stores physically integrated data from a plurality of tenants, the shared data resource is an object store, and the request specifies a requested object of the object store; determining whether the user is authorized to access the shared data resource based on a role attribute corresponding to the user; and in response to the user having access to the shared data resource: identifying user attributes associated with the user; determining, using the user attributes, a first set of tenants whose data the user is authorized to access to perform the operation of the request; accessing a mapping of objects of the object store to the plurality of tenants; and selectively providing the requested object in response to the mapping indicating that the requested object maps to a respective tenant of the first set of tenants and not providing the requested object in response to the mapping indicating that the requested object does not map to the respective tenant of the first set of tenants; wherein determining the first set of tenants using the user attributes is transparent to the user in that the view does not provide information to the user indicating whether the user has access to all of the plurality of tenants versus just a proper subset of the plurality of tenants. 20 . The method of claim 19 wherein: the request specifies a set of objects, including the requested object, of the object store; the method further comprises selectively providing a subset of the set of objects in response to the request; and the subset of objects includes only those objects that correspond to the set of tenants. 21 . The method of claim 19 wherein determining whether the user is auth