公开(公告)号：US12061717B2

公开(公告)日：2024-08-13

申请号：US18062656

申请日：2022-12-07

Applicant: Snowflake Inc.

Inventor： Artin Avanes ,  Khalid Zaman Bijon ,  Damien Carru ,  Thierry Cruanes ,  Vikas Jain ,  Zheng Mi ,  Subramanian Muralidhar

IPC: G06F16/00 ,  G06F16/22 ,  G06F16/248 ,  G06F16/25 ,  G06F16/27 ,  G06F21/62

CPC classification number: G06F21/6227 ,  G06F16/221 ,  G06F16/2282 ,  G06F16/248 ,  G06F16/252 ,  G06F16/27

Abstract: A shared database platform implements dynamic masking on data shared between users where specific data is masked, transformed, or otherwise modified based on preconfigured functions that are associated with user roles. The shared database platform can implement the masking at runtime dynamically in response to users requesting access to a database object that is associated with one or more masking policies.

公开(公告)号：US20240259387A1

公开(公告)日：2024-08-01

申请号：US18160801

申请日：2023-01-27

Applicant: Snowflake Inc.

Inventor： Damien Carru ,  Jeremy Yujui Chen ,  Laxman Mamidi ,  Bowen Zhang

IPC: H04L9/40 ,  G06F21/62

CPC classification number: H04L63/105 ,  G06F21/6218

Abstract: Disclosed herein are systems and methods for managing database-level roles for data sharing. In an embodiment, a database system shares a database that resides in a data-provider account with a data-consumer account. The provider-side database includes a provider-side database-level role. The database system receives a request to grant the provider-side database-level role to a consumer-side account-level role in the data-consumer account. The database system responsively grants a hidden provider-side database-level role in the data-provider account to a hidden consumer-side database-level role in the data-consumer account, where the hidden provider-side database-level role had been granted to the provider-side database-level role, and grants the hidden consumer-side database-level role to the consumer-side account-level role in the data-consumer account.

公开(公告)号：US11909743B1

公开(公告)日：2024-02-20

申请号：US18352059

申请日：2023-07-13

Applicant: Snowflake Inc.

Inventor： Christine A. Avanessians ,  Damien Carru ,  Ramachandran Natarajan Iyer ,  Dennis Edgar Lynch ,  Subramanian Muralidhar

IPC: H04L9/40

CPC classification number: H04L63/105 ,  H04L63/102

Abstract: Systems and methods for an organization-level account for an organization on a data platform, users of which can possess administrative or management privileges with respect to the organization and across one or more others accounts of the organization.

公开(公告)号：US11874944B1

公开(公告)日：2024-01-16

申请号：US18334864

申请日：2023-06-14

Applicant: Snowflake Inc.

Inventor： Christine A. Avanessians ,  Damien Carru ,  Ramachandran Natarajan Iyer ,  Eric Karlson ,  Dennis Edgar Lynch

IPC: G06F21/62 ,  G06F21/31

CPC classification number: G06F21/6218 ,  G06F21/31

Abstract: Provided herein are systems and methods for global data objects on a data platform where the global data objects are accessible at an organization level. In particular, an organization-level global data object provided by various embodiments can be used as a generic organization object that is owned by a specific organization, and can be managed (e.g., created, deleted, or modified) by use of a leader-based model.

公开(公告)号：US20230409724A1

公开(公告)日：2023-12-21

申请号：US18104275

申请日：2023-01-31

Applicant: Snowflake Inc.

Inventor： Damien Carru ,  Jeremy Yujui Chen ,  Mohamad Raja Gani Mohamad Abdul ,  William A. Pugh

IPC: G06F21/62

CPC classification number: G06F21/6218 ,  G06F21/629

Abstract: A data platform for developing and deploying a data application. The data platform receives from a first user the data application and provider granted privileges including a consumer usage privilege and a consumer access to data privilege. The data platform authorizes the second user to access the data platform based on one or more consumer account privileges included in a set of account privileges. The data platform authorizes the second user to execute the data application based on the consumer usage privilege. During execution, the data platform authorizes the data application to access the provider database object based on the consumer access to data privilege, and authorizes the data application to access the consumer database object based on a provider access to data privilege provided by the second user.

公开(公告)号：US20230401326A1

公开(公告)日：2023-12-14

申请号：US18187031

申请日：2023-03-21

Applicant: Snowflake Inc.

Inventor： Damien Carru ,  Jeremy Yujui Chen ,  Pui Kei Johnston Chu ,  Scott C. Gray ,  Unmesh Jagtap ,  Mohamad Raja Gani Mohamad Abdul ,  William A. Pugh ,  Ahmed Waseef Shawkat ,  Xu Xu

IPC: G06F21/62 ,  G06F21/60

CPC classification number: G06F21/6218 ,  G06F21/604 ,  G06F2221/2141 ,  G06F2221/2113

Abstract: A data platform for managing an application as a first-class database object. The data object can include User Interface (UI) components. The data application can be shared by a provider account to a plurality of consumer accounts using a share object and based on grant commands. The consumer accounts can deploy and operate the UI component based on the share object.

公开(公告)号：US11816239B2

公开(公告)日：2023-11-14

申请号：US18048560

申请日：2022-10-21

Applicant: Snowflake Inc.

Inventor： Damien Carru ,  Thierry Cruanes ,  Subramanian Muralidhar ,  Nicola Dan Onose ,  Ryan Michael Thomas Shelly ,  Brian Smith ,  Jaeyun Noh

IPC: G06F21/00 ,  G06F21/62 ,  G06F16/248 ,  H04L9/40 ,  H04L9/32 ,  G06F16/245

CPC classification number: G06F21/6227 ,  G06F16/245 ,  G06F16/248 ,  H04L9/3213 ,  H04L63/102 ,  H04L63/105

Abstract: Techniques described herein can allow users to share cached results of an original query with other users while protecting sensitive information. The techniques described herein can check whether the other users have access to the underlying data queried before allowing those users to see the stored query results. That is, the system may perform privilege checks on the shared users before giving them access to the stored query results but without having to re-run the original query.

公开(公告)号：US11755311B1

公开(公告)日：2023-09-12

申请号：US18169823

申请日：2023-02-15

Applicant: Snowflake Inc.

Inventor： Damien Carru ,  Benoit Dageville ,  Unmesh Jagtap ,  Subramanian Muralidhar ,  Jan Michael Timmerman

IPC: G06F8/65 ,  G06F16/21

CPC classification number: G06F8/65 ,  G06F16/219

Abstract: A versioned schema of a data platform. A process of maintaining a call stack of executing objects of an application package having a versioned schema includes calling, by a first procedure executed by one or more processors, a second procedure of a versioned application instance, and determining, by the first procedure, a version of the second procedure based on a call context. In response to determining that the version of the second procedure is not in the call context, the first procedure determines a current version of the versioned application package adds the current version to the call context as the version of the second procedure.

公开(公告)号：US11750661B1

公开(公告)日：2023-09-05

申请号：US17934899

申请日：2022-09-23

Applicant: Snowflake Inc.

Inventor： Damien Carru ,  Jeremy Yujui Chen ,  Timothy S. Conkling ,  Thierry Cruanes ,  Benoit Dageville ,  Unmesh Jagtap ,  William A. Pugh ,  Shrikant Ravindra Shanbhag ,  Xu Xu

IPC: H04L9/40 ,  G06F16/955

CPC classification number: H04L63/20 ,  G06F16/955 ,  H04L63/102

Abstract: A data platform for managing an application as a first-class database object. The data platform includes at least one processor and a memory storing instructions that cause the at least one processor to perform operations including detecting a data request from a browser for a data object located on the data platform, executing a stored procedure, the stored procedure containing instructions that cause the at least one processor to perform additional operations including instantiating a User Defined Function (UDF) server, an application engine, and the application within a security context of the data platform based on a security policy determined by an owner of the data object. The data platform then communicates with the browser using the application engine as a proxy server.

公开(公告)号：US20230185931A1

公开(公告)日：2023-06-15

申请号：US18167607

申请日：2023-02-10

Applicant: Snowflake Inc.

Inventor： Suraj P. Acharya ,  Damien Carru ,  Vikas Jain ,  Zhen Mo ,  Frantisek Rolinek

IPC: G06F21/60 ,  G06F16/27 ,  G06F21/62

CPC classification number: G06F21/604 ,  G06F21/602 ,  G06F16/27 ,  G06F21/6218 ,  G06F2221/2145

Abstract: A request to replicate a first account maintained by a data platform is received. Based on the request, account data associated with the account is accessed. The account data comprises security configurations for the first account. In response to the request, the first account is replicated using the account data. A second account results from replicating the first account. The replicating of the first account comprises automatically replicating the security configurations for the first account to the second account. The replicating of the security configurations comprises replicating an identity management configuration of the first account; replicating an authorization configuration of the first account; and replicating an authentication configuration of the first account.