公开(公告)号：US20240394395A1

公开(公告)日：2024-11-28

申请号：US18787930

申请日：2024-07-29

Applicant: Snowflake Inc.

Inventor： Damien Carru ,  Pui Kei Johnston Chu ,  Benoit Dageville ,  Shreyas Narendra Desai ,  Subramanian Muralidhar ,  Bowen Zhang

IPC: G06F21/62 ,  G06F16/21 ,  G06F16/25

Abstract: Embodiments of the present disclosure relate to sharing data using database roles. Database roles are generated within a database container of a provider account. Grants to a particular subset of the plurality of data objects of the database container may be assigned to each of the database roles, and each of the database roles are granted to a share object. The share object is mounted within a consumer account to generate an imported copy of each of the database roles. The imported copy of one or more of the database roles is granted to each of one or more account level roles of the consumer account. When a new object is added to a particular database role, it is immediately available for consumption by any account level roles to which the imported copy of the particular database role has been granted.

公开(公告)号：US12050711B2

公开(公告)日：2024-07-30

申请号：US18378575

申请日：2023-10-10

Applicant: Snowflake Inc.

Inventor： Damien Carru ,  Pui Kei Johnston Chu ,  Benoit Dageville ,  Shreyas Narendra Desai ,  Subramanian Muralidhar ,  Bowen Zhang

IPC: G06F21/62 ,  G06F16/21 ,  G06F16/25

CPC classification number: G06F21/6218 ,  G06F16/21 ,  G06F16/256 ,  G06F2221/2141

Abstract: Embodiments of the present disclosure relate to sharing data using database roles. Database roles are generated within a database container of a provider account. Grants to a particular subset of the plurality of data objects of the database container may be assigned to each of the database roles, and each of the database roles are granted to a share object. The share object is mounted within a consumer account to generate an imported copy of each of the database roles. The imported copy of one or more of the database roles is granted to each of one or more account level roles of the consumer account. When a new object is added to a particular database role, it is immediately available for consumption by any account level roles to which the imported copy of the particular database role has been granted.

公开(公告)号：US11973763B1

公开(公告)日：2024-04-30

申请号：US18127576

申请日：2023-03-28

Applicant: Snowflake Inc.

Inventor： Damien Carru ,  Pui Kei Johnston Chu ,  Unmesh Jagtap ,  Xiaodi Ke ,  Subramanian Muralidhar ,  James Pan

IPC: H04L9/40 ,  G06F11/07 ,  G06F16/23 ,  H04L67/125 ,  H04L67/30

CPC classification number: H04L63/102 ,  G06F11/079 ,  G06F16/235 ,  H04L67/125 ,  H04L67/30

Abstract: Embodiments of the present disclosure provide a region-specific events account that is used as a central place to store the events shared by consumers of shared applications in that region. Use of such an account helps reduce the operational burden of a provider of the applications as they do not need to determine which accounts have shared events for each different consumer. The provider only needs to login to the events account which is in the same region as the consumer and can query all shared events from different applications that are being used in that region. Also, since the provider can designate an events account in each region, the shared events could be directly ingested into the events account without traveling to a different region.

公开(公告)号：US11934543B1

公开(公告)日：2024-03-19

申请号：US18056489

申请日：2022-11-17

Applicant: Snowflake Inc.

Inventor： Jennifer Wenjun Bi ,  Khalid Zaman Bijon ,  Damien Carru ,  Thierry Cruanes ,  Simon Holm Jensen ,  Daniel N. Meredith ,  Subramanian Muralidhar ,  Eric Robinson ,  David Schultz ,  Zixi Zhang

IPC: G06F21/60 ,  G06F21/62

CPC classification number: G06F21/604 ,  G06F21/6227 ,  G06F2221/2113 ,  G06F2221/2141

Abstract: Systems and methods for generating transient object references are provided. The systems and methods perform operations including establishing a session between a first entity and a second entity. The operations include identifying an object that the first entity is authorized to access according to a first set of access privileges. The operations include generating a reference associated with the object. The operations include temporarily authorizing the second entity to access the object using the reference according to a second set of access privileges, the second set of access privileges being derived from the first set of access privileges.

公开(公告)号：US20230412647A1

公开(公告)日：2023-12-21

申请号：US18353445

申请日：2023-07-17

Applicant: Snowflake Inc.

Inventor： Damien Carru ,  Jeremy Yujui Chen ,  Timothy S. Conkling ,  Thierry Cruanes ,  Benoit Dageville ,  Unmesh Jagtap ,  William A. Pugh ,  Shrikant Ravindra Shanbhag ,  Xu Xu

IPC: H04L9/40 ,  G06F16/955

CPC classification number: H04L63/20 ,  G06F16/955 ,  H04L63/102

Abstract: A data platform for managing an application as a first-class database object. The data platform includes at least one processor and a memory storing instructions that cause the at least one processor to perform operations including detecting a data request from a browser for a data object located on the data platform, executing a stored procedure, the stored procedure containing instructions that cause the at least one processor to perform additional operations including instantiating a User Defined Function (UDF) server, an application engine, and the application within a security context of the data platform based on a security policy determined by an owner of the data object. The data platform then communicates with the browser using the application engine as a proxy server.

公开(公告)号：US11775669B1

公开(公告)日：2023-10-03

申请号：US18060476

申请日：2022-11-30

Applicant: Snowflake Inc.

Inventor： Damien Carru ,  Jeremy Yujui Chen ,  Mohamad Raja Gani Mohamad Abdul ,  William A. Pugh

IPC: G06F21/62

CPC classification number: G06F21/6218 ,  G06F21/629

Abstract: A data platform for developing and deploying a data application. The data platform receives from a first user the data application and provider granted privileges including a consumer usage privilege and a consumer access to data privilege. The data platform authorizes the second user to access the data platform based on one or more consumer account privileges included in a set of account privileges. The data platform authorizes the second user to execute the data application based on the consumer usage privilege. During execution, the data platform authorizes the data application to access the provider database object based on the consumer access to data privilege, and authorizes the data application to access the consumer database object based on a provider access to data privilege provided by the second user.

公开(公告)号：US20230185952A1

公开(公告)日：2023-06-15

申请号：US18167950

申请日：2023-02-13

Applicant: Snowflake Inc.

Inventor： Damien Carru ,  Jeremy Yujui Chen ,  Pui Kei Johnston Chu ,  Thierry Cruanes ,  Istvan Cseri ,  Benoit Dageville ,  Unmesh Jagtap ,  Subramanian Muralidhar

IPC: G06F21/62 ,  G06F9/445 ,  G06Q30/06

CPC classification number: G06F21/6227 ,  G06F9/44505 ,  G06Q30/06 ,  G06F2221/2141

Abstract: Embodiments of the present disclosure enable users of a data sharing system to build native applications that can be shared with other users of the data sharing system. The native applications can be published and discovered in the data sharing system like any other data listing, and consumers can install them in their local data sharing system account to serve their data processing needs. A provider may define an installation script for installing an application and create a share object to which the installation script may be attached. In response to an imported database being created in a consumer account based on the share object, a native application framework may automatically execute the installation script in the consumer account and may create a set of database roles to manage execution of the application in the consumer account.

公开(公告)号：US11574072B2

公开(公告)日：2023-02-07

申请号：US17334315

申请日：2021-05-28

Applicant: Snowflake Inc.

Inventor： Artin Avanes ,  Khalid Zaman Bijon ,  Damien Carru ,  Thierry Cruanes ,  Vikas Jain ,  Zheng Mi ,  Subramanian Muralidhar

IPC: G06F21/62 ,  G06F16/25 ,  G06F16/248 ,  G06F16/22 ,  G06F16/27

Abstract: A shared database platform implements dynamic masking on data shared between users where specific data is masked, transformed, or otherwise modified based on preconfigured functions that are associated with user roles. The shared database platform can implement the masking at runtime dynamically in response to users requesting access to a database object that is associated with one or more masking policies.

公开(公告)号：US11570259B2

公开(公告)日：2023-01-31

申请号：US17661096

申请日：2022-04-28

Applicant: Snowflake Inc.

Inventor： Khalid Zaman Bijon ,  Damien Carru ,  Christopher Peter Child ,  Eric Karlson ,  Zheng Mi

IPC: H04L67/306 ,  G06F9/54 ,  H04L9/40 ,  G06F21/31 ,  H04L67/02 ,  H04L41/50 ,  H04L41/5041 ,  H04L67/10 ,  H04L67/1097 ,  H04L67/59 ,  H04L67/60

Abstract: Embodiments of the present disclosure may provide a streamlined process for performing operations, such as data sharing and data replication, using multiple accounts. A global identity (also referred to as an organization user) may be employed, where the global identity may have access to multiple accounts across the same or different deployments. The global identity may switch between accounts from its login session and perform various tasks in the context of different accounts without undergoing further authentication.

公开(公告)号：US11520920B1

公开(公告)日：2022-12-06

申请号：US17580341

申请日：2022-01-20

Applicant: Snowflake Inc.

Inventor： Damien Carru ,  Jeremy Yujui Chen ,  Pui Kei Johnston Chu ,  Benoit Dageville ,  Subramanian Muralidhar

IPC: G06F12/00 ,  G06F16/00 ,  G06F21/62 ,  G06F16/21 ,  G06F16/2455

Abstract: Embodiments of the present disclosure provide an enhanced method of discovering shared objects that utilizes share authorization in addition to role authorization when a role is attempting to discover shared objects. A consumer account may invoke an operation referencing shared objects within a provider account using an imported database as a current session database. In response, a call context of the operation may be updated to save the imported database as a current session database and the imported database may be mapped to a first share and to a shared database. A first authorization based on whether the role has access privileges to the shared objects may be performed. The shared database may be used to identify schemas and the schemas may be used to identify shares associated with the imported database. A secondary authorization may be performed based on permissions that the shares associated with the imported database have on the shared objects.