Computer implemented methods and apparatus for providing permissions to users in an on-demand service environment
US-8973106-B2 · Mar 3, 2015 · US
Computer implemented methods and apparatus for managing permission sets and validating user assignments
US9628493B2 · US · B2
| Field | Value |
|---|---|
| Publication number | US-9628493-B2 |
| Application number | US-201313935074-A |
| Country | US |
| Kind code | B2 |
| Filing date | Jul 3, 2013 |
| Priority date | Jul 3, 2012 |
| Publication date | Apr 18, 2017 |
| Grant date | Apr 18, 2017 |
How to read this patent
A practical reading order for non-experts. Skip the full description unless you need deep technical detail.
- Title
What the patent document calls the invention.
- Abstract
A short plain-language summary of the technical disclosure.
- Assignees and inventors
Who owns or filed the patent and who is credited as inventor.
- Key dates
Filing, priority, publication, and grant dates set the timeline.
- First independent claim
The legal scope of protection — read this for what is actually claimed.
- CPC / IPC classifications
Technology tags used to group this patent with similar filings.
- Citations and related patents
Prior art links and similar publications in this corpus.
Abstract
Official abstract text for this publication.
Disclosed are methods, apparatus, systems, and computer-readable storage media for modifying permission sets and validating permission set assignments to users. In some implementations, a computing device receives a request to create a permission set containing one or more permissions and assign the permission set to a first user. The first user is associated with a first user constraint that defines a first group of permissions available to the first user. The computing device may determine that the permission set to be assigned to the first user does not violate the first user constraint, and may assign the permission set to the first user.
First claim
Opening claim text (preview).
What is claimed is: 1. A method comprising: receiving, at one or more servers, a first request from an authorized administrator associated with a third party application to create a new permission set including one or more permissions for accessing one or more computing resources of a multi-tenant database environment implemented using a database system, the multi-tenant database environment having a plurality of tenant organizations, the new permission set having one or more permissions for accessing resources associated with the third party application, the third party application being one of a plurality of applications being implemented in the multi-tenant database environment; creating the new permission set; storing the new permission set in a database of the database system; receiving, at one or more servers, a second request to assign the new permission set to a first user associated with a first one of the plurality of tenant organizations, the first user being associated with a first user constraint defined by a first one of a plurality of user licenses available to users associated with the first tenant organization, the first user constraint defining a first group of permissions permitted to be assigned to the first user, the first user constraint being applied to other users associated with other tenant organizations of the plurality of tenant organizations; responsive to receiving the second request, automatically determining that the one or more permissions in the new permission set do not violate the first user constraint by determining that each of the one or more permissions of the new permission set exists in the first group of permissions defined by the first user constraint; and responsive to determining that the one or more permissions in the new permission set do not violate the first user constraint, automatically assigning the new permission set to the first user. 2. The method of claim 1 , wherein the new permission set is associated with a permission set constraint, the permission set constraint defining a superset of permission one or more of which are included in the new permission set. 3. The method of claim 2 , wherein the permission set constraint defines the superset of permissions as all of the permissions available to the first tenant organization. 4. The method of claim 1 , wherein the new permission set is not associated with the first user constraint when the new permission set is created by the one or more servers, and wherein the new permission set is associated with the first user constraint when the new permission set is assigned to the first user. 5. The method of claim 1 , wherein the first group of permissions defined by the first user constraint includes one or more permissions associated with one or more of: an online social network, an application, a line of business, a software vendor package, and a logical grouping of metadata having access controls. 6. The method of claim 1 , the method further comprising: receiving, at the one or more servers, a third request to modify the new permission set by adding one or more permissions to the new permission set. 7. The method of claim 6 , the method further comprising: identifying the first user to whom the new permission set is assigned; determining whether any of the one or more permissions to be added to the new permission set violate the first user constraint; and responsive to determining that the one or more permissions to be added violate the first user constraint, transmitting data indicating a first error without modifying the new permission set as requested. 8. The method of claim 7 , wherein the one or more servers determine that the one or more permissions to be added violate the first user constraint by: determining that one or more of the one or more permissions to be added is not included in the first group of permissions. 9. The method of claim 7 , wherein the transmitted data includes a message that the new permission set was not modified as requested and identifies the one or more permissions to be added as not being included in the first group of permissions. 10. The method of claim 7 , wherein the new permission set is assigned to more than one user, the method further comprising: identifying a second user to whom the new permission set is assigned, the second user being associated with a second user constraint defining a second group of permissions permitted to be assigned to the second user; determining whether any of the one or more permissions to be added to the new permission set violate the second user constraint; and responsive to determining that the one or more permissions to be added violate the second user constraint, transmitting data indicating a second error without modifying the new permission set as requested. 11. The method of claim 6 , the method further comprising: determining that the third request to modify the new permission set does not violate any user constraints; and modifying the new permission set to include the one or more permissions to be added. 12. The method of claim 11 , wherein the one or more servers determine that the third request does not violate any user constraints by: determining that the permission set is not assigned to any users. 13. The method of claim 11 , wherein the one or more servers determine that the third request does not violate the user constraint of a user to whom the new permission set is assigned by: identifying one or more users to whom the new permission set is assigned; identifying one or more user constraints associated with the one or more users; determining that the one or more permissions to be added are contained in each of the one or more user constraints. 14. One or more computing devices comprising: one or more physical processors operable to execute one or more instructions to cause: creating, responsive to a first request from an authorized administrator associated with a third party application, a new permission set including one or more permissions for accessing one or more computing resources of a multi-tenant database environment implemented using a database system, the multi-tenant database environment having a plurality of tenant organizations, the new permission set having one or more permissions for accessing resources associated with the third party application, the third party application being one of a plurality of applications being implemented in the multi-tenant database environment; storing the new permission set in a database of the database system; processing a second request to assign the new permission set to a first user associated with a first one of the plurality of tenant organizations, the first user being associated with a first user constraint defined by a first one of a plurality of user licenses available to users associated with the first tenant organization, the first user constraint defining a first group of permissions permitted to be assigned to the first user, the first user constraint being applied to other users associated with other tenant organizations of the plurality of tenant organizations; automatically determining, responsive to processing the second request, that the one or more permissions in the new permission set do not violate the first user constraint by determining that each of the one or more permissions of the new permission set exists in the first group of permissions defined by the first user constraint; and automatically assigning, responsive to determining that the one or more permissions in the new permission set do not violate the first user constraint, the new permission s
Assignees
Inventors
Classifications
for controlling access to devices or network resources · CPC title
for authentication of entities (cryptographic mechanisms or cryptographic arrangements for entity authentication H04L9/32) · CPC title
User authentication · CPC title
- H04L63/102Primary
Entity profiles · CPC title
Patent family
Related publications grouped by family.
External sources
Frequently asked questions
Answers are generated from the same data shown on this page.
- What does patent US9628493B2 cover?
- Disclosed are methods, apparatus, systems, and computer-readable storage media for modifying permission sets and validating permission set assignments to users. In some implementations, a computing device receives a request to create a permission set containing one or more permissions and assign the permission set to a first user. The first user is associated with a first user constraint that d…
- Who is the assignee on this patent?
- Salesforce Com Inc
- What technology area does this patent fall under?
- Primary CPC classification H04L63/102. Mapped technology areas include Electricity.
- When was this patent published?
- Publication date Tue Apr 18 2017 00:00:00 GMT+0000 (Coordinated Universal Time) (B2). Legal status and post-grant events are not shown on this page.
- What related patents are in patentsdb?
- We list 1 related publication on this page (citations in our corpus or others sharing the same primary CPC).