公开(公告)号：US20210224409A1

公开(公告)日：2021-07-22

申请号：US16745922

申请日：2020-01-17

申请人： Snowflake Inc.

发明人： Artin Avanes ,  Khalid Zaman Bijon ,  Peter Povinec

IPC分类号： G06F21/62 ,  G06F16/27

摘要： Using container-centric managed access, an administrator is enabled to define a set of future grants for each object that will be created in the future in a container managed by the administrator. When a user creates a database object, the system checks the future grants to determine if any apply to the user, the database object, or the combination. Any applicable future grants are applied to the database object before the user is allowed to modify it. As a result, the administrator is enabled to control the privileges associated with the database object even before the database object is created, while restricting individual object owners from managing privileges on their owned objects.

公开(公告)号：US20210211425A1

公开(公告)日：2021-07-08

申请号：US17249971

申请日：2021-03-19

申请人： Snowflake Inc.

发明人： Polita Paulus ,  Peter Povinec ,  Saurin Shah ,  Srinidhi Karthik Bisthavalli Srinivasa

IPC分类号： H04L29/06 ,  G06F16/25

摘要： A command to load or unload data at a storage location is received. In response to the command, a storage integration object associated with the storage location is identified. The storage integration object identifies a cloud identity object that corresponds to a cloud identity that is associated with a proxy identity object corresponding to a proxy identity granted permission to access the storage location. The data is loaded or unloaded at the storage location by assuming the proxy identity.

公开(公告)号：US20210103672A1

公开(公告)日：2021-04-08

申请号：US17103786

申请日：2020-11-24

申请人： SNOWFLAKE INC.

发明人： Benoit Dageville ,  Thierry Cruanes ,  Martin Hentschel ,  Peter Povinec

IPC分类号： G06F21/62 ,  G06F16/25

摘要： A method of sharing data in a multi-tenant database includes generating a share object in a first account comprising a share role. The method includes associating one or more access rights with the share role, wherein the one or more access rights indicate which objects in the first account are accessible based on the share object. The method includes granting, to a second account, cross-account access rights to the share role or share object in the first account. The method includes receiving a request from the second account to access data or services of the first account. The method further includes providing a response to the second account based on the data or services of the first account.

公开(公告)号：US20200089907A1

公开(公告)日：2020-03-19

申请号：US16694906

申请日：2019-11-25

申请人： Snowflake Inc.

发明人： Allison Waingold Lee ,  Peter Povinec ,  Martin Hentschel ,  Robert Muglia

IPC分类号： G06F21/62

摘要： Systems, methods, and devices for implementing secure views for zero-copy data sharing in a multi-tenant database system are disclosed. :A method includes generating a share object in a first account comprising a share role. The method includes associating view privileges for the share object such that an underlying detail of the share object comprises a secure view definition. The method includes granting, to a second account, cross-account access rights to the share role or share object in the first account. The method includes receiving a request from the second account to access data or services of the first account and providing a response to the second account based on the data or services of the first account. The method is such that the underlying detail of the share object that comprises the secure view definition is hidden from the second account and visible to the first account.

公开(公告)号：US20200042737A1

公开(公告)日：2020-02-06

申请号：US16055824

申请日：2018-08-06

申请人： SNOWFLAKE INC.

发明人： Allison Waingold Lee ,  Peter Povinec ,  Martin Hentschel ,  Robert Muglia

IPC分类号： G06F21/62

摘要： Systems, methods, and devices for implementing secure views for zero-copy data sharing in a multi-tenant database system are disclosed. A method includes generating a share object in a first account comprising a share role. The method includes associating view privileges for the share object such that an underlying detail of the share object comprises a secure view definition. The method includes granting, to a second account, cross-account access rights to the share role or share object in the first account. The method includes receiving a request from the second account to access data or services of the first account and providing a response to the second account based on the data or services of the first account. The method is such that the underlying detail of the share object that comprises the secure view definition is hidden from the second account and visible to the first account.

公开(公告)号：US12013960B2

公开(公告)日：2024-06-18

申请号：US18343361

申请日：2023-06-28

申请人： SNOWFLAKE INC.

发明人： Benoit Dageville ,  Thierry Cruanes ,  Martin Hentschel ,  Peter Povinec

IPC分类号： G06F21/62 ,  G06F16/25

CPC分类号： G06F21/6218 ,  G06F16/256 ,  G06F2221/2145

摘要： A method of sharing data in a multi-tenant database includes inspecting, by a processing device of a multiple tenant database, a sharer account to determine an existence of a link between an alias object in a target account and a database, wherein the database is linked to a first role object included in a share object in the sharer account. The method includes granting a second role object, in the target account, access rights to the alias object, wherein the first role object having one or more grants to one or more resources of the sharer account, and wherein the target account accesses the one or more resources using the one or more grants of the share object and using the alias object without at least one of copying the one or more resources or transmitting the one or more resources.

公开(公告)号：US20240095217A1

公开(公告)日：2024-03-21

申请号：US18522182

申请日：2023-11-28

申请人： Snowflake Inc.

发明人： Tyler Jones ,  Peter Povinec

IPC分类号： G06F16/17 ,  G06F16/14 ,  G06F16/18 ,  H04L67/01 ,  H04L67/14

CPC分类号： G06F16/1734 ,  G06F16/144 ,  G06F16/156 ,  G06F16/1865 ,  H04L67/01 ,  H04L67/14

摘要： In an embodiment, a database platform maintains a first account and a second account, where the second account has stored therein an attachable-and-detachable database session. The database platform receives, from a second-account user in the second account, a request to grant, to a first-account user in the first account, access to the attachable-and-detachable database session, and responsively grants the requested access. The database platform receives, from the first-account user, an attachment request requesting that the first-account user attach to the attachable-and-detachable database session, and responsively sets the attachable-and-detachable database session as a current database session for the first-account user. The database platform executes at least one command received from the first-account user with respect to the attachable-and-detachable database session.

公开(公告)号：US20240061948A1

公开(公告)日：2024-02-22

申请号：US18497179

申请日：2023-10-30

申请人： Snowflake Inc.

发明人： Artin Avanes ,  Khalid Zaman Bijion ,  Peter Povinec

IPC分类号： G06F21/62 ,  G06F16/27

CPC分类号： G06F21/6218 ,  G06F16/27

摘要： Using container-centric managed access, an administrator is enabled to define a set of future grants for each object that will be created in the future in a container managed by the administrator. When a user creates a database object, the system checks the future grants to determine if any apply to the user, the database object, or the combination. Any applicable future grants are applied to the database object before the user is allowed to modify it. As a result, the administrator is enabled to control the privileges associated with the database object even before the database object is created, while restricting individual object owners from managing privileges on their owned objects.

公开(公告)号：US11675815B1

公开(公告)日：2023-06-13

申请号：US18102681

申请日：2023-01-27

申请人： Snowflake Inc.

发明人： Thierry Cruanes ,  Benoit Dageville ,  Florian Andreas Funke ,  Peter Povinec

IPC分类号： G06F16/2455 ,  H04L41/0896 ,  H04L67/1008 ,  G06F16/28 ,  H04L67/1097 ,  H04L41/5025 ,  G06F9/50 ,  H04L43/0817

CPC分类号： G06F16/283 ,  G06F9/5072 ,  G06F16/2455 ,  H04L41/0896 ,  H04L41/5025 ,  H04L67/1008 ,  H04L67/1097 ,  H04L43/0817

摘要： A method for a multi-cluster warehouse includes allocating processing units as part of a data warehouse. The processing units access data within one or more databases in cloud storage resources. The method also includes providing one or more queries to each processing unit within the data warehouse. In response to the queries, each processing unit performs database operations on a particular portion of a database table. The method also includes monitoring a workload of the processing units to determine that a processing capacity of the processing units has reached a threshold processing capacity. The method also includes dynamically adding additional processing units to and removing processing units from the data warehouse as needed based on a workload of the processing units.

公开(公告)号：US11620313B2

公开(公告)日：2023-04-04

申请号：US17118201

申请日：2020-12-10

申请人： SNOWFLAKE INC.

发明人： Florian Andreas Funke ,  Peter Povinec ,  Thierry Cruanes ,  Benoit Dageville

IPC分类号： G06F16/28 ,  H04L67/1097 ,  G06F16/2455 ,  H04L41/0896 ,  H04L67/1008 ,  H04L41/5025 ,  G06F9/50 ,  H04L43/0817

摘要： A method for a multi-cluster warehouse includes allocating a plurality of compute clusters as part of a virtual warehouse. The compute clusters are used to access and perform queries against one or more databases in one or more cloud storage resources. The method includes providing queries for the virtual warehouse to each of the plurality of compute clusters. Each of the plurality of compute clusters of the virtual warehouse receives a plurality of queries so that the computing load is spread across the different clusters. The method also includes dynamically adding compute clusters to and removing compute clusters from the virtual warehouse as needed based on a workload of the plurality of compute clusters.