公开(公告)号：US11841969B2

公开(公告)日：2023-12-12

申请号：US18057878

申请日：2022-11-22

Applicant: Snowflake Inc.

Inventor： Artin Avanes ,  Khalid Zaman Bijon ,  Peter Povinec

IPC: G06F16/00 ,  G06F21/62 ,  G06F16/27

CPC classification number: G06F21/6218 ,  G06F16/27

Abstract: Using container-centric managed access, an administrator is enabled to define a set of future grants for each object that will be created in the future in a container managed by the administrator. When a user creates a database object, the system checks the future grants to determine if any apply to the user, the database object, or the combination. Any applicable future grants are applied to the database object before the user is allowed to modify it. As a result, the administrator is enabled to control the privileges associated with the database object even before the database object is created, while restricting individual object owners from managing privileges on their owned objects.

公开(公告)号：US11838373B2

公开(公告)日：2023-12-05

申请号：US18149799

申请日：2023-01-04

Applicant: Snowflake Inc.

Inventor： Khalid Zaman Bijon ,  Damien Carru ,  Christopher Peter Child ,  Eric Karlson ,  Zheng Mi

IPC: H04L67/306 ,  G06F9/54 ,  H04L9/40 ,  G06F21/31 ,  H04L67/02 ,  H04L41/50 ,  H04L41/5041 ,  H04L67/10 ,  H04L67/1097 ,  H04L67/59 ,  H04L67/60

CPC classification number: H04L67/306 ,  G06F9/547 ,  G06F21/31 ,  H04L41/50 ,  H04L41/5041 ,  H04L63/08 ,  H04L63/0815 ,  H04L63/102 ,  H04L63/20 ,  H04L67/02 ,  H04L67/10 ,  H04L67/1097 ,  H04L67/59 ,  H04L67/60

Abstract: Embodiments of the present disclosure may provide a streamlined process for performing operations, such as data sharing and data replication, using multiple accounts. A global identity (also referred to as an organization user) may be employed, where the global identity may have access to multiple accounts across the same or different deployments. The global identity may switch between accounts from its login session and perform various tasks in the context of different accounts without undergoing further authentication.

公开(公告)号：US20230089449A1

公开(公告)日：2023-03-23

申请号：US18057878

申请日：2022-11-22

Applicant: Snowflake Inc.

Inventor： Artin Avanes ,  Khalid Zaman Bijon ,  Peter Povinec

IPC: G06F21/62 ,  G06F16/27

Abstract: Using container-centric managed access, an administrator is enabled to define a set of future grants for each object that will be created in the future in a container managed by the administrator. When a user creates a database object, the system checks the future grants to determine if any apply to the user, the database object, or the combination. Any applicable future grants are applied to the database object before the user is allowed to modify it. As a result, the administrator is enabled to control the privileges associated with the database object even before the database object is created, while restricting individual object owners from managing privileges on their owned objects.

公开(公告)号：US11514057B2

公开(公告)日：2022-11-29

申请号：US17689463

申请日：2022-03-08

Applicant: Snowflake Inc.

Inventor： Artin Avanes ,  Khalid Zaman Bijon ,  Yujie Li ,  Zheng Mi ,  Subramanian Muralidhar ,  David Schultz

IPC: G06F16/2457 ,  G06F16/21 ,  G06F16/28 ,  G06F16/27 ,  G06F16/23 ,  G06F16/22

Abstract: A method of implementing object tagging framework starts with the processor receiving a tag creation command including a tag name. In response to the tag creation command, the processor creates a current tag. The processor then receives an association command, the tag name and a source object identifier. The processor determines a source object associated with the source object identifier. The source object includes a tag value. The processor associates the current tag with the source object. The processor receives a replication command including the source object and a target object. The processor causes replication of the source object to the target object that comprises replicating the current tag with the tag name and the tag value in the source object to the target object. Other embodiments are also described herein.

公开(公告)号：US20220256004A1

公开(公告)日：2022-08-11

申请号：US17661096

申请日：2022-04-28

Applicant: Snowflake Inc.

Inventor： Khalid Zaman Bijon ,  Damien Carru ,  Christopher Peter Child ,  Eric Karlson ,  Zheng Mi

IPC: H04L67/306 ,  G06F9/54 ,  H04L9/40 ,  G06F21/31 ,  H04L67/02 ,  H04L41/50 ,  H04L41/5041 ,  H04L67/10 ,  H04L67/1097

Abstract: Embodiments of the present disclosure may provide a streamlined process for performing operations, such as data sharing and data replication, using multiple accounts. A global identity (also referred to as an organization user) may be employed, where the global identity may have access to multiple accounts across the same or different deployments. The global identity may switch between accounts from its login session and perform various tasks in the context of different accounts without undergoing further authentication.

公开(公告)号：US20220229925A1

公开(公告)日：2022-07-21

申请号：US17657578

申请日：2022-03-31

Applicant: Snowflake Inc.

Inventor： Artin Avanes ,  Khalid Zaman Bijon ,  Peter Povinec

IPC: G06F21/62 ,  G06F16/27

Abstract: Using container-centric managed access, an administrator is enabled to define a set of future grants for each object that will be created in the future in a container managed by the administrator. When a user creates a database object, the system checks the future grants to determine if any apply to the user, the database object, or the combination. Any applicable future grants are applied to the database object before the user is allowed to modify it. As a result, the administrator is enabled to control the privileges associated with the database object even before the database object is created, while restricting individual object owners from managing privileges on their owned objects.

公开(公告)号：US20220138342A1

公开(公告)日：2022-05-05

申请号：US17083732

申请日：2020-10-29

Applicant: Snowflake Inc.

Inventor： Artin Avanes ,  Khalid Zaman Bijon ,  Zheng Mi ,  Subramanian Muralidhar ,  David Schultz ,  Jian Xu

IPC: G06F21/62 ,  G06F16/22 ,  G06F21/60

Abstract: Row-level security (RLS) may provide fine-grained access control based on flexible, user-defined access policies to databases, tables, objects, and other data structures. A RLS policy may be an entity or object that defines rules for row access. A RLS policy may be decoupled or independent from any specific table. This allows more robust and flexible control. A RLS policy may then be attached to one or more tables. The RLS policy may include a Boolean-valued expression.

公开(公告)号：US12216662B2

公开(公告)日：2025-02-04

申请号：US18447231

申请日：2023-08-09

Applicant: Snowflake Inc.

Inventor： Artin Avanes ,  Khalid Zaman Bijon ,  Yujie Li ,  Zheng Mi ,  Subramanian Muralidhar ,  David Schultz

IPC: G06F16/2457 ,  G06F16/21 ,  G06F16/22 ,  G06F16/23 ,  G06F16/27 ,  G06F16/28

Abstract: A method of implementing object tagging framework starts with the processor receiving a tag creation command including a tag name. In response to the tag creation command, the processor creates a current tag. The processor then receives an association command, the tag name and a target object identifier. The processor determines a target object associated with the target object identifier. The target object includes a tag value. The processor associates the current tag with the target object. The processor identifies a first child object of the target object. The target object and the first child object are hierarchical objects. In response to determining that the first child object is tag-unassociated, the processor associates the current tag with the first child object. In response to receiving a query including the tag name, the processor generates an output based on the tag name. Other embodiments are also described herein.

公开(公告)号：US20240427924A1

公开(公告)日：2024-12-26

申请号：US18823014

申请日：2024-09-03

Applicant: Snowflake Inc.

Inventor： Raja Suresh Krishna Balakrishnan ,  Khalid Zaman Bijon ,  Subramanian Muralidhar ,  David Schultz ,  Jian Xu

IPC: G06F21/62

Abstract: Systems and methods for managing column hiding are provided. The systems and methods receive, from a client device, a query associated with a table. The systems and methods determine an access restriction associated with the client device. The systems and methods identify a column of the table that is restricted by the access restriction associated with the client device. In response to identifying the column of the table that is restricted by the access restriction associated with the client device, the systems and methods provide a result of the query that excludes data corresponding to the column.

公开(公告)号：US12169580B2

公开(公告)日：2024-12-17

申请号：US18497179

申请日：2023-10-30

Applicant: Snowflake Inc.

Inventor： Artin Avanes ,  Khalid Zaman Bijon ,  Peter Povinec

IPC: G06F16/00 ,  G06F16/27 ,  G06F21/62

Abstract: Using container-centric managed access, an administrator is enabled to define a set of future grants for each object that will be created in the future in a container managed by the administrator. When a user creates a database object, the system checks the future grants to determine if any apply to the user, the database object, or the combination. Any applicable future grants are applied to the database object before the user is allowed to modify it. As a result, the administrator is enabled to control the privileges associated with the database object even before the database object is created, while restricting individual object owners from managing privileges on their owned objects.