Securely accessing and processing data in a multi-tenant data store

Assignee

• Salesforce.com, Inc. · US

Inventors

• Kit Pang Szeto · Sunnyvale, US
• Christopher James Wu · Fremont, US
• Ming-Yang Chen · Palo Alto, US
• Karl Ryszard Skucha · Sunnyvale, US
• Eli Levine · San Francisco, US
• Ka Chun Au · San Francisco, US
• Bilong Chen · Cupertino, US
• Johnson Liu · Foshan, CN

Key dates

Classification

• Technology area (CPC H)Electricity
• CPC primaryH04W12/082
• WIPO fieldDigital communication
• WIPO sectorElectrical engineering

Abstract

Methods, systems, and devices for data access and processing are described. To set up secure environments for data processing (e.g., including machine learning), an access control system may first receive approval from an authorized user (e.g., an approver) granting access to data objects in a multi-tenant data store. The system may determine tenant-specific paths for retrieving the data objects from the data store, and may initialize a number of virtual computing engines for accessing the data. Each computing engine may be tenant-specific based on the path(s) used by that computing engine, and each may include an access role defining the data objects or data object types accessible by that computing engine. By accessing the requested data objects according to the tenant-specific path prefixes and access roles, the virtual computing engines may securely maintain separate environments for different tenants and may only allow user access to approved tenant data.