Data processing: database and file management or data structures – Database design – Data structure types
Reexamination Certificate
2001-08-27
2003-08-12
Mizrahi, Diane D. (Department: 2175)
Data processing: database and file management or data structures
Database design
Data structure types
C707S793000, C707S793000
Reexamination Certificate
active
06606627
ABSTRACT:
FIELD OF THE INVENTION
The present invention relates to managing customer resources with database systems, and in particular, using access controls enforced by a database server for allowing an application designed to employ data for a single group of users to employ data for multiple exclusive groups of users.
BACKGROUND OF THE INVENTION
Use of commercial off-the-shelf applications (“packaged applications”) has proliferated. Enterprises are buying packaged applications instead of developing in-house applications, avoiding the higher cost associated with developing their own in-house applications. The kinds of packaged applications that may be purchased include applications for financial processing, manufacturing work-flow, human resources, and customer relationship management, among many others. The packaged applications often store data in a database managed by a separate database server that is called by the application.
In addition to buying packaged applications, the enterprises are employing service companies to maintain the packaged applications and the computer systems upon which the applications run. One technique used by service companies to maintain and operate packaged applications is referred to as application hosting. Application hosting refers to a host (e.g. a service company) maintaining one or more applications for multiple enterprises (e.g., customers) on one or more computer systems, using the same computer infrastructure to run all the packaged applications. The term hosting environment refers to all the various components being maintained for an enterprise, including application components and computer infrastructure components (e.g. operating system, hardware). A hosting environment may be accessed via, for example, the Internet, which is public, or an extended intranet that is not public. Application hosting can reduce the cost of managing applications because it allows customers to share the resources of the service company needed to run a packaged application, resources which include computer components, application experts, and computer administrative support personnel, all of which are needed to operate an application.
The terms customer or enterprise are used herein to refer to a particular group for whom an application and its associated data are being hosted. The group may be a human individual or an organization, including, without limitation, a business.
A typical hosting environment typically follows the “silo” model. Under the silo model, limited components in the environment are shared by groups while most components are maintained separately for each group.
FIG. 1
is a block diagram used to depict silo model
101
. Silo model
101
includes hosting environment component layers
110
,
120
,
130
,
140
,
150
, and
160
. Machine layer
110
represents the various hardware components used in a hosting environment, such as computers and disk drives. Operating system layer
120
represents the operating system used in a hosting environment, database server layer
130
corresponds to the database servers used in a hosting environment, schema layer
140
represents a collection of database objects in a database system and the metadata about the database objects in the collection, database object layer
150
refers to the database objects in each schema. Application layer
160
refers to hosted application software.
Machine layer
110
and operating system layer
120
are typically shared while the remaining layers are typically not shared by multiple groups. Thus, a separate instance of a database server and application server is created and maintained for each group serviced by the hosted application. These separate instances are referred to as a silo. For example, silos
171
and
172
are instances of unshared database server and application server components for two particular groups.
Whether a hosting environment component can be shared affects the “scalability” of the hosting environment. The term “scalability”, as used herein, refers to the rate at which more resources are needed to host additional groups. A hosting environment scales better when less additional resources are needed to support new groups.
Sharing operating system and machine layers
110
and
120
promotes better scalability. An additional group does not require installation of another operating system. On the other hand, the unshared nature of database server layer
130
and application layer
160
impedes scalability. Adding an additional group requires installation of another instance of the database server and application. In general, adding another instance of a hosting environment component to support an additional group requires greater additional resources than would be required otherwise by using an already existing component to support the additional group. Adding an additional instance of another hosting environment component requires more labor to install and maintain than simply reconfiguring and maintaining an existing instance to support another group.
Improved scalability may be achieved by sharing more hosting environment component layers. For example, a single database server may be used for multiple groups. The application instances that access the database server access data in separate schemas within the database system. Each schema contains database objects for a particular enterprise. For example, data for one hosted payroll application instance may be stored in a table PAYROLL in one schema for one group, while data for another hosted payroll application instance may be stored in a table PAYROLL in another schema for another group.
To further improve scalability, application software and database objects may be shared. However, sharing application software and database objects introduces additional problems. Typically, application software is not developed with the features needed to use one instance of the application software to handle multiple groups. For example, application software is not configured to restrict user access to data according to the group of the user accessing the data.
Typically, one group desires to separate its data from the data of another group, and to confine access to its data to the users belonging to the one group. Groups that desire to keep their data exclusively for themselves and separate from other groups are herein called exclusive groups or segregation groups. For example, ABC Corp. wishes the payroll data it has in the payroll application to be segregated from the payroll data that XYZ Inc. has in the payroll application. However, an instance of the application software typically uses one schema or set of database objects to store data, and provides no mechanism to logically or physically separate the data of multiple groups within a single set of database objects. Consequently, conventional applications have no support for a mechanism to restrict user access to only the separate data of the group to which the user belongs.
Legacy application software may be re-engineered to restrict access to data according to the group of the user. However, such modifications can be very expensive. For example, every database command programmed for an application may have to be examined and possibly rewritten so that the database query requests access to only the data of a particular segregation group. The term database query refers to commands that request the retrieval, selection, insertion, and modification of records. Typically, database queries conform to a database language. For example, many database queries conform to a standard query language (SQL).
Rather than try to re-engineer existing software applications, a new application may be developed to handle multiple groups. However, developing software with this capability requires greater development effort and costs more. For example, queries that are developed to limit access to data of a particular enterprise are more complicated to program.
Based on the foregoing, it is clearly desirable to provide techniques that convert applications designed to operate as sepa
Andersen Jesper
Guthrie Christine Pae
McMahon Douglas James
Hickman Brian D.
Mizrahi Diane D.
Oracle Corporation
Palermo Hickman
Truong & Becker LLP
LandOfFree
Techniques for managing resources for multiple exclusive groups does not yet have a rating. At this time, there are no reviews or comments for this patent.
If you have personal experience with Techniques for managing resources for multiple exclusive groups, we encourage you to share that experience with our LandOfFree.com community. Your opinion is very important and Techniques for managing resources for multiple exclusive groups will most certainly appreciate the feedback.
Profile ID: LFUS-PAI-O-3088248