US 12,086,100 B2
Data deletion in multi-tenant database
Sheng Wang, Kirkland, WA (US); and Tuan Doan, San Francisco, CA (US)
Assigned to STRIPE, INC., South San Francisco, CA (US)
Filed by Stripe, Inc., San Francisco, CA (US)
Filed on Feb. 9, 2021, as Appl. No. 17/171,879.
Prior Publication US 2022/0253404 A1, Aug. 11, 2022
Int. Cl. G06F 16/11 (2019.01); G06F 16/16 (2019.01); G06F 16/22 (2019.01); G06F 16/901 (2019.01)
CPC G06F 16/122 (2019.01) [G06F 16/128 (2019.01); G06F 16/162 (2019.01); G06F 16/2228 (2019.01); G06F 16/9024 (2019.01)] 20 Claims
OG exemplary drawing
 
1. A method comprising:
obtaining a document graph of a multi-tenant database, the document graph having a first plurality of nodes, a second plurality of nodes, and edges connecting nodes in the first plurality of nodes and the second plurality of nodes, each node in the first plurality of nodes representing a document stored in the multi-tenant database, each node in-the second plurality of nodes representing a tenant of the multi-tenant database, each edge connecting a node in the first plurality of nodes to a node in the second plurality of nodes representing ownership of a corresponding document by a corresponding tenant, and each edge connecting a node in the first plurality of nodes to another node in the first plurality of nodes indicating a relationship between respective documents, the document graph having one or more cycles, each edge having a direction from a source node to a target node;
obtaining a list of one or more closed tenants, wherein a closed tenant is a former customer who no longer has a relationship with an entity associated with the multi-tenant database;
building a subgraph for each of the one or more closed tenants, each subgraph being an acyclical graph formed by iteratively traversing the document graph in a backwards direction through-each edge beginning at a node in the second plurality of nodes corresponding to a closed tenant of the one or more closed tenants and proceeding to a root node of the document graph, wherein at each iteration visited nodes are marked as visited and processing of the iteration stops when a node previously marked as visited is reached, and wherein each iteration begins at all source nodes for an edge traversed in an immediately preceding iteration, the subgraph including a first group of the first plurality of nodes, the closed tenant excluded from the multi-tenant database;
traversing each subgraph in a forward direction through each edge having a source node visited during building of the subgraph to identify tenant nodes corresponding to the documents among the first group of the first plurality of nodes;
identifying, for all of the documents among the first group of the first plurality of nodes, corresponding auto-delete edges of the subgraph for at least one of the closed tenants;
traversing, for at least one of the one or more closed tenants, all of the auto-delete edges for the subgraph; and
deleting, for the at least one of the one or more closed tenants and with the traversing all of the auto-delete edges, all documents from the multi-tenant database linked with the corresponding auto-delete edges, the plurality of documents each corresponding to a second group of the first plurality of nodes from the subgraph that excludes documents corresponding to the identified tenant nodes.