公开(公告)号：US12010147B2

公开(公告)日：2024-06-11

申请号：US18053956

申请日：2022-11-09

Applicant: Snowflake Inc.

Inventor： Jeremy Yujui Chen ,  Unmesh Jagtap ,  William A. Pugh ,  Brian Smith ,  Xu Xu

IPC: H04L9/40

CPC classification number: H04L63/20

Abstract: A data platform for developing and deploying a user application within a unified security context. The data platform authorizes a first user to use an editor to access source code of a user application based on security policies of a security context and authorizes the first user to use an application and data manager to set usage privileges for a second user to use the user application based on the security policies of the security context. To provide the user application to the second user, the data platform deploys the user application by instantiating a User Defined Function (UDF) server and an application engine of the UDF server within the security context, instantiating the user application as an application of the application engine within the security context, and authorizing access by the user application to databased on the security policies of the security context.

公开(公告)号：US11886872B1

公开(公告)日：2024-01-30

申请号：US18169812

申请日：2023-02-15

Applicant: Snowflake Inc.

Inventor： Karol Pawel Bienkowski ,  Damien Carru ,  Jeremy Yujui Chen ,  Pui Kei Johnston Chu ,  Benoit Dageville ,  Scott C. Gray ,  Unmesh Jagtap ,  Subramanian Muralidhar

IPC: G06F8/71 ,  G06F9/448

CPC classification number: G06F8/71 ,  G06F9/4488

Abstract: An in-database application package and application instance for a data platform. The data platform creates an application instance of an application package having a versioned schema, creates one or more system roles for the application instance, creates a user role and an administrator role for the application instance, creates one or more objects of the application instance based on a versioned schema, and grants one or more use privileges to the one or more roles. Application instances of the application package are upgraded or patched on the data platform based on application package versions. To ensure a proper upgrade or patch, the data platform tracks versions of executing objects of application instances in a call context.

公开(公告)号：US20230412647A1

公开(公告)日：2023-12-21

申请号：US18353445

申请日：2023-07-17

Applicant: Snowflake Inc.

Inventor： Damien Carru ,  Jeremy Yujui Chen ,  Timothy S. Conkling ,  Thierry Cruanes ,  Benoit Dageville ,  Unmesh Jagtap ,  William A. Pugh ,  Shrikant Ravindra Shanbhag ,  Xu Xu

IPC: H04L9/40 ,  G06F16/955

CPC classification number: H04L63/20 ,  G06F16/955 ,  H04L63/102

Abstract: A data platform for managing an application as a first-class database object. The data platform includes at least one processor and a memory storing instructions that cause the at least one processor to perform operations including detecting a data request from a browser for a data object located on the data platform, executing a stored procedure, the stored procedure containing instructions that cause the at least one processor to perform additional operations including instantiating a User Defined Function (UDF) server, an application engine, and the application within a security context of the data platform based on a security policy determined by an owner of the data object. The data platform then communicates with the browser using the application engine as a proxy server.

公开(公告)号：US11775669B1

公开(公告)日：2023-10-03

申请号：US18060476

申请日：2022-11-30

Applicant: Snowflake Inc.

Inventor： Damien Carru ,  Jeremy Yujui Chen ,  Mohamad Raja Gani Mohamad Abdul ,  William A. Pugh

IPC: G06F21/62

CPC classification number: G06F21/6218 ,  G06F21/629

Abstract: A data platform for developing and deploying a data application. The data platform receives from a first user the data application and provider granted privileges including a consumer usage privilege and a consumer access to data privilege. The data platform authorizes the second user to access the data platform based on one or more consumer account privileges included in a set of account privileges. The data platform authorizes the second user to execute the data application based on the consumer usage privilege. During execution, the data platform authorizes the data application to access the provider database object based on the consumer access to data privilege, and authorizes the data application to access the consumer database object based on a provider access to data privilege provided by the second user.

公开(公告)号：US20230185952A1

公开(公告)日：2023-06-15

申请号：US18167950

申请日：2023-02-13

Applicant: Snowflake Inc.

Inventor： Damien Carru ,  Jeremy Yujui Chen ,  Pui Kei Johnston Chu ,  Thierry Cruanes ,  Istvan Cseri ,  Benoit Dageville ,  Unmesh Jagtap ,  Subramanian Muralidhar

IPC: G06F21/62 ,  G06F9/445 ,  G06Q30/06

CPC classification number: G06F21/6227 ,  G06F9/44505 ,  G06Q30/06 ,  G06F2221/2141

Abstract: Embodiments of the present disclosure enable users of a data sharing system to build native applications that can be shared with other users of the data sharing system. The native applications can be published and discovered in the data sharing system like any other data listing, and consumers can install them in their local data sharing system account to serve their data processing needs. A provider may define an installation script for installing an application and create a share object to which the installation script may be attached. In response to an imported database being created in a consumer account based on the share object, a native application framework may automatically execute the installation script in the consumer account and may create a set of database roles to manage execution of the application in the consumer account.

公开(公告)号：US11520920B1

公开(公告)日：2022-12-06

申请号：US17580341

申请日：2022-01-20

Applicant: Snowflake Inc.

Inventor： Damien Carru ,  Jeremy Yujui Chen ,  Pui Kei Johnston Chu ,  Benoit Dageville ,  Subramanian Muralidhar

IPC: G06F12/00 ,  G06F16/00 ,  G06F21/62 ,  G06F16/21 ,  G06F16/2455

Abstract: Embodiments of the present disclosure provide an enhanced method of discovering shared objects that utilizes share authorization in addition to role authorization when a role is attempting to discover shared objects. A consumer account may invoke an operation referencing shared objects within a provider account using an imported database as a current session database. In response, a call context of the operation may be updated to save the imported database as a current session database and the imported database may be mapped to a first share and to a shared database. A first authorization based on whether the role has access privileges to the shared objects may be performed. The shared database may be used to identify schemas and the schemas may be used to identify shares associated with the imported database. A secondary authorization may be performed based on permissions that the shares associated with the imported database have on the shared objects.

公开(公告)号：US12248587B2

公开(公告)日：2025-03-11

申请号：US18187031

申请日：2023-03-21

Applicant: Snowflake Inc.

Inventor： Damien Carru ,  Jeremy Yujui Chen ,  Pui Kei Johnston Chu ,  Scott C. Gray ,  Unmesh Jagtap ,  Mohamad Raja Gani Mohamad Abdul ,  William A. Pugh ,  Ahmed Waseef Shawkat ,  Xu Xu

IPC: G06F21/60 ,  G06F16/25

Abstract: A data platform for managing an application as a first-class database object. The data object can include User Interface (UI) components. The data application can be shared by a provider account to a plurality of consumer accounts using a share object and based on grant commands. The consumer accounts can deploy and operate the UI component based on the share object.

公开(公告)号：US20240378305A1

公开(公告)日：2024-11-14

申请号：US18316787

申请日：2023-05-12

Applicant: Snowflake Inc.

Inventor： Suraj P. Acharya ,  Jennifer Wenjun Bi ,  Khalid Zaman Bijon ,  Damien Carru ,  Lin Chan ,  Tianyi Chen ,  Jeremy Yujui Chen ,  Thierry Cruanes ,  Benoit Dageville ,  Simon Holm Jensen ,  Boxin Jiang ,  Dmitry A. Lychagin ,  Subramanian Muralidhar ,  Shuaishuai Nie ,  Eric Robinson ,  Sahaj Saini ,  David Schultz ,  Kevin Wang ,  Wenqi Wei ,  Zixi Zhang ,  Xingzhe Zhou

IPC: G06F21/62 ,  G06F21/60

Abstract: Systems and methods for generating object references with selectable scopes are provided. The systems and methods perform operations including calling, by a first entity, a reference generator function using one or more arguments associated with a database object that the first entity is authorized to access according to a first set of access privileges, the one or more arguments comprising a scope definition that defines persistence of a reference. The operations include obtaining, from the reference generator function, a reference to the database object, the reference persisting according to the scope definition. The operations include passing the reference to a second entity to enable the second entity to perform one or more database operations on the database object according to a second set of access privileges derived from the first set of access privileges.

公开(公告)号：US20240272900A1

公开(公告)日：2024-08-15

申请号：US18525359

申请日：2023-11-30

Applicant: Snowflake Inc.

Inventor： Karol Pawel Bienkowski ,  Damien Carru ,  Jeremy Yujui Chen ,  Pui Kei Johnston Chu ,  Benoit Dageville ,  Scott C. Gray ,  Unmesh Jagtap ,  Subramanian Muralidhar

IPC: G06F8/71 ,  G06F9/448

CPC classification number: G06F8/71 ,  G06F9/4488

Abstract: An in-database application package and application instance for a data platform. The data platform creates an application instance of an application package having a versioned schema, creates one or more system roles for the application instance, creates a user role and an administrator role for the application instance, creates one or more objects of the application instance based on a versioned schema, and grants one or more use privileges to the one or more roles. Application instances of the application package are upgraded or patched on the data platform based on application package versions. To ensure a proper upgrade or patch, the data platform tracks versions of executing objects of application instances in a call context.

公开(公告)号：US11809586B2

公开(公告)日：2023-11-07

申请号：US17980427

申请日：2022-11-03

Applicant: Snowflake Inc.

Inventor： Damien Carru ,  Jeremy Yujui Chen ,  Pui Kei Johnston Chu ,  Benoit Dageville ,  Subramanian Muralidhar

IPC: G06F7/00 ,  G06F16/00 ,  G06F21/62 ,  G06F16/21 ,  G06F16/2455

CPC classification number: G06F21/6218 ,  G06F16/213 ,  G06F16/24552

Abstract: A consumer account may invoke an operation referencing a set of shared objects stored within a database of a provider account using an imported database that makes the set of shared objects available within the consumer account. A call context of the operation may be updated to cache the imported database, which references a share created from the provider account database, the share having grants to the set of shared objects. One or more database level objects may be discovered in a context of the share and each role granted to the share may be obtained based on the one or more database level objects. Whether any role granted to the share has access to any of the set of shared objects may be determined and the operation may be executed for each of the set of shared objects to which any role granted to the share has access.