公开(公告)号：US20240169086A1

公开(公告)日：2024-05-23

申请号：US18227818

申请日：2023-07-28

Applicant: Snowflake Inc.

Inventor： Vikas Jain ,  Eric Karlson ,  Sepideh Khoshnood

IPC: G06F21/62

CPC classification number: G06F21/6227

Abstract: Embodiments of the present disclosure provide systems and methods for using inherited grants to grant privileges to objects in a container. An inherited grant may be generated that specifies a permission on a first type of object in a container and a grant of the permission to a role. The inherited grant may be attached to the container, wherein the container includes a set of objects of the first type. In response to a first object of the set of objects being referenced via the role, a virtual implied grant may be created based on the inherited grant. Authorization of utilization of the permission on the first object is performed using the virtual implied grant, wherein the virtual implied grant is transient and exists in-memory only for the purpose of authorizing the utilization of the permission on the first object.

公开(公告)号：US12105828B2

公开(公告)日：2024-10-01

申请号：US18227818

申请日：2023-07-28

Applicant: Snowflake Inc.

Inventor： Vikas Jain ,  Eric Karlson ,  Sepideh Khoshnood

IPC: G06F21/60 ,  G06F21/62 ,  H04L9/40

CPC classification number: G06F21/6227 ,  G06F21/604 ,  G06F21/6218 ,  H04L63/10 ,  H04L63/102 ,  H04L63/105 ,  H04L63/101 ,  H04L63/104 ,  H04L63/107

Abstract: Embodiments of the present disclosure provide systems and methods for using inherited grants to grant privileges to objects in a container. An inherited grant may be generated that specifies a permission on a first type of object in a container and a grant of the permission to a role. The inherited grant may be attached to the container, wherein the container includes a set of objects of the first type. In response to a first object of the set of objects being referenced via the role, a virtual implied grant may be created based on the inherited grant. Authorization of utilization of the permission on the first object is performed using the virtual implied grant, wherein the virtual implied grant is transient and exists in-memory only for the purpose of authorizing the utilization of the permission on the first object.

公开(公告)号：US20240169077A1

公开(公告)日：2024-05-23

申请号：US18228546

申请日：2023-07-31

Applicant: Snowflake Inc.

Inventor： Vikas Jain ,  Eric Karlson ,  Sepideh Khoshnood

IPC: G06F21/60 ,  G06F21/62

CPC classification number: G06F21/604 ,  G06F21/6218

Abstract: Embodiments of the present disclosure provide systems and methods for using secure schemas to address inconsistencies between standard RBAC rules and the use of inherited grants. A secure schema may be defined that transfers ownership of an object created in the secure schema to a role that owns the secure schema. An inherited grant may be attached to the secure schema, where the inherited grant specifies a permission on a first type of object in the secure schema and a grant of the permission to the role that owns the secure schema. When objects are created in the secure schema, ownership of each of the set of objects is transferred to the role that owns the secure schema to authorize the role that owns the secure schema to manage grants to the set of objects on the secure schema.

公开(公告)号：US12223082B2

公开(公告)日：2025-02-11

申请号：US18217288

申请日：2023-06-30

Applicant: Snowflake Inc.

Inventor： Vikas Jain ,  Eric Karlson ,  Sepideh Khoshnood ,  Ramana Rao S. Turlapati

IPC: H04L9/40 ,  G06F21/60 ,  G06F21/62

Abstract: Embodiments of the present disclosure provide systems and methods for managing role hierarchies and assignment of permissions by providing secure roles which are roles where the only user that can grant any privilege to the secure role, is the role that owns the secure role. A set of secure roles that defines a role hierarchy may be generated, wherein only a role that owns the set of secure roles can grant any privilege to each of the secure roles. The role that owns the set of secure roles may grant one or more privileges to a first secure role of the set of secure roles. In response to a user other than the role that owns the set of secure roles attempting to grant a privilege to the first secure role or modify a privilege granted to the first secure role, the attempt may be denied.

公开(公告)号：US20240171586A1

公开(公告)日：2024-05-23

申请号：US18217288

申请日：2023-06-30

Applicant: Snowflake Inc.

Inventor： Vikas Jain ,  Eric Karlson ,  Sepideh Khoshnood ,  Ramana Rao S. Turlapati

IPC: H04L9/40

CPC classification number: H04L63/105 ,  H04L63/102

Abstract: Embodiments of the present disclosure provide systems and methods for managing role hierarchies and assignment of permissions by providing secure roles which are roles where the only user that can grant any privilege to the secure role, is the role that owns the secure role. A set of secure roles that defines a role hierarchy may be generated, wherein only a role that owns the set of secure roles can grant any privilege to each of the secure roles. The role that owns the set of secure roles may grant one or more privileges to a first secure role of the set of secure roles. In response to a user other than the role that owns the set of secure roles attempting to grant a privilege to the first secure role or modify a privilege granted to the first secure role, the attempt may be denied.

公开(公告)号：US20250005192A1

公开(公告)日：2025-01-02

申请号：US18885431

申请日：2024-09-13

Applicant: Snowflake Inc.

Inventor： Vikas Jain ,  Eric Karlson ,  Sepideh Khoshnood

IPC: G06F21/62 ,  G06F21/60 ,  H04L9/40

Abstract: Embodiments of the present disclosure provide systems and methods for using secure schemas to address inconsistencies between standard RBAC rules and the use of inherited grants. A secure schema may be defined that transfers ownership of an object created in the secure schema to a role that owns the secure schema. An inherited grant may be attached to the secure schema, where the inherited grant specifies a permission on a first type of object in the secure schema and a grant of the permission to the role that owns the secure schema. When objects are created in the secure schema, ownership of each of the set of objects is transferred to the role that owns the secure schema to authorize the role that owns the secure schema to manage grants to the set of objects on the secure schema.

公开(公告)号：US20240403477A1

公开(公告)日：2024-12-05

申请号：US18805286

申请日：2024-08-14

Applicant: Snowflake Inc.

Inventor： Vikas Jain ,  Eric Karlson ,  Sepideh Khoshnood

IPC: G06F21/62 ,  G06F21/60 ,  H04L9/40

Abstract: Embodiments of the present disclosure provide systems and methods for using inherited grants to grant privileges to objects in a container. An inherited grant may be generated that specifies a permission on a first type of object in a container and a grant of the permission to a role. The inherited grant may be attached to the container, wherein the container includes a set of objects of the first type. In response to a first object of the set of objects being referenced via the role, a virtual implied grant may be created based on the inherited grant. Authorization of utilization of the permission on the first object is performed using the virtual implied grant, wherein the virtual implied grant is transient and exists in-memory only for the purpose of authorizing the utilization of the permission on the first object.

公开(公告)号：US12124602B2

公开(公告)日：2024-10-22

申请号：US18228546

申请日：2023-07-31

Applicant: Snowflake Inc.

Inventor： Vikas Jain ,  Eric Karlson ,  Sepideh Khoshnood

IPC: G06F21/60 ,  G06F21/62 ,  H04L9/40

CPC classification number: G06F21/6227 ,  G06F21/604 ,  G06F21/6218 ,  H04L63/10 ,  H04L63/102 ,  H04L63/105 ,  H04L63/101 ,  H04L63/104 ,  H04L63/107

Abstract: Embodiments of the present disclosure provide systems and methods for using secure schemas to address inconsistencies between standard RBAC rules and the use of inherited grants. A secure schema may be defined that transfers ownership of an object created in the secure schema to a role that owns the secure schema. An inherited grant may be attached to the secure schema, where the inherited grant specifies a permission on a first type of object in the secure schema and a grant of the permission to the role that owns the secure schema. When objects are created in the secure schema, ownership of each of the set of objects is transferred to the role that owns the secure schema to authorize the role that owns the secure schema to manage grants to the set of objects on the secure schema.