Who is the assignee on this patent?

Salesforce Com Inc, Salesforce Com Inc

What technology area does this patent fall under?

Primary CPC classification G06F21/6218. Mapped technology areas include Physics.

When was this patent published?

Publication date Thu Apr 14 2016 00:00:00 GMT+0000 (Coordinated Universal Time) (A1). Legal status and post-grant events are not shown on this page.

What related patents are in patentsdb?

We list 1 related publication on this page (citations in our corpus or others sharing the same primary CPC).

Row level security integration of analytical data store with cloud architecture

US2016104002A1 · US · A1

Patent metadata
Field	Value
Publication number	US-2016104002-A1
Application number	US-201414512230-A
Country	US
Kind code	A1
Filing date	Oct 10, 2014
Priority date	Oct 10, 2014
Publication date	Apr 14, 2016
Grant date	—

How to read this patent

A practical reading order for non-experts. Skip the full description unless you need deep technical detail.

Title
What the patent document calls the invention.
Abstract
A short plain-language summary of the technical disclosure.
Assignees and inventors
Who owns or filed the patent and who is credited as inventor.
Key dates
Filing, priority, publication, and grant dates set the timeline.
First independent claim
The legal scope of protection — read this for what is actually claimed.
CPC / IPC classifications
Technology tags used to group this patent with similar filings.
Citations and related patents
Prior art links and similar publications in this corpus.

Abstract

Official abstract text for this publication.

A predicate-based row level security system is used when workers build or split an analytical data store. According to one implementation, predicate-based means that security requirements of source transactional systems can be used as predicates to a rule base that generates one or more security tokens, which are associated with each row as attributes of a dimension. Similarly, when an analytic data store is to be split, build job, user and session attributes can be used to generate complementary security tokens that are compared to security tokens of selected rows. Efficient indexing of a security tokens dimension makes it efficient to qualify row retrieval based on security criteria.

First claim

Opening claim text (preview).

What is claimed is: 1 . A method of building a secure read only analytic data structure, the method including: accessing a data set from at least one transactional data management system, wherein data in the data set has security attributes managed by the transactional data management system; processing first security translation rules that accept the security attributes as predicates and generating one or more security tokens for each object in the data set; and storing the one or more security tokens by association with each secured object in a read only analytic data structure generated from the data set, wherein the stored security tokens govern access to each secured object. 2 . The method of claim 1 , further including: accessing a plurality of heterogeneous transactional data management systems that have divergent security models; accessing data in the plurality of transactional data management systems and creating objects that merge the data from two or more of the transactional data management systems; and processing first security translation rules that accept the security attributes from two or more transactional data management systems as predicates and generating one or more security tokens to associate with each secured object that merges the data. 3 . The method of claim 1 , further including: accessing a data set from at least one transactional data management system, wherein data in the data set lacks a security model; accessing the data set and creating a new read only analytic data structure that merges the data in the data set with the read only analytic data structure; and associating the one or more security tokens associated with the read only analytic data structure to the new read only analytic data structure. 4 . The method of claim 1 , further including: receiving an authenticated and authorized command to build an analytic sub structure from the analytic data structure that satisfies a subset query; applying second security translation rules to construct at least one query security token based on the authentication and authorization accompanying the command, wherein the query security token qualifies the command to access one or more secured objects in the analytic data structure; and supplying the subset query and the query security token to a query engine and receiving the secured objects from the analytic data structure that satisfy the subset query and that have an associated security token that matches the query security token. 5 . The method of claim 4 , further including mobilizing the analytic sub structure from a secure server based platform to a browser based user client platform, including: receiving a subset query to receive a subset of data in the analytic sub structure; and supplying the subset of data mobilized to the user client platform that satisfy the subset query with reduced bandwidth and processing time. 6 . The method of claim 1 , further including: receiving an authenticated and authorized command to receive subset of data in the analytic data structure that satisfies a subset query; applying second security translation rules to construct at least one query security token based on the authentication and authorization accompanying the command, wherein the query security token qualifies the command to access the subset of data in the analytic data structure; and supplying the subset query and the query security token to a query engine and receiving the subset of data from the analytic data structure that satisfy the subset query and that have an associated security token that matches the query security token. 7 . The method of claim 6 , further including mobilizing the subset of data from a secure server based platform to a browser based user client platform, including: receiving a subset query to receive the subset of data; and supplying the subset of data mobilized to the user client platform that satisfy the subset query with reduced bandwidth and processing time. 8 . The method of claim 1 , wherein the security attributes are based on one or more security models used to manage access to the transactional data management system. 9 . The method of claim 8 , wherein the security models include at least one of: row-based security; LDAP-based security; agent-based security; team-based security; account-hierarchy-based security; group-based security; and sharing-descriptor-based security. 10 . The method of claim 1 , further including generating a view-all-data initial instance of the read only analytic data structure before the processing first security translation rules. 11 . The method of claim 1 , wherein the one or more security tokens define accessibility of respective dimensions and measures of the secured object. 12 . A system of building a secure read only analytic data structure, the system including: a processor and a computer readable storage medium storing computer instructions configured to cause the processor to: access data set from at least one transactional data management system, wherein data in the data set has security attributes managed by the transactional data management system; process first security translation rules that accept the security attributes as predicates and generating one or more security tokens for each object in the data set; and store the one or more security tokens by association with each secured object in a read only analytic data structure generated from the data set, wherein the stored security tokens govern access to each secured object. 13 . The system of claim 12 , further configured to: access a plurality of heterogeneous transactional data management systems that have divergent security models; access data in the plurality of transactional data management systems and creating objects that merge the data from two or more of the transactional data management systems; and process first security translation rules that accept the security attributes from two or more transactional data management systems as predicates and generating one or more security tokens to associate with each secured object that merges the data. 14 . The system of claim 12 , further configured to: access a data set from at least one transactional data management system, wherein data in the data set lacks a security model; access the data set and creating a new read only analytic data structure that merges the data in the data set with the read only analytic data structure; and associate the one or more security tokens associated with the read only analytic data structure to the new read only analytic data structure. 15 . The system of claim 12 , further configured to: receive an authenticated and authorized command to build an analytic sub structure from the analytic data structure that satisfies a subset query; apply second security translation rules to construct at least one query security token based on the authentication and authorization accompanying the command, wherein the query security token qualifies the command to access one or more secured objects in the analytic data structure; and supply the subset query and the query security token to a query engine and receiving the secured objects from the analytic data structure that satisfy the subset query and that have an associated security token that matches the query security token. 16 . The system of claim 15 , further configured to mobilize the analytic sub structure from a secure server based platform to a browser based user client platform, including: receiving a subset query to

Assignees

Inventors

Classifications

H04L63/08
for authentication of entities (cryptographic mechanisms or cryptographic arrangements for entity authentication H04L9/32) · CPC title
G06F21/6218Primary
to a system of files or objects, e.g. local or distributed file system or database · CPC title
G06F17/30563
Physics · mapped topic
G06F17/30312
Physics · mapped topic
H04L67/02
based on web technology, e.g. hypertext transfer protocol [HTTP] · CPC title

Patent family

Related publications grouped by family.

View patent family 55655638

External sources

Frequently asked questions

Answers are generated from the same data shown on this page.

What does patent US2016104002A1 cover?: A predicate-based row level security system is used when workers build or split an analytical data store. According to one implementation, predicate-based means that security requirements of source transactional systems can be used as predicates to a rule base that generates one or more security tokens, which are associated with each row as attributes of a dimension. Similarly, when an analytic…
Who is the assignee on this patent?: Salesforce Com Inc, Salesforce Com Inc
What technology area does this patent fall under?: Primary CPC classification G06F21/6218. Mapped technology areas include Physics.
When was this patent published?: Publication date Thu Apr 14 2016 00:00:00 GMT+0000 (Coordinated Universal Time) (A1). Legal status and post-grant events are not shown on this page.
What related patents are in patentsdb?: We list 1 related publication on this page (citations in our corpus or others sharing the same primary CPC).