公开(公告)号：US20210141923A1

公开(公告)日：2021-05-13

申请号：US16681775

申请日：2019-11-12

Applicant: salesforce.com, inc.

Inventor： Christopher James Wu ,  Shaun Senecal

IPC: G06F21/62 ,  G06F9/455 ,  G06F21/60

Abstract: A multi-tenant system sends jobs for execution on a secondary platform such as a cloud based platform. The multi-tenant system sends tenant data for multiple tenants to the secondary platform. The multi-tenant system obtains job-level credentials from the secondary platform, for example, security tokens that provide access to tenant data for a fixed length of time. The multi-tenant system uses the job-level credentials for enforcing tenant level data isolation for jobs executed on the secondary platform. This ensures that the jobs executing on the secondary platform do not access, modify, or delete data of tenants not related to the job.

公开(公告)号：US10853511B2

公开(公告)日：2020-12-01

申请号：US15924840

申请日：2018-03-19

Applicant: salesforce.com, inc.

Inventor： Kit Pang Szeto ,  Christopher James Wu ,  Ming-Yang Chen ,  Karl Ryszard Skucha ,  Eli Levine ,  Ka Chun Au ,  Bilong Chen ,  Johnson Liu

IPC: G06F21/62 ,  H04L29/06

Abstract: Methods, systems, and devices for data access and processing are described. To set up secure environments for data processing (e.g., including machine learning), an access control system may first receive approval from an authorized user (e.g., an approver) granting access to data objects in a multi-tenant data store. The system may determine tenant-specific paths for retrieving the data objects from the data store, and may initialize a number of virtual computing engines for accessing the data. Each computing engine may be tenant-specific based on the path(s) used by that computing engine, and each may include an access role defining the data objects or data object types accessible by that computing engine. By accessing the requested data objects according to the tenant-specific path prefixes and access roles, the virtual computing engines may securely maintain separate environments for different tenants and may only allow user access to approved tenant data.

公开(公告)号：US20190286832A1

公开(公告)日：2019-09-19

申请号：US15924840

申请日：2018-03-19

Applicant: salesforce.com, inc.

Inventor： Kit Pang Szeto ,  Christopher James Wu ,  Ming-Yang Chen ,  Karl Ryszard Skucha ,  Eli Levine ,  Ka Chun Au ,  Bilong Chen ,  Johnson Liu

IPC: G06F21/62 ,  H04L29/06

Abstract: Methods, systems, and devices for data access and processing are described. To set up secure environments for data processing (e.g., including machine learning), an access control system may first receive approval from an authorized user (e.g., an approver) granting access to data objects in a multi-tenant data store. The system may determine tenant-specific paths for retrieving the data objects from the data store, and may initialize a number of virtual computing engines for accessing the data. Each computing engine may be tenant-specific based on the path(s) used by that computing engine, and each may include an access role defining the data objects or data object types accessible by that computing engine. By accessing the requested data objects according to the tenant-specific path prefixes and access roles, the virtual computing engines may securely maintain separate environments for different tenants and may only allow user access to approved tenant data.