A system for determining access for a hypercube includes an interface configured to receive a request for access from a user to data in a location in a hypercube; receive a tree structure with subcubes of the hypercube arranged in a hierarchical structure; and receive a user permission list, wherein an element of the user permission list comprises a permission, a root node, and a set of pruned nodes. The system also includes a processor configured to determine a user permission associated with the data in the location of the hypercube using the user permission list; and provide an indication of the user permission.

Systems and methods for controlling record relationship changes in a content management system. The content management system may have several layers of access controls, which may include a layer of access control at the object level, a layer of access control at the row level and a layer of access control at the field level. Access may be controlled at the object level by a user's security profile, at the object record level (or row level) by the user's role, and/or at the object field level by the user's role or a state in a document lifecycle. A secure inbound relationship attribute may be used to control record relationship changes. Actions for creating, deleting and reassigning are permitted only when the inbound relationship is editable according to the secure inbound relationship attribute.

Embodiments of the present disclosure enable users of a data sharing system to build native applications that can be shared with other users of the data sharing system. The native applications can be published and discovered in the data sharing system like any other data listing, and consumers can install them in their local data sharing system account to serve their data processing needs. A provider may define an installation script for installing an application and create a share object to which the installation script may be attached. In response to an imported database being created in a consumer account based on the share object, a native application framework may automatically execute the installation script in the consumer account and may create a set of database roles to manage execution of the application in the consumer account.

This disclosure describes methods, non-transitory computer readable storage media, and systems that provide secure password sharing across a plurality of users and client devices via a shared folder. For example, in one or more embodiments, the disclosed system retrieves a public key set including public encryption keys for client devices having access to the shared folder. The disclosed system provides the public key set to a client device requesting to share the shared folder. The disclosed system receives an encrypted payload for the shared folder and a shared encryption key that is utilized to encrypt the payload and is encrypted in the shared folder utilizing the public key set. The disclosed system also detects key rotation events and notifies one or more client devices to generate a modified shared encryption key and re-encrypt the payload for storage within the shared folder.

Searching encrypted data using encrypted contexts by performing at least the following: configuring a first encryption context that allows access to a first encrypted field, configuring a second encryption context that allows access to a second encrypted field, assigning the first encryption context to a first role and the second encryption context to a second role, assigning the first role to a first user account to allow the first user account to access the first encrypted field, assigning the second role to a second user account to allow the second user to access the second encrypted field, receiving a query request associated with the first user account for a search term, wherein the query request includes instructions to search for an unencrypted version of the search term and a first encrypted value of the search term that is based on the first encryption context.

Methods and apparatuses for providing a permissions-aware search and knowledge management system that incorporates user suggested results, document verification, and intelligent user activity tracking across group hierarchies to improve the quality and relevance of search results are described. The permissions-aware search and knowledge management system may enable content stored across a variety of local and cloud-based data stores to be indexed, searched, and displayed to authorized users. The identification and ranking of relevant documents corresponding with a user's search query may take into account user suggested results from the user and others assigned to the same group as the user, whether the underlying content of a search result was verified by a content owner as being up-to-date, the amount of time that has passed since the underlying content was verified by the content owner, and the recent activity of the user and related group members.

Techniques for sorting encrypted data within a software as a service (SaaS) environment. Data is encrypted on a per symbol basis with a symbol based encryption module. Sort and search functionality preserving encryption that allows other modules to sort tokens and to search for tokens is provided. Encrypted tokens that have been encrypted by the symbol based encryption module are stored in a database. Access to the encrypted tokens is provided through the SaaS environment.

An electronic and paper combined data submission, printing, and retrieval method includes: completing an application in a client terminal, sending the user-entered data in the client terminal to a remote storage server; printing the completed application together with a barcode containing a unique identification code; retrieving the electronic data stored in the remote storage server by scanning said identification code. A system includes: a data encryption module; a data transmission module: an identification code module; a print module; a scan module; an analysis module; a data retrieve module; and a data decryption module.

The present disclosure involves systems and computer implemented methods for protecting portions of electronic documents. An example method includes receiving a request for access to an electronic file having sections, at least one section encrypted using a first key based on a first password. A second key is generated in response to receiving a second password, wherein the second key is generated based on the second password. The second key is compared to the first key. If the second key is identical to the first key, the least one section of the electronic file encrypted using the first key is decrypted using the second key. The electronic file is then presented such that the section(s) previously encrypted using the first cryptographic key is made visible. If the second key is not identical to the first, the electronic file is presented with the encrypted section(s) obscured.

In one example, a method includes allocating separate portions of memory for a control stack and a data stack. The method also includes, upon detecting a call instruction, storing a first return address in the control stack and a second return address in the data stack; and upon detecting a return instruction, popping the first return address from the control stack and the second return address from the data stack and raising an exception if the two return addresses do not match. Otherwise, the return instruction returns the first return address. Additionally, the method includes executing an exception handler in response to the return instruction detecting an exception, wherein the exception handler is to pop one or more return addresses from the control stack until the return address on a top of the control stack matches the return address on a top of the data stack.