Just-in-time materialization of cloned users in computing environments within a database system

1 . A method for authorizing users to access a second software environment with a second limited set of authorized users wherein the second software environment includes at a first point in time prior to the user access a subset of a first software environment that includes at the first point in time a first set of authorized users that was a superset of the second limited set and wherein the method comprises: determining via a first processor and a global filtering process with at least one first hash value associated with a login attempt by a first user whether the first user has potentially been a member of the first set of authorized users; determining via a second processor whether the user has been a member of the first set of authorized users when it is determined by the first processor that the first user has potentially been a member of the first set of authorized users; and when it is determined by the second processor that the user has been a member of the first set of authorized users, causing the transmission of account information associated with the first user and at least the first software environment through a communication link to the second software environment. 2 . The method of claim 1 , wherein the method further includes determining via a third processor and a local filtering process with a second hash value whether the first user has potentially been a member of the first set of authorized users. 3 . The method of claim 2 , wherein the method further includes adding the first user to the second limited set as an authorized user of the second software environment and updating a local filter to exclude the first user. 4 . The method of claim 2 , wherein the local filtering process includes accessing a local filter implemented as a bloom filter or a cuckoo filter. 5 . The method of claim 4 , wherein the updating the local filter comprises updating the local filter based on a plurality of hash values associated with the first user. 6 . The method of claim 2 , wherein the local filtering process is performed when it is determined via the global filtering process that the first user has potentially been a member of the first set of authorized users. 7 . The method of claim 2 , wherein the method further includes determining whether the first user has been a member of the first set of authorized users when it is determined by the first processor and the second processor that the first user has potentially been a member of the first set of authorized users. 8 . The method of claim 1 , wherein the global filtering process is conducted via a global filter associated with a plurality of software environments including the first software environment, the second software environment, and a third software environment. 9 . The method of claim 8 , wherein the global filter is a bloom filter or a cuckoo filter, and wherein the method further includes updating the global filter to include the first user. 10 . The method of claim 1 , wherein the first software environment and the second software environment reside in an on-demand computing services environment that includes a plurality of software environments in addition to the first software environment and the second software environment. 11 . The method of claim 10 , wherein the first software environment resides in a first computing environment within the on-demand computing services environment, and wherein the second software environment resides in a second computing environment within the on-demand computing services environment, and wherein a local filtering process is conducted via a local filter specific to the second computing environment. 12 . The method of claim 11 , wherein the second computing environment includes a plurality of computing resources shared by the second software environment and a third software environment. 13 . The method of claim 11 , wherein the global filtering process includes a global filter that includes users of the first computing environment and the second computing environment. 14 . The method of claim 11 , wherein the global filtering process involves applying a global filter to a first portion of a username associated with the first user. 15 . The method of claim 14 , wherein determining via a second processor whether the first user has been a member of the first set of authorized users involves matching a second portion of a username associated with the first user against a list of subordinate computing environments associated with the first computing environment, the list of subordinate computing environments including the second computing environment. 16 . A system configured to perform a method for authorizing users to access a second software environment with a second limited set of authorized users wherein the second software environment includes at a first point in time prior to the user access a subset of a first software environment that includes at the first point in time a first set of authorized users that was a superset of the second limited set and wherein the method comprises: determining via a first processor and a global filtering process with at least one first hash value associated with a login attempt by a first user whether the first user has potentially been a member of the first set of authorized users; determining via a second processor whether the user has been a member of the first set of authorized users when it is determined by the first processor that the first user has potentially been a member of the first set of authorized users; and when it is determined by the second processor that the user has been a member of the first set of authorized users, causing the transmission of account information associated with the first user and at least the first software environment through a communication link to the second software environment. 17 . The system of claim 16 , wherein the method further includes determining via a third processor and a local filtering process with a second hash value whether the first user has potentially been a member of the first set of authorized users. 18 . The system of claim 17 , wherein the method further includes adding the first user to the second limited set as an authorized user of the second software environment and updating a local filter to exclude the first user. 19 . One or more non-transitory computer-readable media having instructions stored thereon for performing a method for authorizing users to access a second software environment with a second limited set of authorized users wherein the second software environment includes at a first point in time prior to the user access a subset of a first software environment that includes at the first point in time a first set of authorized users that was a superset of the second limited set and wherein the method comprises: determining via a first processor and a global filtering process with at least one first hash value associated with a login attempt by a first user whether the first user has potentially been a member of the first set of authorized users; determining via a second processor whether the user has been a member of the first set of authorized users when it is determined by the first processor that the first user has potentially been a member of the first set of authorized users; and when it is determined by the second processor that the user has been a member of the first set of authorized users, causing the transmission of account information associated with the first user and at least the first softwa