公开(公告)号：US20240281555A1

公开(公告)日：2024-08-22

申请号：US18475403

申请日：2023-09-27

Applicant: Snowflake Inc.

Inventor： Raja Suresh Krishna Balakrishnan ,  Khalid Zaman Bijon ,  Subramanian Muralidhar ,  David Schultz ,  Jian Xu

IPC: G06F21/62

CPC classification number: G06F21/6227 ,  G06F2221/2141

Abstract: Systems and methods for managing column hiding are provided. The systems and methods receive, from a client device, a query associated with a table. The systems and methods determine an access restriction associated with the client device. The systems and methods identify a column of the table that is restricted by the access restriction associated with the client device. In response to identifying the column of the table that is restricted by the access restriction associated with the client device, the systems and methods provide a result of the query that excludes data corresponding to the column.

公开(公告)号：US11995126B2

公开(公告)日：2024-05-28

申请号：US18104271

申请日：2023-01-31

Applicant: Snowflake Inc.

Inventor： Khalid Zaman Bijon ,  Thierry Cruanes ,  Simon Holm Jensen ,  Allison Waingold Lee ,  Daniel N. Meredith ,  Subramanian Muralidhar ,  David Schultz ,  Zixi Zhang

IPC: G06F16/903

CPC classification number: G06F16/90335

Abstract: A system for enforcing projection constraints on data values stored in specified variables of a shared dataset of a cloud data platform. A request is received from a first account of the cloud data platform that identifies a first operation to be performed on the shared dataset. A first set of data, including data accessed from a first variable, is accessed from the shared dataset to use in performing the first operation. A projection constraint policy attached to the first variable of the shared dataset is determined, and the projection constraint policy is further determined to be enforced based on the request. Based on the first set of data and the first operation, an output to the first request is generated.

公开(公告)号：US20240095393A1

公开(公告)日：2024-03-21

申请号：US18521589

申请日：2023-11-28

Applicant: Snowflake Inc.

Inventor： Artin Avanes ,  Khalid Zaman Bijon ,  Zheng Mi ,  Subramanian Muralidhar ,  David Schultz ,  Jian Xu

IPC: G06F21/62 ,  G06F16/22 ,  G06F21/60

CPC classification number: G06F21/6227 ,  G06F16/2282 ,  G06F21/604 ,  G06F21/62 ,  G06F21/6218 ,  G06F2221/2141

Abstract: Row-level security (RLS) may provide fine-grained access control based on flexible, user-defined access policies to databases, tables, objects, and other data structures. A RLS policy may be an entity or object that defines rules for row access. A RLS policy may be decoupled or independent from any specific table. This allows more robust and flexible control. A RLS policy may then be attached to one or more tables. The RLS policy may include a Boolean-valued expression.

公开(公告)号：US11934543B1

公开(公告)日：2024-03-19

申请号：US18056489

申请日：2022-11-17

Applicant: Snowflake Inc.

Inventor： Jennifer Wenjun Bi ,  Khalid Zaman Bijon ,  Damien Carru ,  Thierry Cruanes ,  Simon Holm Jensen ,  Daniel N. Meredith ,  Subramanian Muralidhar ,  Eric Robinson ,  David Schultz ,  Zixi Zhang

IPC: G06F21/60 ,  G06F21/62

CPC classification number: G06F21/604 ,  G06F21/6227 ,  G06F2221/2113 ,  G06F2221/2141

Abstract: Systems and methods for generating transient object references are provided. The systems and methods perform operations including establishing a session between a first entity and a second entity. The operations include identifying an object that the first entity is authorized to access according to a first set of access privileges. The operations include generating a reference associated with the object. The operations include temporarily authorizing the second entity to access the object using the reference according to a second set of access privileges, the second set of access privileges being derived from the first set of access privileges.

公开(公告)号：US11868502B2

公开(公告)日：2024-01-09

申请号：US18341935

申请日：2023-06-27

Applicant: Snowflake Inc.

Inventor： Artin Avanes ,  Khalid Zaman Bijon ,  Zheng Mi ,  Subramanian Muralidhar ,  David Schultz ,  Jian Xu

IPC: G06F21/62 ,  G06F21/60 ,  G06F16/22

CPC classification number: G06F21/6227 ,  G06F16/2282 ,  G06F21/604 ,  G06F21/62 ,  G06F21/6218 ,  G06F2221/2141

Abstract: Row-level security (RLS) may provide fine-grained access control based on flexible, user-defined access policies to databases, tables, objects, and other data structures. A RLS policy may be an entity or object that defines rules for row access. A RLS policy may be decoupled or independent from any specific table. This allows more robust and flexible control. A RLS policy may then be attached to one or more tables. The RLS policy may include a Boolean-valued expression.

公开(公告)号：US20230409639A1

公开(公告)日：2023-12-21

申请号：US18104271

申请日：2023-01-31

Applicant: Snowflake Inc.

Inventor： Khalid Zaman Bijon ,  Thierry Cruanes ,  Simon Holm Jensen ,  Allison Waingold Lee ,  Daniel N. Meredith ,  Subramanian Muralidhar ,  David Schultz ,  Zixi Zhang

IPC: G06F16/903

CPC classification number: G06F16/90335

Abstract: A system for enforcing projection constraints on data values stored in specified variables of a shared dataset of a cloud data platform. A request is received from a first account of the cloud data platform that identifies a first operation to be performed on the shared dataset. A first set of data, including data accessed from a first variable, is accessed from the shared dataset to use in performing the first operation. A projection constraint policy attached to the first variable of the shared dataset is determined, and the projection constraint policy is further determined to be enforced based on the request. Based on the first set of data and the first operation, an output to the first request is generated.

公开(公告)号：US11809591B1

公开(公告)日：2023-11-07

申请号：US18172404

申请日：2023-02-22

Applicant: Snowflake Inc.

Inventor： Raja Suresh Krishna Balakrishnan ,  Khalid Zaman Bijon ,  Subramanian Muralidhar ,  David Schultz ,  Jian Xu

IPC: G06F21/00 ,  G06F21/62

CPC classification number: G06F21/6227 ,  G06F2221/2141

Abstract: Systems and methods for managing column hiding are provided. The systems and methods receive, from a client device, a query associated with a table. The systems and methods determine an access restriction associated with the client device. The systems and methods identify a column of the table that is restricted by the access restriction associated with the client device. In response to identifying the column of the table that is restricted by the access restriction associated with the client device, the systems and methods provide a result of the query that excludes data corresponding to the column.

公开(公告)号：US20230334167A1

公开(公告)日：2023-10-19

申请号：US18341935

申请日：2023-06-27

Applicant: Snowflake Inc.

Inventor： Artin Avanes ,  Khalid Zaman Bijon ,  Zheng Mi ,  Subramanian Muralidhar ,  David Schultz ,  Jian Xu

IPC: G06F21/62 ,  G06F21/60 ,  G06F16/22

CPC classification number: G06F21/6227 ,  G06F21/604 ,  G06F16/2282 ,  G06F21/62 ,  G06F21/6218 ,  G06F2221/2141

Abstract: Row-level security (RLS) may provide fine-grained access control based on flexible, user-defined access policies to databases, tables, objects, and other data structures. A RLS policy may be an entity or object that defines rules for row access. A RLS policy may be decoupled or independent from any specific table. This allows more robust and flexible control. A RLS policy may then be attached to one or more tables. The RLS policy may include a Boolean-valued expression.

公开(公告)号：US20230252189A1

公开(公告)日：2023-08-10

申请号：US18161574

申请日：2023-01-30

Applicant: Snowflake Inc.

Inventor： Raja Suresh Krishna Balakrishnan ,  Khalid Zaman Bijon ,  Subramanian Muralidhar ,  David Schultz

IPC: G06F21/62 ,  G06F16/28 ,  G06F16/245

CPC classification number: G06F21/6254 ,  G06F16/284 ,  G06F16/245

Abstract: Various embodiments provide for tag-based application of a masking policy, which can be used in connection with a data platform. In particular, various embodiments enable enforcement of one or more masking policies against an entity (e.g., object) of a data platform, such as a database, a table, a row, or a column, based on one or more tags associated with the entity.

公开(公告)号：US11593521B1

公开(公告)日：2023-02-28

申请号：US17650032

申请日：2022-02-04

Applicant: Snowflake Inc.

Inventor： Raja Suresh Krishna Balakrishnan ,  Khalid Zaman Bijon ,  Subramanian Muralidhar ,  David Schultz

IPC: G06F21/62 ,  G06F16/245 ,  G06F16/28

Abstract: Various embodiments provide for tag-based application of a masking policy, which can be used in connection with a data platform. In particular, various embodiments enable enforcement of one or more masking policies against an entity (e.g., object) of a data platform, such as a database, a table, a row, or a column, based on one or more tags associated with the entity.