公开(公告)号：US20220374397A1

公开(公告)日：2022-11-24

申请号：US17326610

申请日：2021-05-21

Applicant: salesforce.com, inc.

Inventor： Mang Fu Matthew Wong ,  Subhash Uppalapati ,  Jesse Wang ,  Sunghyun Song ,  Federico Recio ,  Jesse Collins

IPC: G06F16/21 ,  G06F16/28 ,  G06F16/2455

Abstract: Systems and methods are described for implementing attribute aware, relationship-based access control by receiving a query to access a relational database from a user, determining if a rule of the relational database is applicable to the query, determining one or more relationships associated with the query based at least in part on the rule, and modifying the query by adding an extra join operation to the query based at least in part on the rule and the one or more relationships. Further, when a type of the rule is row level, a where clause filter is added to the modified query to enforce a condition of the rule, and when the type of the rule is field level, a case column is added to the modified query and a select clause is added to the modified query to wrap the query. The modified query is processed to produce a result.

公开(公告)号：US20220215107A1

公开(公告)日：2022-07-07

申请号：US17144035

申请日：2021-01-07

Applicant: salesforce.com, inc.

Inventor： Mang Fu Matthew Wong ,  Yanik Grignon ,  Larry H Tung ,  Peter S. Wisnovsky

IPC: G06F21/62 ,  G06F16/2455 ,  G06F16/28 ,  G06F21/60

Abstract: A computer implemented masking manager provides a method for access controls. The method includes receiving a request for an object in a database, retrieving the object from the database, applying masking rules to a field of the object to determine whether the requestor has access to the field, determining a replacement value for the field based on requestor access to the field, and returning the object to the requestor with the replacement value in the field of the object.

公开(公告)号：US20190068572A1

公开(公告)日：2019-02-28

申请号：US15683258

申请日：2017-08-22

Applicant: salesforce.com, inc.

Inventor： Mang Fu Matthew Wong

IPC: H04L29/06

Abstract: Techniques are disclosed relating to verifying access to functions in a multi-tenant computer system. In various embodiments, a multi-tenant computer system may store code that is executable to perform a plurality of functions, where at least one of the plurality of functions may be a restricted function. The multi-tenant computer system may further store first and second tenant-specific definitions for the restricted function that specify different secondary verification procedures. In various embodiments, the disclosed systems and methods may facilitate verifying access to the restricted function in the multi-tenant computer system. For example, in some embodiments, the multi-tenant computer system may perform an initial verification procedure and cause initiation of a secondary verification procedure specified by the first tenant in response to an attempt by a user of the first tenant to access the restricted function.