System and method of establishing permission for multi-tenancy storage using organization matrices

Description

FIELD OF THE INVENTION

This invention relates generally to establishing multi-tenancy permissions. More particularly, in certain embodiments, the invention relates to using organization matrices to establish multi-tenancy permissions.

BACKGROUND

Multi-tenant storage generally refers to a computing principle whereby multiple entities, or tenants, occupy and share an instance of a data set running on a set of shared physical or virtual resources. The sharing of the same set of resources offers a given service-provider or owner an opportunity to reduce the operational costs in having less data to manage and less equipment, associated with the data, to maintain.

However, multi-tenant storage, particularly among non-collaborative entities, may be subject by such entities to scrutiny that often adds complexity and oversight that diminishes or exceed the value proposition in sharing the set of resources. For example, a group of companies may not wish to share a given set of resources if an inadvertent sharing of confidential information exists. The company servicing the data may be required to employ auditing services to ensure that the data is securely shared among the collaborating organizations in a secured manner. To this end, multi-tenant computing is often employed by a single owner to share information and data among subsidiaries or partners.

There exists a need for an approach which reduces the complexity in implementing a secure multi-tenant environment.

SUMMARY

In general overview, an intermediary party provides, to an owner of a multi-tenant database, a computing application to establish multi-tenancy permission to one or more tenants of the database. The computing application, for example, may include a graphical user interface to concurrently establish permissions for the multi-tenant database to one or more tenants and/or sub-tenants.

In some implementations, the data may be associated to industrial equipment, retail equipment, vending machines, transport vehicles, personal computing devices, e.g., cellphones, tablets, and various mobile devices, power generation equipment power distribution equipment, hospital equipment and/or medical devices, computing equipment, rental car fleets, mining equipment, warehouse equipment, among others.

In some implementations, the graphical user interface displays each of the one or more tenants and the one or more sub-tenants in an organization chart. An organization chart is a diagram that shows the structure of members or participants in an organization and relationships among them. An organization chart is a diagram that shows relationships among organizations as it defines whether elements of the organizations are shared or not shared. An organization is made up of a hierarchical set of organization units.

Though organization charts may be subject to change, the inventors realized that specific types of relationships are generally fixed. One such type of relationships is that defined by contracts. Example of contracts may include service contract, purchase and sales contract, and partnership agreement contracts.

To reduce the risk of inadvertent access to data, in some implementations, particularly among non-collaborative entities, the graphical user interface may display the visibility permissions on a single workspace associated to a given device or a class of devices. The graphical user interface may display the visibility permissions as a hierarchical structure, such as an organization chart. This presentation provides additional organization relationship not readily apparent in a list. To this end, an administrator setting the permission can readily identify participants that are incorrectly assigned permission to access data of the given device.

To this end, cross-organizational collaboration defined based on asset may be employed. The collaboration may foster new business models different than traditional multi-tenancy models. Data sharing between an equipment producer and an equipment purchaser, for example, may enable a symbiotic relationship whereby the producer can receive maintenance and usage information about the equipment they sell.

For example, Company A is a manufacturer of a type of industrial equipment. Company A sells its products to ten owner-operated customers, such as “Factories 1 to 10”. In a traditional scheme, each Factory owner only has access to the Factory's data, and not that of other factories. As part of an after-purchase service agreement, Company A has been contracted to provide service to the industrial equipment. In being able to provide service from a single database, Company A can analyze and provide blind-benchmark information to some or all of the ten owners. Company A further benefits in having data that it can share among its internal team that may be employed to improve the design and operation of their industrial-equipment products.

To reduce the risk of advertent sharing of confidential information, in some implementations, the computing application allows an administrator to set visibility permission to the multi-tenant database via the graphical user interface. The visibility permission may serve as a global permission for a given data set within the multi-tenant database. The visibility permission may establish whether a participant has any access to a given portion of the multi-tenant database. Subsequent to setting visibility permissions, in some implementations, administrator of the multi-tenant database may set granular levels of permission types.

In addition, cross-organizational collaboration may be defined for a class of assets. To this end, the computing application may establish permissions for multiple assets and for multiple tenants (including sub-tenants) in an organization chart. The multiple asserts may have been defined within the multi-tenant database by a set of common property definitions.

Visibility permission is a form of access control that may be extended to an organization and its members. In some implementations, if data is visible to an organizational unit, then members of the organization may also have access to the data subject to the granular security permissions. The underlying, granular security permissions allows an administrator to specific the interactions (i.e., access) that any member of an organization unit may have with a specific asset (and/or class of assets). Examples of such permission types may include read access, write access, modify access, and change permissions access. If an organization does not have visibility permission, then that data essentially does not exist to that organization or the organization members.

Granular security model can be employed to allow each company access to only the data elements, services, etc. that they are entitled to. For example, Beverage Company A leases a vending machine (VM101) to Operating Company B. Operating Company B outsources the maintenance and inventory of the vending machine to Supplier C. Operating Company B also leases the vending machines from Beverage Company D. Here, Beverage Company A maintains control of the leased vending machine under a maintenance and operation agreement with Company B.

The visibility permission of the data associated to the vending machine “VM101” may be granted to organization units of the three companies (B, C, and D) depending on their contractual relationships with the Company A. Company A, as the administrator, may have all of the levels of permissions (e.g., read, write, modify, and change), including the permission to assign visibility and granular security permissions to other organizations. To view the performance of its leased assets, Company A may grant read-permissions to Company B. To service the inventory of the vending machine, Company A may grant read and write permissions to Company C. To prevent Company D from accessing the data, Company A may not grant visibility permission to Company D.

Applications for the systems and methods described herein are not limited to the aforementioned examples, but may be deployed in any number of contexts, as would be understood by one of ordinary skill in the art. Contents of the background are not to be considered as an admission of the contents as prior art.

In one aspect, the present disclosure describes a method of establishing permissions for multi-tenancy storage using an organizational matrices. The method includes providing, by a processor of a computer, a computing application for setting permissions for accessing data entries of a multi-tenant database. The data entries store data associated with one or more computing devices where the multi-tenant database is accessible by two or more tenants. The tenants may include a first sub-tenant and a second sub-tenant where the sub-tenants are a part of the first tenant. The tenants may include a third sub-tenant and a fourth sub-tenant where these sub-tenants are a part of the second tenant. At least two of the tenants may not be part of the same organization or company.

In some implementations, the method includes displaying, via the computing application, a graphical user interface associated with the computer where the graphical user interface displays the tenants in a single workspace where the tenants are displayed with a hierarchical structure. The graphical user interface may display each of the first tenant and second tenant as an object where the object includes an graphical input to add a sub-tenant to the respective first tenant and second tenant. The graphical user interface may display each of the first tenant and second tenant as an object where the object includes an graphical input to add a sub-tenant to the respective first tenant and second tenant.

In some implementations, the method includes receiving, in the workspace at the graphical user interface of the computing application, a first permission command to establish the permissions for a first tenant and a second permission command to establish the permissions for a second tenant. The graphical user interface may be configured to receive at least one permission setting selected from group consisting of a read permission, a write permission, and a modify permission.

In some implementations, the method includes causing, by a processor of the computing application, the permissions for the first tenant and the second tenant to be set using the received first permission command and the received second permission command.

In some implementations, the method further includes receiving, in the workspace at the graphical user interface of the computing application, a third permission command to establish the permissions for a third tenant of the tenants where the graphical user interface shows the first object and the second object as hierarchical subunits of the third object.

In one aspect, the present disclosure describes a system including a processor and a memory, the memory storing instruction that, when executed by the processor, cause the processor to provide a computing application for setting permissions for accessing data entries of a multi-tenant database. The data entries stores data associated with one or more computing devices where the multi-tenant database is accessible by two or more tenants. The tenants may include a first sub-tenant and a second sub-tenant where sub-tenants are a part of the first tenant. The tenants may include a third sub-tenant and a fourth sub-tenant where the sub-tenants are a part of the second tenant. At least two of the tenants may not be part of the same organization or company.

In some implementations, the instructions, when executed, further cause the processor to display, via the computing application, a graphical user interface associated with the computer where the graphical user interface displays the tenants in a single workspace, and wherein the tenants are displayed with a hierarchical structure. The graphical user interface may display each of the tenants as an object where the object includes an graphical input to add a sub-tenant to the respective tenants. The graphical user interface may display each of the tenants as an object where the object includes an graphical input to add a sub-tenant to the respective tenants.

In some implementations, the instructions, when executed, further cause the processor to receive, in the workspace at the graphical user interface of the computing application, a first permission command to establish the permissions for a first tenant and a second permission command to establish the permissions for a second tenant. The graphical user interface may be configured to receive at least one permission setting selected from group consisting of a read permission, a write permission, and a modify permission.

In some implementations, the instructions, when executed, further cause the processor to cause, by a processor of the computing application, the permissions for the tenants to be set using the received permission commands.

In some implementations, the instructions, when executed, further cause the processor to receive, in the workspace at the graphical user interface of the computing application, a third permission command to establish the permissions for a third tenant where the graphical user interface shows the first object and the second object as hierarchical subunits of the third object.

In one aspect, the present disclosure describes a non-transitory computer readable medium having instructions stored thereon, where the instructions, when executed by a processor, cause the processor to provide a computing application for setting permissions for accessing data entries of a multi-tenant database. The data entries stores data associated with a number of computing devices where the multi-tenant database is accessible by two or more tenants. The tenants may include a first sub-tenant and a second sub-tenant where the sub-tenants are a part of the first tenant. The tenants may include a third sub-tenant and a fourth sub-tenant where the sub-tenants are a part of the second tenant. At least two of the tenants may not be part of the same organization or company.

In some implementations, the instructions, when executed, further cause the processor to display, via the computing application, a graphical user interface associated with the computer where the graphical user interface displays the tenants in a single workspace, and wherein the tenants are displayed with a hierarchical structure. The graphical user interface may display each of the tenants tenant as an object where the object include an graphical input to add a sub-tenant to the respective tenants. The graphical user interface may display each of the tenants as an object where the object include an graphical input to add a sub-tenant to the respective tenants.

In some implementations, the instructions, when executed, further cause the processor to receive, in the workspace at the graphical user interface of the computing application, a third permission command to establish the permissions for a third tenant where the graphical user interface shows the first object and the second object as hierarchical subunits of the third object.

BRIEF DESCRIPTION OF THE FIGURES

The foregoing and other objects, aspects, features, and advantages of the present disclosure will become more apparent and better understood by referring to the following description taken in conjunction with the accompanying drawings, in which:

FIG. 1 is an example graphical user interface for establishing permissions using an organization matrices in accordance with an embodiment of the invention.

FIG. 2 is an example graphical user interface for establishing permissions using an organization matrices in accordance with another embodiment of the invention.

FIG. 3 is an example graphical user interface for establishing granular permission-controls for a given asset for an organization in accordance with an embodiment of the invention.

FIG. 4 is an example graphical user interface for establishing permissions controls for a class of asset for an organization in accordance with an embodiment of the invention.

FIG. 5 is an example graphical user interface for establishing permissions controls for a class of asset for an organization in accordance with another embodiment of the invention.

FIG. 6 is an example graphical user interface for establishing permissions controls for a class of asset for an organization in accordance with another embodiment of the invention.

FIG. 7 is an example graphical user interface for adding a given asset in accordance with another embodiment of the invention.

FIG. 8 is a flowchart of an example method of establishing permissions using an organization matrices in accordance with an embodiment of the invention.

FIG. 9 shows an example of a computing device and a mobile computing device that can be used to implement the techniques described in this disclosure.

The features and advantages of the present disclosure will become more apparent from the detailed description set forth below when taken in conjunction with the drawings, in which like reference characters identify corresponding elements throughout. In the drawings, like reference numbers generally indicate identical, functionally similar, and/or structurally similar elements.

DETAILED DESCRIPTION

FIG. 1 is an example graphical user interface 100 for establishing permissions using an organization matrices in accordance with an embodiment of the invention.

The graphical user interface 100 includes a main workspace 102 that allows an end-user to establish permissions for a multi-tenant database associated to a given asset (or asset class) for one or more tenants and/or sub-tenants using a hierarchical structure 104. The graphical user interface 100 may display the visibility permissions on a single workspace associated to a given device (or asset class). This display provides additional organization relationship not readily apparent in a list. To this end, an administrator setting the permission can readily identify participants that are incorrectly assigned permission to access data of the given device (or asset class).

In some implementations, an asset is an electronic device to which a given data is associated. For example, in some implementations, the data may be associated to industrial equipment, retail equipment vending machines, transport vehicles, personal computing devices, cellphones, tablets, power generation equipment, power distribution equipment, hospital equipment, medical equipment, computing equipment, rental car fleets, mining equipment, warehouse equipment, among others. As show, the asset is a type of mining machinery, referred to as “P1_L2_KETTLE” 105.

In some implementations, a hierarchical structure 104 may include an organization chart. In some implementations, a hierarchical structure 104 may include Venn diagrams, three-dimensional charts, linked diagrams, tab-indented lists, and other spatial representations by which hierarchical relationships can be visually determined.

In some implementations, the graphical user interface 100 displays each of the tenants 106 and the sub-tenants 108 in an hierarchical diagram 104 (such as an organization chart). In some implementations, an hierarchical diagram 104 is a diagram that shows the structure of other sub-organizations in a given organization and relationships among them. In some implementations, a hierarchical diagram 104 is a diagram that shows relationships among organizations as it defines whether elements of the organizations are shared or not shared. In some implementations, a hierarchical diagram 104 is made up of an organizational matrices of organization units.

A hierarchical diagram 104 may include one or more sub-units, which may have sub-units of its own. In some implementations, the primary unit in the main workspace 102 is the tenant 106, and the subunits are sub-tenants 108.

Each of the tenants 106 and the sub-tenants 108 may represent and allow permission controls for a given organization having a collection of members. A member may be represented as an individual user account in the system. The individual user account may be associated, for example, with or belong to a particular organization, company, corporation, government, entity, group, circle, user-base, or tag.

In some implementations, the user-accounts in the organization may belong to or be associated with a smaller distinct group within the organization and are referred to as a sub-organization. Examples of sub-organizations may be departments, teams, task forces, individuals, or partner organizations. Sub-organizations are considered to belong to the organization of which they are a part of. In some implementations, the organization may be referred to as the parent and the sub-organization is referred to as a child.

In some implementations, the hierarchical diagram 104 indicates the root parent organization in the hierarchy by placing it at the top of the chart. Children of the parent organization are indicated by a line drawn from the parent to the child graphically positioned below the parent. A given sub-organizations may include another sub-organization.

For example, as shown in this example, the hierarchical diagram 104 includes a tenant (or parent) “Peabody Company”, shown as “Peabody 110”, and sub-tenants (or child)“Engineering Division” and “Production Division”, shown as “Engineering” 112 and “Production” 114. The Engineering sub-organization 112 has a child “Heavy Equipment Sub-Divisions”, shown as “Heavy equipment” 116. The Production sub-organization 114 has children “South East Production” and “North East Production”, shown as “SE Production” 118 and “NE Production” 120. The SE Production sub-organization 122 has a child “Tampa Office,” shown as “Tampa” 122.

Although depicted as a top-down hierarchy in this implementation, the hierarchy diagram 104 may take any form which facilitates the modification of the organizational structure according to the hierarchical nature described. Thus, the hierarchy diagram 104 may be represented in a horizontal manner with the root parent positioned graphically left or right of the children. The hierarchy diagram 104 may be represented with the root parent positioned graphically below the children. Furthermore, the present disclosure contemplates other organizational charts which adequately represent the hierarchical relationships of organizations and sub-organizations within the organizational units.

In some implementations, the graphical user interface 100 provides an input 124a to add children (i.e., sub-tenant). A selection of the button 124a corresponding to the Peabody organization may, for example, create a child organization that is parallel in the hierarchy to Engineering and Production.

In some implementations, a tenant 106 or sub-tenant 108 may be “dragged and dropped” into the workspace from a list of existing organizations and sub-organizations.

To allow for collaborative data sharing among organizations, in some implementations, the interface may allow for co-tenants 126 to be added and displayed in the main workspace 102. To this end, permissions for organizations that are not associated to one another, rather than by a given asset, may be established for a single workspace. To this end, any inadvertent assignment of permission to an entity may be quickly identified by an end-use using the graphical user interface 100 to set permissions.

In some implementations, the graphical user interface 100 may update a sub-tenant workspace 128 in response to a selection of a tenant 106 or a sub-tenant 108 in the main workspace 102. The sub-tenant workspace 128 may identify the selected organization 132 in the main workspace 102 and a list of sub-tenants 134 associated to the selected item 132. In this example, an end-user has selected “Peabody” 110 in the workspace 102. To this end, the sub-tenant workspace 128 displays the two sub-tenants 112, 118, namely “Engineering” 112 and “Production” 114. The sub-tenant workspace 128 may include an input 136 to remove a given sub-tenant 108 from a given parent (i.e., the parent item 132 being displayed sub-organization workspace 128).

In some implementations, the graphical user interface 100 may include a tenant workspace to remove tenants, such as tenants 138 or 140 (corresponding to tenants 110 and 128), from the main workspace 102. As shown, the two tenants includes “Peabody” 110 and “Joy Mining” 106. Each of the tenants 106, 128 may include an input 142 for an end-user to remove a given tenant 106 from the main workspace 102.

In some implementations, the tenant workspace 136 may include an “add tenant” input 144. Upon selection of the input 144, the graphical user interface 100 may open a dialogue box for a user to select an organization to include from a list. Alternatively, the graphical user interface 100 may add a tenant icon (corresponding to a tenant 106) to the main workspace 102. The end-user can then select the added tenant icon (not shown) to modify its properties (including the corresponding organization) using the sub-tenant workspace 128 and/or the main workspace 102.

As shown, two co-tenant organizations 104, 126 are provided, including “Peabody” 106 and Joy Mining Company 126 (referred to as “Joy Mining” 128). Both “Peabody” 106 and “Joy Mining” 126 are root parent organizations. As co-tenants, the hierarchical diagram 104, 126 are not joined (e.g., shown in some implementations as a line) by an organizational link. “Joy Mining” 128 includes a “Service Division” sub-organization 1308 (referred to as “Service” 130).

In the main workspace 102, the end-user may add organizations (or sub-organizations) associated to either “Peabody” 110 or “Joy Mining” 128. To this end, an end-user may add sub-organizations to “Peabody” 106 or “Joy Mining” 126 using the “add” organization input 124. In some implementations, the selection of the input 124 may open a dialogue box to select an organization from an existing list or to add a new organization.

In some implementations, “Peabody” 110 and “Joy Mining” 128 may be depicted in the workspace 102 parallel to one another in the hierarchy. In some implementations, the graphical user interface 100 may display the hierarchical diagram 104, 106 only as a partial representation of the entire organizational chart. For example, in some implementations, only the tenants are shown. In another example, in some implementations, only the tenants 106 and a defined number of sub-tenants 108, specified with the graphical user interface 100 or by the end-user, are shown.

In some implementations, an organization may wish to grant permissions to particular sub-organizations or other organizations.

This may occur, for example, between companies engaged in an equipment service agreement. An example is a mining Company A that purchased mining equipment from a mining equipment Manufacturer B. Mining company A tracks its maintenance and operational data in the database. If mining Company A grants access to view the maintenance and operational data to manufacturer B, then Manufacturer B can use this information to improve its customer-service operations to mining company A. Manufacturer B may be able to use the maintenance and operational data to create or improve its best practices instructions regarding equipment usage, or to improve components which it observes are failing at a greater than expected rate. For instance, Manufacturer B may observe, directly through the maintenance and operational data collected in mining Company A's database, that bearings in its conveyor system are tending toward failure when operated for more than six hours continuously at ambient temperatures greater than 100° F. Manufacturer B can provide guidance to mining Company A that it should stagger operations at high ambient temperatures in order to allow the bearings to cool, or may determine that a modified lubrication regimen is required at high ambient temperatures, or may modify the construction of the equipment in future products. Both Manufacturer B and mining Company A benefit from this data sharing, since Manufacturer B is able to provide a higher quality of service, and mining company A reduces costs of equipment failure. Such data sharing arrangements may arise organically, or may be negotiated into contract. For example, Manufacturer B may negotiate such data collaborative endeavors into a purchase contract in exchange for some concession such as enhanced warranty service.

In another example, rather than mining Company A being the administrator, equipment Manufacturer B may be the administrator. Manufacturer B can make agreements with several mining companies (for example, Companies A, C, and D) to aggregate the maintenance and operational data to share among the companies, for example, as part of an after-market maintenance service agreement. Manufacturer B may provide a more efficient service in having shared equipment (i.e., less equipment to operate and maintain) to which the mining companies may benefit. Additionally, Manufacturer B may have determine inter-companies best practices or observe inter-companies issues in having aggregated data from all of the mining companies to which Manufacturer B can share in an aggregated manner with the mining companies. Additionally, manufacturer B may improve its products and services using the aggregated set of operational data.

Another example of an organizational relationship which would benefit from collaborative information sharing are naturally symbiotic industries, such as those in which there are producers of a product or equipment, and organizations which operate to service that producer's product. Examples of such industries are automobile manufacturers and automobile dealers, computing device manufacturers and computer service contractors, and the like. For example, an automobile dealer may provide information about maintenance operations and equipment failures, which the automobile manufacturer can use to suggest improved maintenance guidelines and to modify future equipment design. Furthermore, such information, when aggregated from multiple dealers, may enable the manufacturer to anticipate demand for components that are being frequently replaced due to failure, and increase production of replacement components.

An additional organizational structure which may benefit from information sharing are the various sub-organizations under a parent organization. For example, a food product factory may have a broad array of subsidiary companies or departments which all belong to the parent company. Such sub-organizations or departments may include human resources, management, maintenance, sanitation, equipment operators, medical personnel, quality control, shipping and receiving, sales, information technology, and engineering.

Another example of collaborative information sharing may be between a city government and the utility companies. An electricity company may, with consent of the customer, enable the government, universities, and/or government agencies to access billing and electricity utilization information. Such information may be aggregated and used, for example, to anticipate electricity outages, potential capacity problems, or the need for government subsidies in order to increase the level of service.

FIG. 2 is an example graphical user interface 100 for establishing permissions using an organization matrices in accordance with another embodiment of the invention.

In some implementations, the graphical user interface 100 may include an organization workspace 202 to edit properties and members of a given organization. The organization workspace 202 may display the hierarchical diagram 104 of a given organization, including the tenant and its sub-tenants.

When selected, a given tenant or sub-tenant may be highlighted or enunciated in the organization workspace 202. In some implementations, the graphical user interface 100 may include a properties workspace 206 to display information relating to a given tenants 106 or sub-tenants 108 selected in the organization workspace 202. The properties workspace 206 may allow the end user to rename (see, for example, via input 207) the organization as being displayed. The end user may also as a description of the organization using the properties workspace 206.

The main workspace 102 may include an members workspace 208 to display members of the organization. A member may be a part of a sub-tenant or a tenant and generally refers to actual end-users. The members workspace 208 may include an input 210 to add additional members. The members workspace 208 may display a list 212 of existing members within a selected organization. When there are no members included, the members workspace 208 may indicate that the selected organization includes no members having permissions.

In some implementations, the graphical user interface 100 may include setting granular permission controls 204 for a given tenant/sub-tenant. The granular permission controls 204 may include read access, write access, modify access, and change permissions access for an organization or its members and may be specific for operation during design time and during run-time.

In some implementations, if visibility permission is granted to an organization unit, then visibility permission/access is also extended to members of the organizations. The granular security-model may then be employed to grant specific permissions to any users/members of that organization unit.

FIG. 3 is an example graphical user interface 100 for establishing granular permissions controls for a given asset for an organization in accordance with an embodiment of the invention. Specifically, the graphical user interface 100 includes a workspace 300 to display a list of organizations and/or tenants and sub-tenants to which visibility permission is provided. The workspace 300 may include an input 302 to remove a given organization 304 from the list. The workspace 300 may include an input 314 to add permissions for an organization or organization unit. The input 314 may open the main workspace 102, as described in relation to FIG. 1.

The graphical user interface 100 may include a workspace to display a list of organizations and/or tenants to which design-time permission or run-time permission is provided. The design-time permission may be displayed when an end-user selects “design-time” input 310 from the granular permission controls 204. The run-time permission may be displayed when an end-user selects “run-time” input 312 from the granular permission controls 204.

In another aspect of an embodiment of the invention, the graphical user interface 100 may allow a user to configure a class of assets.

FIG. 4 is an example graphical user interface 100 for establishing permissions controls for a class of asset for an organization in accordance with an embodiment of the invention.

In some implementations, a class of assets may refer to a type, rather than individual instance, of a given electronic device. For example, where an asset may be a specific object (for example, a truck), a class of assets may correspond to multiple objects having a set of common properties defined by the class/template. The class of assets may be defined by a data template of the object in which the data template includes one or more properties that define the class/template. For example, the template may include common properties and information that determines or defines what constitute a truck.

In some implementations, the graphical user interface 100 includes a workspace 402 for managing classes of assets. The classes of assets may be part of a development software to build and manage a data-and information-model of assets and classes. In some implementations, the class of assets is referred to as a “Thing”. A “Thing” may be defined as an instance of a “Thing Template.” A “Thing Template” may be an abstract class that can inherit from one or more “Thing Shapes,” which is defined by a set of properties, services, and events, “Thing Template,” and “Thing instance.” To this end, if a “Thing Template” inherits from one or more “Thing Shapes”, all of the properties, events, and services of the “Thing Shapes” are part of the “Thing Template.” When a “Thing instance” is created from a “Thing Template”, all of the properties, events, and services of the “Thing Template” are realized within the “Thing instance.” Thus, if a new service, property, or capability is defined at the “Thing Shape” or “Thing Template” level, each “Thing” instance that is derived from those entities immediately inherits that service, property or capability. To this end, once a new “Thing” is defined in the model, the full set of services and data for the “Thing” is available as a class. Examples of methods of class of assets, as “Things”, are described in co-pending and concurrently filed U.S. patent application, titled “SYSTEM AND METHOD OF ABSTRACTING COMMUNICATION PROTOCOL USING SELF-DESCRIBING MESSAGES”, filed Mar. 21, 2014, naming inventors Rick Bullotta, John Canosa, Bob DeRemer, and Mike Mahoney, and published as U.S. Publication No. 2015/0271299. The text of this application is incorporated by reference in its entirety.

In some implementations, a class of assets may include a set of machinery at an industrial complex having data stored in a given database; a set of computer or an office equipment at a business or government office having data stored in a given database; a set of point-of-sale machine at a market place or vending machines having data stored in a given database; a set of construction equipment or vehicles having data stored in a given database; a set of power generation or distribution equipment having data stored in a given database; a set of power substation or a transmission equipment having data stored in a given database; a set of building meter having data stored in a given database; a set of server having operational data stored in a given database; a set of networking or routing equipment having data stored in a given database; a set of smart appliance having data stored in a given database; a set of exercise machines having data stored in a given database; a set of medical device or prosthesis devices having data stored in a given database; a set of medical diagnostic devices or hospital equipment having data stored in a given database; a set of commercial vehicles or transport containers having data stored in a given database; a set of motor vehicles or electric bicycles having data stored in a given database; a set of cellphones having data stored in a given database, a set of laptops having data stored in a given database, a set of tablet having data stored in a given database, a set of electronic readers having data stored in a given database; or a set of clothing electronic-tag having data stored in a given database.

Referring back to FIG. 4, the workspace 404 includes example types of assets and classes of assets. These assets and classes of assets include sensors 408, security equipment 410, vending machines 412, medical equipment 414, vehicles 416, plant equipment 418, mining equipment 420, and factory machinery 422. A sensor equipment 408, for example, is shown as “AB Test Remote Tunneling Thing” 408. A security equipment 410 is shown as “Security Monitor” 410. A vending machine 412 is shown as “VM-007 Generic Thing” 412. A medical equipment 414 is shown as “CT-2” 414. A class of vehicles 416 is shown as “Vehicle 42” 416. A plant equipment 418 is shown as “P1 L2 Kettle” 418 (referring to a kettle machine on line 2 of a given plant 1). A mining equipment 420 is shown as “Station 3 LOCI” 420. A factory equipment 422 is shown as “Plant 5” 422 (referring to a factory in Yengchang, China).

In some implementations, the graphical user interface 100 may include a search function 424 to search among the classes of assets within the multi-tenant database.

In some implementations, the graphical user interface 100 may include tabs to navigate among the workspaces of the graphical user interface 100.

In some implementations, the graphical user interface 100 may include permission controls 406, such as for design-time permissions, run-time permissions, and visibility permissions, as described in relation to a given asset in FIG. 3.

FIG. 5 is an example graphical user interface 100 for establishing permissions controls for a class of asset for an organization in accordance with another embodiment of the invention.

In some implementations, the graphical user interface 100 includes a workspace 502 to configure permissions for a class of members for a given asset or a class of assets. As shown, the workspace 502 displays visibility permissions for a class of members, including “Everyone” 506 and “Development” 508 for a general class of assets. Such class of assets may be a “Things” 510, as described in relation to FIG. 4.

FIG. 6 is an example graphical user interface 100 for establishing permissions controls for a class of asset for an organization in accordance with another embodiment of the invention.

In some implementations, the graphical user interface 100 includes a permission panel 602 to establish permissions for a class of assets. In some implementations, the permission panel 602 includes a list of visibility permission given to a set of organization units.

As shown, the graphical user interface 100 is configured to set permissions for a class of factory equipment “Kettle” 604. The permission is provided to organization 606, such as the “Tampa office” 122 of the Peabody South East Production Division,” as described in FIG. 1. The “Tampa office” 122 is shown as “Peabody:Tampa” 122. The workspace 602 includes a remove button 608 to remove Peabody:Tampa from the list of organizational units with visibility permission.

In some implementations, the graphical user interface 100 includes an add button 610 (e.g., “Add Org/Org Units” 610) to add members to the list to visibility permissions given for a class of assets. In some implementations, the selection may be made using “drag and drop” mechanism, checkbox selection, and text entry types of interface.

FIG. 7 is an example graphical user interface 100 for adding a given asset in accordance with another embodiment of the invention.

In some implementations, the graphical user interface 100 includes a workspace 702 to add a given asset derived from an asset class. The workspace 702 may include a name field 704, a description field 706, a tag field 708, an asset template 710 (e.g., a “Thing Template”), and a Datashape definition 712.

In some implementations, the name field 704 provides a name of a given asset. As shown, the asset is an “P1_L2_Kettle,” as described in relation to FIG. 1.

In some implementations, the tag field 708 provides metadata labels for the asset (or class of assets). For example, as shown, the “P1_L2_Kettle” 105 includes a type of equipment tag 714 as well as a location tag 716. The equipment tag 714, here, defines “P1_L2_Kettle” as a type of kettle manufacturing equipment (“KettleMfg” located at “Walker EP”). The location tag 716, here, defines “P1_L2_Kettle” as a type of application (located at “Acme Manufacturing”).

In some implementations, the asset template 710 provides a definition of the asset class (here, shown as “Kettle”), as described in relation to FIG. 6. The asset template 710 may be a ThingTemplate, as described in relation to FIG. 4.

In some implementations, the Datashape definition 712 provides a definition of a DataShape, as described in relation to FIG. 4.

FIG. 8 is a flowchart of an example method 800 of establishing permissions using an organization matrices in accordance with an embodiment of the invention.

In some implementations, the method 800 includes providing, by a processor of a computer, a computing application for setting permissions for accessing data entries of a multi-tenant database (step 802). The data entries may store data associated with a number of computing devices where the multi-tenant database is accessible by two or more tenants (such as 104), as described in relation to FIG. 1. The two or more tenants may include a first sub-tenant and a second sub-tenant where the first sub-tenant and the second sub-tenant are a part of the first tenant. The tenants may include a third sub-tenant and a fourth sub-tenant where the third sub-tenant and the fourth sub-tenant are a part of the second tenant.

In some implementations, at least two of the tenants may not be a part of the same organization. The graphical user interface 100 may be configured to receive at least one permission setting selected from group consisting of a read permission, a write permission, and a modify permission.

In some implementations, the method 800 includes displaying, via the computing application, a graphical user interface 100 associated with the computer where the graphical user interface 100 displays the one or more tenants (such as 104) in a single workspace (such as 102) and where the tenants are displayed with a hierarchical structure (step 804). The graphical user interface 100 may display each of the first tenant and second tenant as an object where the object include an graphical input to add a sub-tenant to the respective first tenant and second tenant.

In some implementations, the method 800 includes receiving, in the workspace at the graphical user interface, a first permission command to establish the permissions for a first tenant and a second permission command to establish the permissions for a second tenant of the two or more tenants (step 806).

In some implementations, the method 800 includes causing, by a processor of the computing application, the permissions for the first tenant and the second tenant to be set using the received first permission command and the received second permission command (step 808).

In some implementations, the method may further include receiving, in the workspace at the graphical user interface of the computing application, a third permission command to establish the permissions for a third tenant where the graphical user interface shows the first object and the second object as hierarchical subunits of the third object.

FIG. 9 shows an example of a computing device 900 and a mobile computing device 950 that can be used to implement the techniques described in this disclosure. The computing device 900 is intended to represent various forms of digital computers, such as laptops, desktops, workstations, personal digital assistants, servers, blade servers, mainframes, and other appropriate computers. The mobile computing device 950 is intended to represent various forms of mobile devices, such as personal digital assistants, cellular telephones, smart-phones, and other similar computing devices. The components shown here, their connections and relationships, and their functions, are meant to be examples only, and are not meant to be limiting.

The computing device 900 includes a processor 902, a memory 904, a storage device 906, a high-speed interface 908 connecting to the memory 904 and multiple high-speed expansion ports 910, and a low-speed interface 912 connecting to a low-speed expansion port 914 and the storage device 906. Each of the processor 902, the memory 904, the storage device 906, the high-speed interface 909, the high-speed expansion ports 910, and the low-speed interface 912, are interconnected using various busses, and may be mounted on a common motherboard or in other manners as appropriate. The processor 902 can process instructions for execution within the computing device 900, including instructions stored in the memory 904 or on the storage device 906 to display graphical information for a GUI on an external input/output device, such as a display 916 coupled to the high-speed interface 908. In other implementations, multiple processors and/or multiple buses may be used, as appropriate, along with multiple memories and types of memory. Also, multiple computing devices may be connected, with each device providing portions of the necessary operations (e.g., as a server bank, a group of blade servers, or a multi-processor system).

The memory 904 stores information within the computing device 900. In some implementations, the memory 904 is a volatile memory unit or units. In some implementations, the memory 904 is a non-volatile memory unit or units. The memory 904 may also be another form of computer-readable medium, such as a magnetic or optical disk.

The storage device 906 is capable of providing mass storage for the computing device 900. In some implementations, the storage device 906 may be or contain a computer-readable medium, such as a floppy disk device, a hard disk device, an optical disk device, or a tape device, a flash memory or other similar solid state memory device, or an array of devices, including devices in a storage area network or other configurations. Instructions can be stored in an information carrier. The instructions, when executed by one or more processing devices (for example, processor 902), perform one or more methods, such as those described above. The instructions can also be stored by one or more storage devices such as computer- or machine-readable mediums (for example, the memory 904, the storage device 906, or memory on the processor 902).

The high-speed interface 909 manages bandwidth-intensive operations for the computing device 900, while the low-speed interface 912 manages lower bandwidth-intensive operations. Such allocation of functions is an example only. In some implementations, the high-speed interface 909 is coupled to the memory 904, the display 916 (e.g., through a graphics processor or accelerator), and to the high-speed expansion ports 910, which may accept various expansion cards (not shown). In the implementation, the low-speed interface 912 is coupled to the storage device 906 and the low-speed expansion port 914. The low-speed expansion port 914, which may include various communication ports (e.g., USB, Bluetooth®, Ethernet, wireless Ethernet) may be coupled to one or more input/output devices, such as a keyboard, a pointing device, a scanner, or a networking device such as a switch or router, e.g., through a network adapter.

The computing device 900 may be implemented in a number of different forms, as shown in the figure. For example, it may be implemented as a standard server 920, or multiple times in a group of such servers. In addition, it may be implemented in a personal computer such as a laptop computer 922. It may also be implemented as part of a rack server system 924. Alternatively, components from the computing device 900 may be combined with other components in a mobile device (not shown), such as a mobile computing device 950. Each of such devices may contain one or more of the computing device 900 and the mobile computing device 950, and an entire system may be made up of multiple computing devices communicating with each other.

The mobile computing device 950 includes a processor 952, a memory 964, an input/output device such as a display 954, a communication interface 966, and a transceiver 968, among other components. The mobile computing device 950 may also be provided with a storage device, such as a micro-drive or other device, to provide additional storage. Each of the processor 952, the memory 964, the display 954, the communication interface 966, and the transceiver 968, are interconnected using various buses, and several of the components may be mounted on a common motherboard or in other manners as appropriate.

The processor 952 can execute instructions within the mobile computing device 950, including instructions stored in the memory 964. The processor 952 may be implemented as a chipset of chips that include separate and multiple analog and digital processors. The processor 952 may provide, for example, for coordination of the other components of the mobile computing device 950, such as control of user interfaces, applications run by the mobile computing device 950, and wireless communication by the mobile computing device 950.

The processor 952 may communicate with a user through a control interface 958 and a display interface 956 coupled to the display 954. The display 954 may be, for example, a TFT (Thin-Film-Transistor Liquid Crystal Display) display or an OLED (Organic Light Emitting Diode) display, or other appropriate display technology. The display interface 956 may comprise appropriate circuitry for driving the display 954 to present graphical and other information to a user. The control interface 958 may receive commands from a user and convert them for submission to the processor 952. In addition, an external interface 962 may provide communication with the processor 952, so as to enable near area communication of the mobile computing device 950 with other devices. The external interface 962 may provide, for example, for wired communication in some implementations, or for wireless communication in other implementations, and multiple interfaces may also be used.

The memory 964 stores information within the mobile computing device 950. The memory 964 can be implemented as one or more of a computer-readable medium or media, a volatile memory unit or units, or a non-volatile memory unit or units. An expansion memory 974 may also be provided and connected to the mobile computing device 950 through an expansion interface 972, which may include, for example, a SIMM (Single In Line Memory Module) card interface. The expansion memory 974 may provide extra storage space for the mobile computing device 950, or may also store applications or other information for the mobile computing device 950. Specifically, the expansion memory 974 may include instructions to carry out or supplement the processes described above, and may include secure information also. Thus, for example, the expansion memory 974 may be provide as a security module for the mobile computing device 950, and may be programmed with instructions that permit secure use of the mobile computing device 950. In addition, secure applications may be provided via the SIMM cards, along with additional information, such as placing identifying information on the SIMM card in a non-hackable manner.

The memory may include, for example, flash memory and/or NVRAM memory (non-volatile random access memory), as discussed below. In some implementations, instructions are stored in an information carrier. That the instructions, when executed by one or more processing devices (for example, processor 952), perform one or more methods, such as those described above. The instructions can also be stored by one or more storage devices, such as one or more computer- or machine-readable mediums (for example, the memory 964, the expansion memory 974, or memory on the processor 952). In some implementations, the instructions can be received in a propagated signal, for example, over the transceiver 968 or the external interface 962.

The mobile computing device 950 may communicate wirelessly through the communication interface 966, which may include digital signal processing circuitry where necessary. The communication interface 966 may provide for communications under various modes or protocols, such as GSM voice calls (Global System for Mobile communications), SMS (Short Message Service), EMS (Enhanced Messaging Service), or MMS messaging (Multimedia Messaging Service), CDMA (code division multiple access), TDMA (time division multiple access), PDC (Personal Digital Cellular), WCDMA (Wideband Code Division Multiple Access), CDMA2000, or GPRS (General Packet Radio Service), among others. Such communication may occur, for example, through the transceiver 968 using a radio-frequency. In addition, short-range communication may occur, such as using a Bluetooth®, Wi-Fi™, or other such transceiver (not shown). In addition, a GPS (Global Positioning System) receiver module 970 may provide additional navigation- and location-related wireless data to the mobile computing device 950, which may be used as appropriate by applications running on the mobile computing device 950.

The mobile computing device 950 may also communicate audibly using an audio codec 960, which may receive spoken information from a user and convert it to usable digital information. The audio codec 960 may likewise generate audible sound for a user, such as through a speaker, e.g., in a handset of the mobile computing device 950. Such sound may include sound from voice telephone calls, may include recorded sound (e.g., voice messages, music files, etc.) and may also include sound generated by applications operating on the mobile computing device 950.

The mobile computing device 950 may be implemented in a number of different forms, as shown in the figure. For example, it may be implemented as a cellular telephone 980. It may also be implemented as part of a smart-phone 982, personal digital assistant, or other similar mobile device.

Various implementations of the systems and techniques described here can be realized in digital electronic circuitry, integrated circuitry, specially designed ASICs (application specific integrated circuits), computer hardware, firmware, software, and/or combinations thereof. These various implementations can include implementation in one or more computer programs that are executable and/or interpretable on a programmable system including at least one programmable processor, which may be special or general purpose, coupled to receive data and instructions from, and to transmit data and instructions to, a storage system, at least one input device, and at least one output device.

These computer programs (also known as programs, software, software applications or code) include machine instructions for a programmable processor, and can be implemented in a high-level procedural and/or object-oriented programming language, and/or in assembly/machine language. As used herein, the terms machine-readable medium and computer-readable medium refer to any computer program product, apparatus and/or device (e.g., magnetic discs, optical disks, memory, Programmable Logic Devices (PLDs)) used to provide machine instructions and/or data to a programmable processor, including a machine-readable medium that receives machine instructions as a machine-readable signal. The term machine-readable signal refers to any signal used to provide machine instructions and/or data to a programmable processor.

To provide for interaction with a user, the systems and techniques described here can be implemented on a computer having a display device (e.g., a CRT (cathode ray tube) or LCD (liquid crystal display) monitor) for displaying information to the user and a keyboard and a pointing device (e.g., a mouse or a trackball) by which the user can provide input to the computer. Other kinds of devices can be used to provide for interaction with a user as well; for example, feedback provided to the user can be any form of sensory feedback (e.g., visual feedback, auditory feedback, or tactile feedback); and input from the user can be received in any form, including acoustic, speech, or tactile input.

The systems and techniques described here can be implemented in a computing system that includes a back end component (e.g., as a data server), or that includes a middleware component (e.g., an application server), or that includes a front end component (e.g., a client computer having a graphical user interface or a Web browser through which a user can interact with an implementation of the systems and techniques described here), or any combination of such back end, middleware, or front end components. The components of the system can be interconnected by any form or medium of digital data communication (e.g., a communication network). Examples of communication networks include a local area network (LAN), a wide area network (WAN), and the Internet.

The computing system can include clients and servers. A client and server are generally remote from each other and typically interact through a communication network. The relationship of client and server arises by virtue of computer programs running on the respective computers and having a client-server relationship to each other.

In view of the structure, functions and apparatus of the systems and methods described here, in some implementations, a system and method for determining transaction approval based in part upon consumer purchase behavior are provided. Having described certain implementations of methods and apparatus for supporting transaction approval determination, it will now become apparent to one of skill in the art that other implementations incorporating the concepts of the disclosure may be used. Therefore, the disclosure should not be limited to certain implementations, but rather should be limited only by the spirit and scope of the following claims.

Claims

1. A computer-implemented method comprising: providing, by a processor of a computing device, a graphical user interface for setting visibility permissions for an information model used to manage data entries of a multi-tenant database, the data entries storing data collected from sensors each of which sensors is associated with one of a plurality of computing devices, wherein the multi-tenant database is accessible by two or more tenants, including a first tenant and a second tenant, wherein the first tenant and second tenant are separate business entities, wherein the information model comprises a plurality of asset templates comprising a set of properties, description, and services, wherein an instance of a given computing device of the plurality of computing devices, upon being instantiated in the information model, has an associated set of properties, description, and services of one or more asset templates that define the instance, and wherein permissions for data entries associated with the given computing device are configurable by the instance of the given computing device and by the one or more asset templates that define the instance, wherein a visibility permission command when applied to an asset template of the one or more asset templates is automatically applied to one or more instances instantiated from the asset template;displaying, by the processor, the two or more tenants in a single workspace of the graphical user interface, wherein each of the two or more tenants are displayed as a graphical object and as a root node in a separate and non-connected hierarchical structure, including a first root node in a first hierarchical structure and a second root node in a second hierarchical structure, wherein the first hierarchical structure associated with the first tenant is presented as a set of one or more nodes with links connected therebetween that are simultaneously and non-connectedly displayed with a set of one or more nodes and links that represent the second hierarchical structure associated with the second tenant;receiving, by the processor, a first permission command associated with the first tenant and a second permission command associated with the second tenant, wherein the first permission command comprises a single visibility permission to the information model that is applied for all members of an organization corresponding to the first tenant in the first hierarchical structure, and wherein the second permission command comprises another single visibility permission to the information model that is applied for all members of an organization corresponding to the second tenant in the second hierarchical structure; andcausing, by the processor, the visibility permissions to the information model for each of the first tenant and the second tenant to be set using the received first permission command and the received second permission command, wherein granular security permissions to a given instance and to a given asset template can be granted for members of the two or more tenants once visibility permission is granted for the two or more tenants.
2. The computer-implemented method of claim 1, wherein the multi-tenant database is accessible by one or more sub-tenants that are associatively linked to at least one of the two or more tenants, including a first sub-tenant and a second sub-tenant, wherein the first sub-tenant is associatively linked to the first tenant and is presented as a first child node of the first root node in the first hierarchical structure, and wherein the second sub-tenant is associatively linked to the first tenant and is presented as a second child node of the first root node in the first hierarchal structure.
3. The computer-implemented method of claim 2, wherein each of the graphical objects associated with the two or more tenants and the one or more sub-tenants include a graphical input, wherein selection of the graphical input causes a subsequent graphical object associated with an additional sub-tenant to be added thereto in the two or more hierarchical structures.
4. The computer-implemented method of claim 1, wherein the multi-tenant database is accessible by one or more sub-tenants that are associatively linked to at least one of the two or more tenants, including a third sub-tenant and a fourth sub-tenant, wherein the third sub-tenant is associatively linked to the first tenant and is presented as a first child node of the first root node in the first hierarchical structure, and wherein the fourth sub-tenant is associatively linked to the first sub-tenant and is presented as a second child node of the first child node in the first hierarchal structure.
5. The computer-implemented method of claim 4 further comprising: receiving, by the processor, a third permission command associated with the third sub-tenant, wherein the third permission command comprises a single visibility permission to the information model that is applied for all members of an organization corresponding to the third sub-tenant in the first hierarchical structure; andcausing, by the processor, the visibility permissions to the information model for the third sub-tenant to be set using the received third permission command, wherein granular security permissions to the given instance and to the given asset template can be granted for members of the one or more sub-tenants once visibility permission is granted for the one or more sub-tenants.
6. The computer-implemented method of claim 1, wherein the graphical user interface is configured to receive at least one permission setting selected from the group consisting of a read permission, a write permission, a visibility permission, and a modify permission.
7. The computer-implemented method of claim 1, wherein the first permission command is directed to the asset template.
8. A system comprising: a processor; anda memory, the memory storing instructions that, when executed by the processor, cause the processor to: provide a graphical user interface for setting visibility permissions for an information model used to manage data entries of a multi-tenant database, the data entries storing data collected from sensors each of which sensors is associated with one of a plurality of computing devices, wherein the multi-tenant database is accessible by two or more tenants, including a first tenant and a second tenant, wherein the first tenant and second tenant are separate business entities, wherein the information model comprises a plurality of asset templates comprising a set of properties, description, and services, wherein an instance of a given computing device of the plurality of computing devices, upon being instantiated in the information model, has an associated set of properties, description, and services of one or more asset templates that define the instance, and wherein permissions for data entries associated with the given computing device are configurable by the instance of the given computing device and by the one or more asset templates that define the instance, wherein a visibility permission command when applied to an asset template of the one or more asset templates is automatically applied to one or more instances instantiated from the asset template;display the two or more tenants in a single workspace of the graphical user interface, wherein each of the two or more tenants are displayed as a graphical object and as a root node in a separate and non-connected hierarchical structure, including a first root node in a first hierarchical structure and a second root node in a second hierarchical structure, wherein the first hierarchical structure associated with the first tenant is presented as a set of one or more nodes with links connected therebetween that are simultaneously and non-connectedly displayed with a set of one or more nodes and links that represent the second hierarchical structure associated with the second tenant;receive a first permission command associated with the first tenant and a second permission command associated with the second tenant, wherein the first permission command comprises a single visibility permission to the information model that is applied for all members of an organization corresponding to the first tenant in the first hierarchical structure, and wherein the second permission command comprises another single visibility permission to the information model that is applied for all members of an organization corresponding to the second tenant in the second hierarchical structure; andcause the visibility permissions to the information model for each of the first tenant and the second tenant to be set using the received first permission command and the received second permission command, wherein granular security permissions to a given instance and to a given asset template can be granted for members of the two or more tenants once visibility permission is granted for the two or more tenants.
9. The system of claim 8, wherein the multi-tenant database is accessible by one or more sub-tenants that are associatively linked to at least one of the two or more tenants, including a first sub-tenant and a second sub-tenant, wherein the first sub-tenant is associatively linked to the first tenant and is presented as a first child node of the first root node in the first hierarchical structure, and wherein the second sub-tenant is associatively linked to the first tenant and is presented as a second child node of the first root node in the first hierarchal structure.
10. The system of claim 8, wherein the multi-tenant database is accessible by one or more sub-tenants that are associatively linked to at least one of the two or more tenants, including a third sub-tenant and a fourth sub-tenant, wherein the third sub-tenant is associatively linked to the first tenant and is presented as a first child node of the first root node in the first hierarchical structure, and wherein the fourth sub-tenant is associatively linked to the first sub-tenant and is presented as a second child node of the first child node in the first hierarchical structure.
11. The system of claim 10, wherein the instructions, when executed by the processor, further cause the processor to: receive a third permission command associated with the third sub-tenant, wherein the third permission command comprises a single visibility permission to the information model that is applied for all members of an organization corresponding to the third sub-tenant in the first hierarchical structure; and,cause the visibility permissions to the information model for the third sub-tenant to be set using the received third permission command, wherein granular security permissions to the given instance and to the given asset template can be granted for members of the one or more sub-tenants once visibility permission is granted for the one or more sub-tenants.
12. The system of claim 8, wherein the graphical user interface is configured to receive at least one permission setting selected from the group consisting of a read permission, a write permission, a visibility permission, and a modify permission.
13. The system claim 8, wherein each of the graphical objects associated with the two or more tenants and the one or more sub-tenants include a graphical input, wherein selection of the graphical input causes a subsequent graphical object associated with an additional sub-tenant to be added thereto in the two or more hierarchical structures.
14. The system of claim 8, wherein the first permission command is directed to the asset template.
15. A non-transitory computer readable medium having instructions stored thereon, wherein the instructions, when executed by a processor, cause the processor to: provide a computing application for setting visibility permissions for an information model used to manage data entries of a multi-tenant database, the data entries storing data collected from sensors each of which sensors is associated with one of a plurality of computing devices, wherein the multi-tenant database is accessible by two or more tenants, including a first tenant and a second tenant, wherein the first tenant and second tenant are separate business entities, wherein the information model comprises a plurality of asset templates comprising a set of properties, description, and services, wherein an instance of a given computing device of the plurality of computing devices, upon being instantiated in the information model, has an associated set of properties, description, and services of one or more asset templates that define the instance, and wherein permissions for data entries associated with the given computing device are configurable by the instance of the given computing device and by the one or more asset templates that define the instance, wherein a visibility permission command when applied to an asset template of the one or more asset templates is automatically applied to one or more instances instantiated from the asset template;display a graphical user interface associated with the computer, wherein the graphical user interface displays each of the two or more tenants in a single workspace, and wherein the two or more tenants are displayed as a graphical object and as a root node in a separate and non-connected hierarchical structure, including a first root node in a first hierarchical structure and a second root node in a second hierarchical structure, wherein the first hierarchical structure associated with the first tenant is presented as a set of one or more nodes with links connected therebetween that are simultaneously and non-connectedly displayed with a set of one or more nodes and links that represent the second hierarchical structure associated with the second tenant;receive a first permission command associated with the first tenant and a second permission command associated with the second tenant, wherein the first permission command comprises a single visibility permission to the information model that is applied for all members of an organization corresponding to the first tenant in the first hierarchical structure, and wherein the second permission command comprises another single visibility permission to the information model that is applied for all members of an organization corresponding to the second tenant in the second hierarchical structure; andcause the visibility permissions to the information model for each of the first tenant and the second tenant to be set using the received first permission command and the received second permission command, wherein granular security permissions to a given instance and to a given asset template can be granted for members of the two or more tenants once visibility permission is granted for the two or more tenants.
16. The computer readable medium of claim 15, wherein the multi-tenant database is accessible by one or more sub-tenants that are associatively linked to at least one of the two or more tenants, including a first sub-tenant and a second sub-tenant, wherein the first sub-tenant is associatively linked to the first tenant and is presented as a first child node of the first root node in the first hierarchical structure, and wherein the second sub-tenant is associatively linked to the first tenant and is presented as a second child node of the first root node in the first hierarchal structure.
17. The computer readable medium of claim 15, wherein the multi-tenant database is accessible by one or more sub-tenants that are associatively linked to at least one of the two or more tenants, including a third sub-tenant and a fourth sub-tenant, wherein the third sub-tenant is associatively linked to the first tenant and is presented as a first child node of the first root node in the first hierarchical structure, and wherein the fourth sub-tenant is associatively linked to the first sub-tenant and is presented as a second child node of the first child node in the first hierarchical structure.
18. The computer readable medium of claim 17, wherein the instructions, when executed by the processor, cause the processor to: receive a third permission command associated with the third tenant, wherein the third permission command comprises a single visibility permission to the information model that is applied for all members of an organization corresponding to the third sub-tenant in the first hierarchical structure; andcause the visibility permissions to the information model for the third sub-tenant to be set using the received third permission command, wherein granular security permissions to the given instance and to the given asset template can be granted for members of the one or more sub-tenants once visibility permission is granted for the one or more sub-tenants.
19. The computer readable medium of claim 15, wherein the graphical user interface is configured to receive at least one permission setting selected from group consisting of a read permission, a write permission, a visibility permission, and a modify permission.
20. The computer readable medium of claim 15, wherein each of the graphical objects associated with the two or more tenants and the one or more sub-tenants include a graphical input, wherein selection of the graphical input causes a subsequent graphical object associated with an additional sub-tenant to be added thereto in the two or more hierarchical structures.
21. The computer-readable medium of claim 15, wherein the first permission command is directed to the asset template.

US Referenced Citations (427)

Number	Name	Date	Kind
3656112	Paull	Apr 1972	A
3916412	Amoroso, Jr.	Oct 1975	A
3983484	Hodama	Sep 1976	A
4063173	Nelson et al.	Dec 1977	A
4103250	Jackson	Jul 1978	A
4134068	Richardson	Jan 1979	A
4216546	Litt	Aug 1980	A
4554668	Deman et al.	Nov 1985	A
4601059	Gammenthaler	Jul 1986	A
4680582	Mejia	Jul 1987	A
4704585	Lind	Nov 1987	A
4887204	Johnson et al.	Dec 1989	A
4979170	Gilhousen et al.	Dec 1990	A
5113416	Lindell	May 1992	A
5134615	Freeburg et al.	Jul 1992	A
5159704	Pirolli et al.	Oct 1992	A
5276703	Budin et al.	Jan 1994	A
5361401	Pirillo	Nov 1994	A
5422889	Sevenhans et al.	Jun 1995	A
5454010	Leveque	Sep 1995	A
5479441	Tymes et al.	Dec 1995	A
5493671	Pitt et al.	Feb 1996	A
5515365	Sumner et al.	May 1996	A
5734966	Farrer et al.	Mar 1998	A
5737609	Reed et al.	Apr 1998	A
5805442	Crater et al.	Sep 1998	A
5829003	Okura	Oct 1998	A
5892962	Cloutier	Apr 1999	A
5909640	Farrer et al.	Jun 1999	A
5925100	Drewry et al.	Jul 1999	A
6073138	de l'Etraz	Jun 2000	A
6169992	Beall et al.	Jan 2001	B1
6182252	Wong et al.	Jan 2001	B1
6198480	Cotugno et al.	Mar 2001	B1
6377162	Delestienne et al.	Apr 2002	B1
6430602	Kay et al.	Aug 2002	B1
6473788	Kim et al.	Oct 2002	B1
6510350	Steen, III et al.	Jan 2003	B1
6553405	Desrochers	Apr 2003	B1
6570867	Robinson et al.	May 2003	B1
6618709	Sneeringer	Sep 2003	B1
6675193	Slavin et al.	Jan 2004	B1
6757714	Hansen	Jun 2004	B1
6766361	Venigalla	Jul 2004	B1
6797921	Niedereder et al.	Sep 2004	B1
6810522	Cook et al.	Oct 2004	B2
6813587	McIntyre et al.	Nov 2004	B2
6850255	Muschetto	Feb 2005	B2
6859757	Muehl et al.	Feb 2005	B2
6915330	Hardy et al.	Jul 2005	B2
6980558	Aramoto	Dec 2005	B2
6993555	Kay et al.	Jan 2006	B2
7031520	Tunney	Apr 2006	B2
7046134	Hansen	May 2006	B2
7047159	Muehl et al.	May 2006	B2
7054922	Kinney et al.	May 2006	B2
7082383	Baust et al.	Jul 2006	B2
7082460	Hansen et al.	Jul 2006	B2
7117239	Hansen	Oct 2006	B1
7149792	Hansen et al.	Dec 2006	B1
7178149	Hansen	Feb 2007	B2
7185014	Hansen	Feb 2007	B1
7250862	Bornhoevd et al.	Jul 2007	B2
7254601	Bailer et al.	Aug 2007	B2
7269732	Kilian-Kehr	Sep 2007	B2
7341197	Muehl et al.	Mar 2008	B2
7380236	Hawley	May 2008	B2
7496911	Rowley et al.	Feb 2009	B2
7512555	Finn	Mar 2009	B2
7529570	Shirota	May 2009	B2
7529750	Bair	May 2009	B2
7536673	Brendle et al.	May 2009	B2
7555355	Meyer	Jun 2009	B2
7566005	Heusermann et al.	Jul 2009	B2
7570755	Williams et al.	Aug 2009	B2
7587251	Hopsecger	Sep 2009	B2
7591006	Werner	Sep 2009	B2
7593917	Werner	Sep 2009	B2
7613290	Williams et al.	Nov 2009	B2
7616642	Anke et al.	Nov 2009	B2
7617198	Durvasula	Nov 2009	B2
7624092	Lieske et al.	Nov 2009	B2
7624371	Kulkarni et al.	Nov 2009	B2
7644120	Todorov et al.	Jan 2010	B2
7644129	Videlov	Jan 2010	B2
7647407	Omshehe et al.	Jan 2010	B2
7650607	Resnick et al.	Jan 2010	B2
7653902	Bozak et al.	Jan 2010	B2
7673141	Kilian-Kehr et al.	Mar 2010	B2
7684621	Tunney	Mar 2010	B2
7703024	Kautzleben et al.	Apr 2010	B2
7707550	Resnick et al.	Apr 2010	B2
7725815	Peters	May 2010	B2
7728838	Forney et al.	Jun 2010	B2
7730498	Resnick et al.	Jun 2010	B2
7743015	Schmitt	Jun 2010	B2
7743155	Pisharody et al.	Jun 2010	B2
7752335	Boxenhorn	Jul 2010	B2
7757234	Krebs	Jul 2010	B2
7761354	Kling et al.	Jul 2010	B2
7774369	Herzog et al.	Aug 2010	B2
7779089	Hessmer et al.	Aug 2010	B2
7779383	Bornhoevd et al.	Aug 2010	B2
7783984	Roediger et al.	Aug 2010	B2
7802238	Clinton	Sep 2010	B2
7814044	Schwerk	Oct 2010	B2
7814208	Stephenson et al.	Oct 2010	B2
7817039	Bornhoevd et al.	Oct 2010	B2
7827169	Enenkiel	Nov 2010	B2
7831600	Kilian	Nov 2010	B2
7840701	Hsu et al.	Nov 2010	B2
7852861	Wu et al.	Dec 2010	B2
7853241	Harrison	Dec 2010	B1
7853924	Curran	Dec 2010	B2
7860968	Bornhoevd et al.	Dec 2010	B2
7865442	Sowell	Jan 2011	B1
7865731	Kilian-Kehr	Jan 2011	B2
7865939	Schuster	Jan 2011	B2
7873666	Sauermann	Jan 2011	B2
7882148	Werner et al.	Feb 2011	B2
7886278	Stulski	Feb 2011	B2
7890388	Mariotti	Feb 2011	B2
7890568	Belenki	Feb 2011	B2
7895115	Bayyapu et al.	Feb 2011	B2
7899777	Baier et al.	Mar 2011	B2
7899803	Cotter et al.	Mar 2011	B2
7908278	Akkiraju et al.	Mar 2011	B2
7917629	Werner	Mar 2011	B2
7921137	Lieske et al.	Apr 2011	B2
7921686	Bagepalli et al.	Apr 2011	B2
7925979	Forney et al.	Apr 2011	B2
7937370	Hansen	May 2011	B2
7937408	Stuhec	May 2011	B2
7945691	Dharamshi	May 2011	B2
7953219	Freedman et al.	May 2011	B2
7954107	Mao et al.	May 2011	B2
7954115	Gisolfi	May 2011	B2
7966418	Shedrinsky	Jun 2011	B2
7975024	Nudler	Jul 2011	B2
7987176	Latzina et al.	Jul 2011	B2
7987193	Ganapam et al.	Jul 2011	B2
7992200	Kuehr-McLaren et al.	Aug 2011	B2
8000991	Montagut	Aug 2011	B2
8005879	Bornhoevd et al.	Aug 2011	B2
8024218	Kumar et al.	Sep 2011	B2
8024743	Werner	Sep 2011	B2
8051045	Vogler	Nov 2011	B2
8055758	Hansen	Nov 2011	B2
8055787	Victor et al.	Nov 2011	B2
8060886	Hansen	Nov 2011	B2
8065397	Taylor et al.	Nov 2011	B2
8069362	Gebhart et al.	Nov 2011	B2
8073331	Mazed	Dec 2011	B1
8074215	Cohen et al.	Dec 2011	B2
8081584	Thibault et al.	Dec 2011	B2
8082322	Pascarella et al.	Dec 2011	B1
8090452	Johnson et al.	Jan 2012	B2
8090552	Henry et al.	Jan 2012	B2
8095632	Hessmer et al.	Jan 2012	B2
8108543	Hansen	Jan 2012	B2
8126903	Lehmann et al.	Feb 2012	B2
8127237	Beringer	Feb 2012	B2
8131694	Bender et al.	Mar 2012	B2
8131838	Bornhoevd et al.	Mar 2012	B2
8136034	Stanton et al.	Mar 2012	B2
8145468	Fritzsche et al.	Mar 2012	B2
8145681	Macaleer et al.	Mar 2012	B2
8151257	Zachmann	Apr 2012	B2
8156117	Krylov et al.	Apr 2012	B2
8156208	Bornhoevd et al.	Apr 2012	B2
8156473	Heidasch	Apr 2012	B2
8161075	Long	Apr 2012	B1
8183995	Wang et al.	May 2012	B2
8190708	Short et al.	May 2012	B1
8229944	Latzina et al.	Jul 2012	B2
8230333	Decherd et al.	Jul 2012	B2
8249906	Ponce de Leon	Aug 2012	B2
8250169	Beringer et al.	Aug 2012	B2
8254249	Wen et al.	Aug 2012	B2
8261193	Alur et al.	Sep 2012	B1
8271935	Lewis	Sep 2012	B2
8280009	Stepanian	Oct 2012	B2
8284033	Moran	Oct 2012	B2
8285807	Slavin et al.	Oct 2012	B2
8291039	Shedrinsky	Oct 2012	B2
8291475	Jackson et al.	Oct 2012	B2
8296198	Bhatt et al.	Oct 2012	B2
8296266	Lehmann et al.	Oct 2012	B2
8296413	Bornhoevd et al.	Oct 2012	B2
8301770	van Coppenolle et al.	Oct 2012	B2
8306635	Pryor	Nov 2012	B2
8312383	Gilfix	Nov 2012	B2
8321790	Sherrill et al.	Nov 2012	B2
8321792	Alur et al.	Nov 2012	B1
8331855	Williams et al.	Dec 2012	B2
8346520	Lu et al.	Jan 2013	B2
8359116	Manthey	Jan 2013	B2
8364300	Pouyez et al.	Jan 2013	B2
8370479	Hart et al.	Feb 2013	B2
8370826	Johnson et al.	Feb 2013	B2
8375292	Coffman et al.	Feb 2013	B2
8375362	Brette et al.	Feb 2013	B1
RE44110	Venigalla	Mar 2013	E
8392116	Lehmann et al.	Mar 2013	B2
8392561	Dyer et al.	Mar 2013	B1
8396929	Helfman et al.	Mar 2013	B2
8397056	Malks et al.	Mar 2013	B1
8406119	Taylor et al.	Mar 2013	B2
8412579	Gonzalez	Apr 2013	B2
8417764	Fletcher et al.	Apr 2013	B2
8417854	Weng et al.	Apr 2013	B2
8423418	Hald et al.	Apr 2013	B2
8424058	Vinogradov et al.	Apr 2013	B2
8433664	Ziegler et al.	Apr 2013	B2
8433815	van Coppenolle et al.	Apr 2013	B2
8438132	Dziuk et al.	May 2013	B1
8442933	Baier et al.	May 2013	B2
8442999	Gorelik et al.	May 2013	B2
8443069	Bagepalli et al.	May 2013	B2
8443071	Lu et al.	May 2013	B2
8457996	Winkler et al.	Jun 2013	B2
8458189	Ludwig et al.	Jun 2013	B1
8458315	Miche et al.	Jun 2013	B2
8458596	Malks et al.	Jun 2013	B1
8458600	Dheap et al.	Jun 2013	B2
8473317	Santoso et al.	Jun 2013	B2
8478861	Taylor et al.	Jul 2013	B2
8484156	Hancsarik et al.	Jul 2013	B2
8489527	van Coppenolle et al.	Jul 2013	B2
8490047	Petschnigg et al.	Jul 2013	B2
8490876	Tan et al.	Jul 2013	B2
8495072	Kapoor et al.	Jul 2013	B1
8495511	Redpath	Jul 2013	B2
8495683	van Coppenolle et al.	Jul 2013	B2
8516296	Mendu	Aug 2013	B2
8516383	Bryant et al.	Aug 2013	B2
8521621	Hetzer et al.	Aug 2013	B1
8522217	Dutta et al.	Aug 2013	B2
8522341	Nochta et al.	Aug 2013	B2
8532008	Das et al.	Sep 2013	B2
8533660	Mehr et al.	Sep 2013	B2
8538799	Haller et al.	Sep 2013	B2
8543568	Wagenblatt	Sep 2013	B2
8547838	Lee et al.	Oct 2013	B2
8549157	Schnellbaecher	Oct 2013	B2
8555248	Brunswig et al.	Oct 2013	B2
8560636	Kieselbach	Oct 2013	B2
8560713	Moreira Sa de Souza et al.	Oct 2013	B2
8566193	Singh et al.	Oct 2013	B2
8571908	Li et al.	Oct 2013	B2
8572107	Fan et al.	Oct 2013	B2
8577904	Marston	Nov 2013	B2
8578059	Odayappan et al.	Nov 2013	B2
8578328	Kamiyama et al.	Nov 2013	B2
8578330	Dreiling et al.	Nov 2013	B2
8584082	Baird et al.	Nov 2013	B2
8588765	Harrison	Nov 2013	B1
8594023	He et al.	Nov 2013	B2
8635254	Harvey et al.	Jan 2014	B2
8689181	Biron, III	Apr 2014	B2
8752074	Hansen	Jun 2014	B2
8762497	Hansen	Jun 2014	B2
8769095	Hart et al.	Jul 2014	B2
8788632	Taylor et al.	Jul 2014	B2
8898294	Hansen	Nov 2014	B2
9002980	Shedrinsky	Apr 2015	B2
20020052862	Scott et al.	May 2002	A1
20020099454	Gerrity	Jul 2002	A1
20020138596	Darwin et al.	Sep 2002	A1
20030093710	Hashimoto et al.	May 2003	A1
20030117280	Prehn	Jun 2003	A1
20040027376	Calder et al.	Feb 2004	A1
20040133635	Spriestersbach et al.	Jul 2004	A1
20040158455	Spivack et al.	Aug 2004	A1
20040158629	Herbeck et al.	Aug 2004	A1
20040177124	Hansen	Sep 2004	A1
20040181442	Hensel	Sep 2004	A1
20040205638	Thomas	Oct 2004	A1
20050015369	Styles et al.	Jan 2005	A1
20050021506	Sauermann et al.	Jan 2005	A1
20050027675	Schmitt et al.	Feb 2005	A1
20050060186	Blowers et al.	Mar 2005	A1
20050102362	Price et al.	May 2005	A1
20050198137	Pavlik et al.	Sep 2005	A1
20050213563	Shaffer et al.	Sep 2005	A1
20050240427	Crichlow	Oct 2005	A1
20050273346	Frost	Dec 2005	A1
20050289154	Weiss et al.	Dec 2005	A1
20060186986	Ma et al.	Aug 2006	A1
20060208871	Hansen	Sep 2006	A1
20060236221	McCausland	Oct 2006	A1
20070005736	Hansen et al.	Jan 2007	A1
20070016557	Moore et al.	Jan 2007	A1
20070027854	Rao et al.	Feb 2007	A1
20070027914	Agiwal	Feb 2007	A1
20070083554	Crume	Apr 2007	A1
20070162486	Brueggemann et al.	Jul 2007	A1
20070174158	Bredehoeft et al.	Jul 2007	A1
20070260593	Delvat	Nov 2007	A1
20070266384	Labrou et al.	Nov 2007	A1
20070300172	Runge et al.	Dec 2007	A1
20080022370	Beedubail	Jan 2008	A1
20080098085	Krane et al.	Apr 2008	A1
20080172632	Stambaugh	Jul 2008	A1
20080208890	Milam	Aug 2008	A1
20080222599	Nathan et al.	Sep 2008	A1
20080231414	Canosa	Sep 2008	A1
20080244077	Canosa	Oct 2008	A1
20080244594	Chen et al.	Oct 2008	A1
20080255782	Bilac et al.	Oct 2008	A1
20080319947	Latzina et al.	Dec 2008	A1
20090006391	Ram	Jan 2009	A1
20090150431	Schmidt et al.	Jun 2009	A1
20090193148	Jung et al.	Jul 2009	A1
20090259442	Gandikota et al.	Oct 2009	A1
20090265760	Zhu et al.	Oct 2009	A1
20090282045	Hsieh et al.	Nov 2009	A1
20090299990	Setlur et al.	Dec 2009	A1
20090300060	Beringer et al.	Dec 2009	A1
20090319518	Koudas et al.	Dec 2009	A1
20090327337	Lee et al.	Dec 2009	A1
20100017379	Naibo et al.	Jan 2010	A1
20100017419	Francis et al.	Jan 2010	A1
20100063959	Doshi et al.	Mar 2010	A1
20100064277	Baird et al.	Mar 2010	A1
20100077001	Vogel et al.	Mar 2010	A1
20100094843	Cras	Apr 2010	A1
20100125584	Navas	May 2010	A1
20100125826	Rice et al.	May 2010	A1
20100250440	Wang et al.	Sep 2010	A1
20100257242	Morris	Oct 2010	A1
20100286937	Hedley et al.	Nov 2010	A1
20100287075	Herzog et al.	Nov 2010	A1
20100293360	Schoop et al.	Nov 2010	A1
20110004622	Marson	Jan 2011	A1
20110078599	Guertler et al.	Mar 2011	A1
20110078600	Guertler et al.	Mar 2011	A1
20110099190	Kreibe	Apr 2011	A1
20110137883	Lagad et al.	Jun 2011	A1
20110138354	Hertenstein et al.	Jun 2011	A1
20110145712	Pontier et al.	Jun 2011	A1
20110145933	Gambhir et al.	Jun 2011	A1
20110153505	Brunswig et al.	Jun 2011	A1
20110154226	Guertler et al.	Jun 2011	A1
20110161409	Nair et al.	Jun 2011	A1
20110173203	Jung et al.	Jul 2011	A1
20110173220	Jung et al.	Jul 2011	A1
20110173264	Kelly	Jul 2011	A1
20110184962	Palmer	Jul 2011	A1
20110208788	Heller et al.	Aug 2011	A1
20110209069	Mohler	Aug 2011	A1
20110219327	Middleton, Jr. et al.	Sep 2011	A1
20110231592	Bleier et al.	Sep 2011	A1
20110276360	Barth et al.	Nov 2011	A1
20110307295	Steiert et al.	Dec 2011	A1
20110307363	N et al.	Dec 2011	A1
20110307405	Hammer et al.	Dec 2011	A1
20110320525	Agarwal et al.	Dec 2011	A1
20120005577	Chakra et al.	Jan 2012	A1
20120059856	Kreibe et al.	Mar 2012	A1
20120066755	Peddada	Mar 2012	A1
20120072435	Han	Mar 2012	A1
20120072885	Taragin et al.	Mar 2012	A1
20120078959	Cho et al.	Mar 2012	A1
20120096429	Desai et al.	Apr 2012	A1
20120096521	Peddada	Apr 2012	A1
20120131473	Biron, III	May 2012	A1
20120136649	Freising et al.	May 2012	A1
20120143970	Hansen	Jun 2012	A1
20120144370	Kemmler et al.	Jun 2012	A1
20120150859	Hu	Jun 2012	A1
20120158914	Hansen	Jun 2012	A1
20120166319	Deledda et al.	Jun 2012	A1
20120167006	Tillert et al.	Jun 2012	A1
20120173581	Hartig et al.	Jul 2012	A1
20120173671	Callaghan et al.	Jul 2012	A1
20120197488	Lee et al.	Aug 2012	A1
20120197852	Dutta et al.	Aug 2012	A1
20120197856	Banka et al.	Aug 2012	A1
20120197898	Pandey et al.	Aug 2012	A1
20120197911	Banka et al.	Aug 2012	A1
20120239381	Heidasch	Sep 2012	A1
20120239606	Heidasch	Sep 2012	A1
20120254825	Sharma et al.	Oct 2012	A1
20120259932	Kang et al.	Oct 2012	A1
20120284259	Jehuda	Nov 2012	A1
20120311501	Nonez et al.	Dec 2012	A1
20120311526	DeAnna et al.	Dec 2012	A1
20120311547	DeAnna et al.	Dec 2012	A1
20120324066	Alam et al.	Dec 2012	A1
20130002676	Ziemann	Jan 2013	A1
20130006400	Caceres et al.	Jan 2013	A1
20130036137	Ollis et al.	Feb 2013	A1
20130054563	Heidasch	Feb 2013	A1
20130060791	Szalwinski et al.	Mar 2013	A1
20130067031	Shedrinsky	Mar 2013	A1
20130067302	Chen et al.	Mar 2013	A1
20130073969	Blank et al.	Mar 2013	A1
20130080898	Lavian et al.	Mar 2013	A1
20130110496	Heidasch	May 2013	A1
20130110861	Roy et al.	May 2013	A1
20130124505	Bullotta et al.	May 2013	A1
20130124616	Bullotta et al.	May 2013	A1
20130125053	Brunswig et al.	May 2013	A1
20130132385	Bullotta et al.	May 2013	A1
20130159063	Fessler	Jun 2013	A1
20130166563	Mueller et al.	Jun 2013	A1
20130166569	Navas	Jun 2013	A1
20130173062	Koenig-Richardson	Jul 2013	A1
20130179565	Hart et al.	Jul 2013	A1
20130185593	Taylor et al.	Jul 2013	A1
20130185786	Dyer et al.	Jul 2013	A1
20130191767	Peters et al.	Jul 2013	A1
20130207980	Ankisettipalli et al.	Aug 2013	A1
20130211555	Lawson et al.	Aug 2013	A1
20130232539	Polunin	Sep 2013	A1
20130246475	Kuruganti	Sep 2013	A1
20130246897	O'Donnell	Sep 2013	A1
20130262641	Zur et al.	Oct 2013	A1
20130275344	Heidasch	Oct 2013	A1
20130275550	Lee et al.	Oct 2013	A1
20130304581	Soroca et al.	Nov 2013	A1
20140019432	Lunenfeld	Jan 2014	A1
20140053110	Brown	Feb 2014	A1
20140282370	Schaefer et al.	Sep 2014	A1
20140365426	Brown	Dec 2014	A1
20150326512	Chiu	Nov 2015	A1

Foreign Referenced Citations (6)

Number	Date	Country
0497010	Aug 1992	EP
1187015	Mar 2002	EP
WO-9921152	Apr 1999	WO
WO-0077592	Dec 2000	WO
WO-2008115995	Sep 2008	WO
WO-2014145084	Sep 2014	WO

Non-Patent Literature Citations (5)

Entry
Hart Server, retrieved from 2001 internet archive of hartcomm.org http://www.hartcomm.org/server2/index.html, 13 pages (2001).
Ray, Erik T., Learning XML, First Edition, 277 pages (2001).
Shi, L. et al., Understanding Text Corpora with Multiple Facets, IEEE Symposium on Visual Analytics Science and Technology (VAST), 99-106 (2010).
International Search Report, PCT/US2015/021863, 3 pages, dated Jun. 25, 2015.
Written Opinion, PCT/US2015/021863, 6 pages, dated Jun. 25, 2015.

Related Publications (1)

	Number	Date	Country
	20150269390 A1	Sep 2015	US

System and method of establishing permission for multi-tenancy storage using organization matrices

Information

Patent Number

Date Filed

Date Issued

Inventors

Original Assignees

Examiners

Agents

CPC

Field of Search

US

CPC

International Classifications