Modern “cloud”-based computer systems provide access to information via the Internet or another network. In contrast to more conventional client-server systems in which individual computing applications are hosted on specific server platforms, the cloud computing model provides applications “as a service” over the network.
Multi-tenant cloud architectures, in particular, allow different customer organizations (often called “tenants”) to share computing resources without sacrificing data security. “Multi-tenancy” in this context generally refers to a computing system in which a single computing platform simultaneously supports multiple customer organizations or other groups of users using a shared data store. The shared platform in the multi-tenant architecture is usually designed to virtually separate each tenant's data and operations from those of other tenants so that each tenant works with its own virtual application instance, even though all of the tenants' applications physically share common processing hardware and data storage. The Force.com service available from salesforce.com of San Francisco, Calif., for example, provides an application-centric service that completely abstracts the server hardware from the customer and that allows multiple tenants to simultaneously yet securely implement a wide variety of data-driven applications that are accessible via the Internet or a similar network.
As users associated with the various tenants use the multi-tenant application server, the system typically maintains an electronic log of each user's actions. This log can be used for troubleshooting, compliance, security monitoring, evaluating hardware or software performance, and/or for any other purposes. Challenges often arise, however, in securely yet effectively granting access to log file data associated with each tenant. A tenant administrator, for example, may wish to obtain data that is specific to a particular user or a particular feature of the service from a shared electronic log. Due to the nature of the multi-tenant system, it can be difficult in practice to provide approved log information to approved users while restricting access to other data that may be present in the shared log file.
It is therefore desirable to create systems and processes for granting secure access to data stored in a log file that is shared between multiple tenants of a multi-tenant application server. These and other features will become more evident from the following discussion.