The present invention relates to managing customer resources with database systems, and in particular, using access controls enforced by a database server for allowing an application designed to employ data for a single group of users to employ data for multiple exclusive groups of users.
Use of commercial off-the-shelf applications (xe2x80x9cpackaged applicationsxe2x80x9d) has proliferated. Enterprises are buying packaged applications instead of developing in-house applications, avoiding the higher cost associated with developing their own in-house applications. The kinds of packaged applications that may be purchased include applications for financial processing, manufacturing work-flow, human resources, and customer relationship management, among many others. The packaged applications often store data in a database managed by a separate database server that is called by the application.
In addition to buying packaged applications, the enterprises are employing service companies to maintain the packaged applications and the computer systems upon which the applications run. One technique used by service companies to maintain and operate packaged applications is referred to as application hosting. Application hosting refers to a host (e.g. a service company) maintaining one or more applications for multiple enterprises (e.g., customers) on one or more computer systems, using the same computer infrastructure to run all the packaged applications. The term hosting environment refers to all the various components being maintained for an enterprise, including application components and computer infrastructure components (e.g. operating system, hardware). A hosting environment may be accessed via, for example, the Internet, which is public, or an extended intranet that is not public. Application hosting can reduce the cost of managing applications because it allows customers to share the resources of the service company needed to run a packaged application, resources which include computer components, application experts, and computer administrative support personnel, all of which are needed to operate an application.
The terms customer or enterprise are used herein to refer to a particular group for whom an application and its associated data are being hosted. The group may be a human individual or an organization, including, without limitation, a business.
A typical hosting environment typically follows the xe2x80x9csiloxe2x80x9d model. Under the silo model, limited components in the environment are shared by groups while most components are maintained separately for each group.
FIG. 1 is a block diagram used to depict silo model 101. Silo model 101 includes hosting environment component layers 110, 120, 130, 140, 150, and 160. Machine layer 110 represents the various hardware components used in a hosting environment, such as computers and disk drives. Operating system layer 120 represents the operating system used in a hosting environment, database server layer 130 corresponds to the database servers used in a hosting environment, schema layer 140 represents a collection of database objects in a database system and the metadata about the database objects in the collection, database object layer 150 refers to the database objects in each schema. Application layer 160 refers to hosted application software.
Machine layer 110 and operating system layer 120 are typically shared while the remaining layers are typically not shared by multiple groups. Thus, a separate instance of a database server and application server is created and maintained for each group serviced by the hosted application. These separate instances are referred to as a silo. For example, silos 171 and 172 are instances of unshared database server and application server components for two particular groups.
Whether a hosting environment component can be shared affects the xe2x80x9cscalabilityxe2x80x9d of the hosting environment. The term xe2x80x9cscalabilityxe2x80x9d, as used herein, refers to the rate at which more resources are needed to host additional groups. A hosting environment scales better when less additional resources are needed to support new groups.
Sharing operating system and machine layers 110 and 120 promotes better scalability. An additional group does not require installation of another operating system. On the other hand, the unshared nature of database server layer 130 and application layer 160 impedes scalability. Adding an additional group requires installation of another instance of the database server and application. In general, adding another instance of a hosting environment component to support an additional group requires greater additional resources than would be required otherwise by using an already existing component to support the additional group. Adding an additional instance of another hosting environment component requires more labor to install and maintain than simply reconfiguring and maintaining an existing instance to support another group.
Improved scalability may be achieved by sharing more hosting environment component layers. For example, a single database server may be used for multiple groups. The application instances that access the database server access data in separate schemas within the database system. Each schema contains database objects for a particular enterprise. For example, data for one hosted payroll application instance may be stored in a table PAYROLL in one schema for one group, while data for another hosted payroll application instance may be stored in a table PAYROLL in another schema for another group.
To further improve scalability, application software and database objects may be shared. However, sharing application software and database objects introduces additional problems. Typically, application software is not developed with the features needed to use one instance of the application software to handle multiple groups. For example, application software is not configured to restrict user access to data according to the group of the user accessing the data.
Typically, one group desires to separate its data from the data of another group, and to confine access to its data to the users belonging to the one group. Groups that desire to keep their data exclusively for themselves and separate from other groups are herein called exclusive groups or segregation groups. For example, ABC Corp. wishes the payroll data it has in the payroll application to be segregated from the payroll data that XYZ Inc. has in the payroll application. However, an instance of the application software typically uses one schema or set of database objects to store data, and provides no mechanism to logically or physically separate the data of multiple groups within a single set of database objects. Consequently, conventional applications have no support for a mechanism to restrict user access to only the separate data of the group to which the user belongs.
Legacy application software may be re-engineered to restrict access to data according to the group of the user. However, such modifications can be very expensive. For example, every database command programmed for an application may have to be examined and possibly rewritten so that the database query requests access to only the data of a particular segregation group. The term database query refers to commands that request the retrieval, selection, insertion, and modification of records. Typically, database queries conform to a database language. For example, many database queries conform to a standard query language (SQL).
Rather than try to re-engineer existing software applications, a new application may be developed to handle multiple groups. However, developing software with this capability requires greater development effort and costs more. For example, queries that are developed to limit access to data of a particular enterprise are more complicated to program.
Based on the foregoing, it is clearly desirable to provide techniques that convert applications designed to operate as separate instances for each exclusive group to operate as a single instance that handles multiple exclusive groups. Such techniques allow a service company to achieve greater scalability for the application while minimizing the cost of a developing or redeveloping such applications.
Techniques are provided for allowing an application designed to store data for one group of users to store data for a plurality of groups of users. The techniques include modifying the application to cause the application to indicate a routine to a database server that stores data for the application in a database. The routine provides modifications to queries of the database, which modifications limit access of those queries based on the groups to which belong users that cause the queries to be submitted. In response to receiving a query involving the database and caused by a particular user, the database server locates the routine, and, prior to executing the query, modifies the query. Modifying the query includes invoking the routine. The modification to the query thereby limits access of the particular user to data that is associated with the group of users to which the particular user belongs.
According to another embodiment, techniques for allowing an application designed to store data for one group of users to store data for a plurality of groups of users includes modifying the application to cause the application to indicate data segregation criteria to a database server that stores data for the application. In response to receiving a query that inserts one or more data items into the database from the application, submitted by a particular user, the database server automatically adds to each data item one or more values that indicate how the particular user satisfies the segregation criteria.
Using these techniques, an application designed for a single group of users can be modified easily to keep separate the data of multiple exclusive groups. A modification developer determines a segregation attribute, a routine to set values for the segregation attribute based on the user, and a routine to modify queries based on the values of the segregation attribute. The modification developer then modifies the application installation process to indicate to the database server the segregation attribute, the routine to set its value, and the routine to modify queries.