公开(公告)号：US11620395B1

公开(公告)日：2023-04-04

申请号：US17898176

申请日：2022-08-29

Applicant: Snowflake Inc.

Inventor： Suraj P. Acharya ,  Damien Carru ,  Vikas Jain ,  Zhen Mo ,  Frantisek Rolinek

IPC: G06F21/00 ,  G06F21/60 ,  G06F16/27 ,  G06F21/62

Abstract: A request to replicate a first account maintained by a data platform is received. Based on the request, account data associated with the account is accessed. The account data comprises security configurations for the first account. In response to the request, the first account is replicated using the account data. A second account results from replicating the first account. The replicating of the first account comprises automatically replicating the security configurations for the first account to the second account. The replicating of the security configurations comprises replicating an identity management configuration of the first account; replicating an authorization configuration of the first account; and replicating an authentication configuration of the first account.

公开(公告)号：US11593354B2

公开(公告)日：2023-02-28

申请号：US16945546

申请日：2020-07-31

Applicant: Snowflake Inc.

Inventor： Damien Carru ,  Thierry Cruanes ,  Istvan Cseri ,  Benoit Dageville ,  Zheng Mi ,  Subramanian Muralidhar

IPC: G06F16/23 ,  G06F16/9535 ,  G06F16/27 ,  G06Q30/00 ,  G06Q30/01

Abstract: A database platform authenticates a system user for access via an application to a database that is associated with a customer account of the database platform. The system user is a first object in a first account-level namespace of the customer account, and the first account-level namespace is distinct from a default account-level namespace of the customer account. The database platform sends, as the system user, a query to the database via the application. The database platform receives, as the system user, results of the query from the database, and stores, as the system user, the results of the query in a first-namespace stage, which is a second object in the first account-level namespace.

公开(公告)号：US11501010B2

公开(公告)日：2022-11-15

申请号：US16883565

申请日：2020-05-26

Applicant: Snowflake Inc.

Inventor： Suraj Prakasha Acharya ,  Damien Carru

IPC: G06F21/62 ,  H04L9/40

Abstract: In an embodiment, an application-provisioning framework of a database platform receives a provisioning request from a requesting entity, requesting provisioning of an application for a customer account of the database platform. In response to receiving the provisioning request, the application-provisioning framework retrieves, from data storage, an application-provisioning blueprint document that lists one or more database objects. The application-provisioning framework provisions, according to the retrieved application-provisioning blueprint document, the one or more listed database objects in a database associated in the database platform with the customer account.

公开(公告)号：US11366920B1

公开(公告)日：2022-06-21

申请号：US17464538

申请日：2021-09-01

Applicant: Snowflake Inc.

Inventor： Damien Carru ,  Pui Kei Johnston Chu ,  Benoit Dageville ,  Shreyas Narendra Desai ,  Subramanian Muralidhar ,  Bowen Zhang

IPC: G06F21/62 ,  G06F16/25 ,  G06F16/21

Abstract: Embodiments of the present disclosure provide systems and methods for defining database roles to allow sharing of the objects within a database in a more granular fashion. A database role is created within a database, and privileges are granted to the database role by a provider account. The database role may be granted to a share object, which would result in the share object being indirectly granted all privileges that have been granted to the database role. Once the share object has been hydrated in the consumer account, the local administrator can then decide which local roles are granted usage on the shared database role, thus ultimately allowing some level of filtering as to which shared objects can be accessed by which local roles.

公开(公告)号：US11349952B2

公开(公告)日：2022-05-31

申请号：US17345101

申请日：2021-06-11

Applicant: Snowflake Inc.

Inventor： Khalid Zaman Bijon ,  Damien Carru ,  Christopher Peter Child ,  Eric Karlson ,  Zheng Mi

IPC: H04L67/306 ,  H04L67/59 ,  G06F9/54 ,  H04L9/40 ,  G06F21/31 ,  H04L67/02 ,  H04L41/50 ,  H04L67/60 ,  H04L41/5041 ,  H04L67/10 ,  H04L67/1097

Abstract: Embodiments of the present disclosure may provide a streamlined process for performing operations, such as data sharing and data replication, using multiple accounts. A global identity (also referred to as an organization user) may be employed, where the global identity may have access to multiple accounts across the same or different deployments. The global identity may switch between accounts from its login session and perform various tasks in the context of different accounts without undergoing further authentication.

公开(公告)号：US20220138184A1

公开(公告)日：2022-05-05

申请号：US17647915

申请日：2022-01-13

Applicant: Snowflake Inc.

Inventor： Damien Carru ,  Thierry Cruanes ,  Istvan Cseri ,  Benoit Dageville ,  Zheng Mi ,  Subramanian Muralidhar

IPC: G06F16/23 ,  G06F16/9535 ,  G06F16/27 ,  G06Q30/00

Abstract: A database platform receives an object identifier from a client in association with a database session. The client is associated with a customer account of the database platform, and the database session is associated with the client. The customer account includes multiple disjoint account-level namespaces, each of which represents a distinct context for resolution of object identifiers, such that matching object identifiers in different account-level namespaces in the customer account do not collide with respect to object-identifier resolution. The database platform determines that the object identifier does not specify an account-level namespace, and responsively resolves the object identifier with reference to a current account-level namespace of the database session by identifying an object corresponding to the object identifier in the customer account.

公开(公告)号：US20220021746A1

公开(公告)日：2022-01-20

申请号：US17345101

申请日：2021-06-11

Applicant: Snowflake Inc.

Inventor： Khalid Zaman Bijon ,  Damien Carru ,  Christopher Peter Child ,  Eric Karlson ,  Zheng Mi

IPC: H04L29/08 ,  H04L29/06 ,  G06F9/54 ,  G06F21/31 ,  H04L12/24

Abstract: Embodiments of the present disclosure may provide a streamlined process for performing operations, such as data sharing and data replication, using multiple accounts. A global identity (also referred to as an organization user) may be employed, where the global identity may have access to multiple accounts across the same or different deployments. The global identity may switch between accounts from its login session and perform various tasks in the context of different accounts without undergoing further authentication.

公开(公告)号：US20210365438A1

公开(公告)日：2021-11-25

申请号：US16945546

申请日：2020-07-31

Applicant: Snowflake Inc.

Inventor： Damien Carru ,  Thierry Cruanes ,  Istvan Cseri ,  Benoit Dageville ,  Zheng Mi ,  Subramanian Muralidhar

IPC: G06F16/23 ,  G06Q30/00 ,  G06F16/27 ,  G06F16/9535

Abstract: A database platform authenticates a system user for access via an application to a database that is associated with a customer account of the database platform. The system user is a first object in a first account-level namespace of the customer account, and the first account-level namespace is distinct from a default account-level namespace of the customer account. The database platform sends, as the system user, a query to the database via the application. The database platform receives, as the system user, results of the query from the database, and stores, as the system user, the results of the query in a first-namespace stage, which is a second object in the first account-level namespace.

公开(公告)号：US20210365437A1

公开(公告)日：2021-11-25

申请号：US16945344

申请日：2020-07-31

Applicant: Snowflake Inc.

Inventor： Damien Carru ,  Thierry Cruanes ,  Istvan Cseri ,  Benoit Dageville ,  Zheng Mi ,  Subramanian Muralidhar

IPC: G06F16/23 ,  G06F16/9535 ,  G06F16/27 ,  G06Q30/00

Abstract: A database platform receives an object identifier from a client in association with a database session. The client is associated with a customer account of the database platform, and the database session is associated with the client. In response to receiving the object identifier, the database platform identifies a resolution namespace for the object identifier, where the resolution namespace for the object identifier is a namespace that is specified in the object identifier if the object identifier includes a specified namespace, and where the resolution namespace is otherwise a current account-level namespace of the database session. The database platform resolves the object identifier with reference to the identified resolution namespace for the object identifier, including identifying an object corresponding to the object identifier in the customer account.

公开(公告)号：US20210344655A1

公开(公告)日：2021-11-04

申请号：US17219700

申请日：2021-03-31

Applicant: Snowflake Inc.

Inventor： Damien Carru ,  Robert Bengt Benedikt Gernhardt ,  Martin Hentschel ,  Nithin Mahesh ,  Eric Robinson

IPC: H04L29/06 ,  G06F16/27 ,  H04L9/30

Abstract: A networked device communication system can configure network devices (e.g., a primary and secondary database) to send and receive sequences of messages, such as replicated data, using one or more keypairs and wrapping keys. The sequences of messages can include an initial set of messages that are encrypted by a wrapping key, and further include another set of messages that are encrypted by a replaced staggered key. The sequence of messages can be configured to be decrypted without exporting keys of hardware security modules.