Abstract: In embodiments, methods and systems for controlling access to custom objects are provided. These techniques for controlling access to custom objects can enable embodiments to utilize a key for the protection of the security of data that is to remain private while not compromising efficiency of a query. The key for a requested custom object is identified and then used so that only an appropriate portion of a custom entity share table is searched to locate access information. It is then determined whether the user can access at least a portion of the custom object, and the appropriate and allowed data is sent to the user.

Abstract: A method and system for streaming information associated with a server and a computing system is described. The method may include increasing a packet size used for the streaming of information from a first packet size to a second packet size based on an identified increase in available bandwidth. The method further includes increasing a number of simultaneous connections used for the streaming of information from a first number of simultaneous connections to a second number of simultaneous connections based on the identified increase in available bandwidth in response to a determination that the second packet size equals a maximum packet size for a protocol used for the streaming of the information.

Abstract: The technology disclosed relates to discovering a previously unknown attribute of stream processing systems according to which client offsets or client subscription queries for a streaming data store rapidly converge to a dynamic tip of a data stream that includes the most recent messages or events. In particular, it relates to grouping clients into bins to reduce a number of queries to the streaming data store by several orders of magnitude when servicing tens, hundreds, thousands or millions of clients. The bin count is further reduced by coalescing bins that have overlapping offsets. It also relates to establishing separate caches only for the current tips of data streams and serving the bins from the caches instead of the backend data store using group queries. Further, the caches are periodically updated to include the most recent messages or events appended to the dynamic tips of the data streams.

Abstract: An ID service on an app server interacts with a corresponding identity app installed on a user device such as a smart phone. At setup, the ID service receives the user's public key and only a segment of the corresponding private key. A special challenge message is created and partially decrypted using the private key segment on the server side, and then decryption is completed on the client app using the remaining segment(s) of the private key to recover the challenge. A token authenticator based on the result of the decryption is sent back to the identity service, for it to verify validity of the result and, if it is valid, enable secure login without requiring a password.

Abstract: An artificial intelligence assistant (“chatbot”) operates within a multi-tenant database and allows users to interact with the underlying structured database through a natural language interface without using a standard structured query language or database interface. Users may interact with the chatbot via a chatroom and perform database queries using natural language expressions in the same manner as asking a person to perform the tasks. In addition, the chatbot may check user permissions and security parameters to determine if the user is permitted to access or alter data within the multi-tenant database.

Abstract: Methods are disclosed for dynamic node allocation for a server system that can automatically heal on failure—minimizing the need for static configuration—dynamically adjusting server resources to match load, and minimize end user wait times. The disclosed methods dynamically allocate nodes to increase capacity for a platform that accepts data queries. Additionally disclosed is a system for rolling version update deployment: workers maintain org lists of org-task-queues that they service; org-affinities between the workers and the org-task-queues require the workers to have access to local copies of immutable data sets to service org-tasks from the org-task-queues of the orgs that they service. A leader running on a worker implements a healing and balancing service that maintains worker redundancy, manages the workers' org-affinities to accumulate orgs on their respective org-lists. The leader implements messaging to the workers to update to a new software version and monitors completion of updates.

Abstract: Systems, methods, and computer-readable media for performance monitoring and tenant migration in multi-tenant and/or cloud computing ecosystems are described. Embodiments may include technologies for scaling multi-tenant systems based on input load characteristics, proactive monitoring and tenant migration in multi-tenant environments, and service isolation in a multi-tenant environments. Other embodiments may be described and/or claimed.

Abstract: Systems and methods for managing recent data items in a database. A method typically includes determining whether a data object managed by an on demand service is designated as able to be accessed by a user at a mobile device and storing locally at a mobile device a plurality of most recently used items viewed for a data object designated as able to be accessed by a user at a mobile device. The method also typically includes determining a single most recently used set from among the stored plurality of most recently used items viewed for at least one data object designated as able to be accessed by a user at a mobile device.

Abstract: Disclosed are examples of systems, apparatus, methods and computer program products for batch job processing using a database system. In some implementations, a data object relationship structure of a first record can be identified. Based on a type of data dependency of the data object relationship structure, a first record and a second record can be determined to be associated. A first batch number can be assigned to the first record and the second record. A first batch job can be defined. It can be determined that a third record is not associated with the first record. A second batch number can be assigned to the third record and a second batch job can be defined.

Abstract: Disclosed are examples of systems, apparatus, methods and computer program products for overriding component attributes in a web application builder. A database system maintains a multi-tenant database associated with a number of users and a number of web application components each with one or more component attributes. The system displays a user interface for the web application builder framework with a layout including a number of web application components, and processes decorator rules for rendering the components. The system also processes decorator override rules for some attributes of the components. The system displays the prepared user interface with decorator rules and overrides, and, based on a user request to access one or more attributes of the components, presents those attributes for display with the decorator override rules applied.

Abstract: Network traffic data associated with computer applications is collected based on static policies. First network parameter vectors are generated over a time period. Each network parameter vector of the first network parameter vectors comprises first optimal values, estimated by a Bayesian learning module using a generative model, for network parameters. Second network parameter vectors are generated over the same time period. Each network parameter vector of the second network parameter vectors comprises second optimal values, computed by a best parameter generator through optimizing an objective function, for the network parameters. It is determined whether the first network parameter vectors converge to the second network parameter vectors and whether network parameter optimization for the network parameters is performing normally.

Abstract: A method of collecting data from multiple sources in a multi-tenant system is provided.

Abstract: According to an implementation of the disclosure, a computing device may record substantially all the network traffic being transported over a first node of a network over a period of time. The computing device may receive an authenticated request from a forensics system that includes access criteria. The first computing device may determine a relevant encrypted and unencrypted portion of the network traffic based on the access criteria. Based on unencrypted portion, the computing device may recalculate an encryption key applicable to the encrypted portion. The computing device may then replicate the relevant portion and the encryption key to the forensics system for forensic analysis.

Abstract: An attempt by a user to login to a destination server is identified from a source server. A destination score is determined based on the count of attempts by the user to login to the destination server and the count of attempts by the user to login to all destination servers. A source given destination score is determined based on the count of attempts by the user to login from the source server to the destination server, and the count of attempts by the user to login to the destination server. An outlier score is determined based on values associated with the destination score and the source given destination score. An alert is output if the outlier score satisfies a threshold.

Abstract: The technology disclosed describes systems and methods for implementing global profiling to track resource usage and performance for multiple threads across multiple servers for a cloud-based system. This disclosed technology provides global profiling to track resource usage across any part of a transaction as it passes between layers of a computing stack regardless of the language being executed, on logically different virtual machines across multiple servers. After data collection stops, the disclosed technology combines the results into a configurable profile view that accurately represents the order of execution of applications and methods, as though they ran on one machine. The disclosed technology builds multiple formats of the data files for different display visualizations.

Abstract: Disclosed are examples of systems, apparatus, methods and computer program products for providing user-customizable permissions governing user access to computing resources in a computing system. For example, a database storing data objects identifying permissions of users, sets of the permissions, and users can be maintained. One or more fields can be displayed on a display of a user device. The one or more fields can be configured to receive input to perform one or more operations. Input can be received from a user via the user interface on the display of the user device. One or more operations can be performed. The database can be updated such that the data objects identify a custom permission or a permission set to which a custom permission has been assigned.

Abstract: A method for presenting search results is provided. The method receives a user input search query; obtains, from a search engine, a first set of search results responsive to the user input search query; efficiently identifies a promoted set of search results for promotion using a set of search promotion rules, each of the set of search promotion rules including a set of terms and one or more document identifiers; revises the first set of search results, based on the identified promoted set, to create a second set of search results; and presents the second set of search results, wherein the second set of search results includes the first set of search results and the promoted set in a promoted position.

Abstract: One or more implementations relate generally to a platform architecture planning process utilizing architecture type unit definitions. For example, an architecture for realizing a customer system on a cloud computing platform may be defined in terms of a plurality of architecture types, each type (AT) defined by plural architecture type units (ATUs), and each ATU comprising a set of ATU Details.

Abstract: A computing system may create a database schema representing tables for data assessment, organization identification (ID), rule ID, data source ID, and data assessment ID. The data assessment table may include a first field representing an organization ID, a second field representing a rule ID, a third field representing a data source ID, wherein the fields correspond to a records in the organization ID table, rule ID table and data source ID table, respectively. The data assessment table may also include a fourth field representing a match status indicating whether a record in data assessment ID table matches a record of a data source associated with the third field, a fifth field representing a data assessment record ID and corresponding to a record in data assessment record ID table, and a sixth field configured as a column family and representing a field of the business object.

Abstract: Disclosed are some implementations of systems, apparatus, methods and computer program products for facilitating data migration. Data migration is customizable according to user-specified data formats. A data migration system monitors the data migration process and automatically retries data migration tasks that have failed. In addition, the results of data migration are reversed according to detected threshold conditions.