公开(公告)号：US20250111070A1

公开(公告)日：2025-04-03

申请号：US18375252

申请日：2023-09-29

Applicant: Snowflake Inc.

Inventor： Damien Carru ,  Eric Karlson ,  Haojie Luan ,  Mohamad Raja Gani Mohamad Abdul ,  Frantisek Rolinek

IPC: G06F21/62 ,  G06F21/60

Abstract: Disclosed are techniques for providing scoped grants that provide object-specific authorization for privileges on user-defined objects. A scoped grant is a grant of a generalized, non-specific privilege that also limits the contexts in which that grant is applicable (i.e., scopes the grant) during authorization, where the “context” is defined by the user-defined object upon which the privilege is being performed. A user statement requesting a grant of a privilege on a user-defined object may be received. A scoped privilege that provides a grant of a base privilege identified from the user statement and limits application of the grant of the base privilege to the user-defined object is created. Scoping object information associated with the user-defined object is provided to an authorization engine, wherein the scoping information includes a set of properties identifying the user-defined object. A scoped grant is created based on the scoped privilege using the scoping object information.

公开(公告)号：US12248587B2

公开(公告)日：2025-03-11

申请号：US18187031

申请日：2023-03-21

Applicant: Snowflake Inc.

Inventor： Damien Carru ,  Jeremy Yujui Chen ,  Pui Kei Johnston Chu ,  Scott C. Gray ,  Unmesh Jagtap ,  Mohamad Raja Gani Mohamad Abdul ,  William A. Pugh ,  Ahmed Waseef Shawkat ,  Xu Xu

IPC: G06F21/60 ,  G06F16/25

Abstract: A data platform for managing an application as a first-class database object. The data object can include User Interface (UI) components. The data application can be shared by a provider account to a plurality of consumer accounts using a share object and based on grant commands. The consumer accounts can deploy and operate the UI component based on the share object.

公开(公告)号：US12153971B2

公开(公告)日：2024-11-26

申请号：US18243609

申请日：2023-09-07

Applicant: Snowflake Inc.

Inventor： Damien Carru ,  Pui Kei Johnston Chu ,  Unmesh Jagtap ,  Xiaodi Ke ,  Haroldo Level ,  Subramanian Muralidhar ,  James Pan ,  Steven Parkes ,  Xie Xu ,  Tyson J. Hamilton

IPC: G06F9/54 ,  G06F16/25

Abstract: Disclosed is an execution information sharing system that duplicates execution information to a provider target (and other targets) as it is being loaded to a consumer target. A first log information object and a second log information object are generated. The first and second log information objects comprise information indicating a consumer target and information indicating a provider target respectively where execution information generated by an application shared with a consumer account of a data exchange is written. A first event unloader and a second event unloader are generated based on the first and second log information objects respectively, wherein the first and second event unloaders are both linked to the application using a mapping. In response to receiving execution information from the application, the execution information is forwarded to the consumer target and the provider target using the first event unloader and the second event unloader respectively.

公开(公告)号：US20240388584A1

公开(公告)日：2024-11-21

申请号：US18317370

申请日：2023-05-15

Applicant: Snowflake Inc.

Inventor： Damien Carru ,  Benoit Dageville ,  Scott C. Gray ,  Unmesh Jagtap ,  Subramanian Muralidhar ,  James Pan

IPC: H04L9/40 ,  G06F8/61 ,  G06F8/65

Abstract: An application package and application instance for a data platform. The application is created in a consumer account of a consumer using the application package. The consumer grants permissions for performing privileged actions in the consumer account to an application role of the application. The application creates objects in the application, creates objects outside of the application in the consumer account, and accesses external systems using permissions granted by the consumer.

公开(公告)号：US20240378305A1

公开(公告)日：2024-11-14

申请号：US18316787

申请日：2023-05-12

Applicant: Snowflake Inc.

Inventor： Suraj P. Acharya ,  Jennifer Wenjun Bi ,  Khalid Zaman Bijon ,  Damien Carru ,  Lin Chan ,  Tianyi Chen ,  Jeremy Yujui Chen ,  Thierry Cruanes ,  Benoit Dageville ,  Simon Holm Jensen ,  Boxin Jiang ,  Dmitry A. Lychagin ,  Subramanian Muralidhar ,  Shuaishuai Nie ,  Eric Robinson ,  Sahaj Saini ,  David Schultz ,  Kevin Wang ,  Wenqi Wei ,  Zixi Zhang ,  Xingzhe Zhou

IPC: G06F21/62 ,  G06F21/60

Abstract: Systems and methods for generating object references with selectable scopes are provided. The systems and methods perform operations including calling, by a first entity, a reference generator function using one or more arguments associated with a database object that the first entity is authorized to access according to a first set of access privileges, the one or more arguments comprising a scope definition that defines persistence of a reference. The operations include obtaining, from the reference generator function, a reference to the database object, the reference persisting according to the scope definition. The operations include passing the reference to a second entity to enable the second entity to perform one or more database operations on the database object according to a second set of access privileges derived from the first set of access privileges.

公开(公告)号：US20240281530A1

公开(公告)日：2024-08-22

申请号：US18650636

申请日：2024-04-30

Applicant: Snowflake Inc.

Inventor： Damien Carru ,  Pui Kei Johnston Chu ,  Benoit Dageville ,  Iulia Ion ,  Unmesh Jagtap ,  Subramanian Muralidhar ,  James Pan ,  Nihar Pasala ,  Hrushikesh Shrinivas Paralikar ,  Jake Tsuyemura ,  Ryan Charles Quistorff ,  Rishabh Gupta

IPC: G06F21/56 ,  G06F8/60

CPC classification number: G06F21/565 ,  G06F8/60 ,  G06F2221/033

Abstract: An anti-abuse system is provided for a data-platform. An anti-abuse scanner of the data-platform detects a creation of an application package by a provider of content to the data platform where the application package includes a set of files for deployment on the data platform. The anti-abuse scanner performs a review o the set of files to detect malicious content where the review is based on a set of analysis rules and generates a deployment decision for the application package based on a result of the review.

公开(公告)号：US20240272900A1

公开(公告)日：2024-08-15

申请号：US18525359

申请日：2023-11-30

Applicant: Snowflake Inc.

Inventor： Karol Pawel Bienkowski ,  Damien Carru ,  Jeremy Yujui Chen ,  Pui Kei Johnston Chu ,  Benoit Dageville ,  Scott C. Gray ,  Unmesh Jagtap ,  Subramanian Muralidhar

IPC: G06F8/71 ,  G06F9/448

CPC classification number: G06F8/71 ,  G06F9/4488

Abstract: An in-database application package and application instance for a data platform. The data platform creates an application instance of an application package having a versioned schema, creates one or more system roles for the application instance, creates a user role and an administrator role for the application instance, creates one or more objects of the application instance based on a versioned schema, and grants one or more use privileges to the one or more roles. Application instances of the application package are upgraded or patched on the data platform based on application package versions. To ensure a proper upgrade or patch, the data platform tracks versions of executing objects of application instances in a call context.

公开(公告)号：US20240037263A1

公开(公告)日：2024-02-01

申请号：US18378575

申请日：2023-10-10

Applicant: Snowflake Inc.

Inventor： Damien Carru ,  Pui Kei Johnston Chu ,  Benoit Dageville ,  Shreyas Narendra Desai ,  Subramanian Muralidhar ,  Bowen Zhang

IPC: G06F21/62 ,  G06F16/25 ,  G06F16/21

CPC classification number: G06F21/6218 ,  G06F16/256 ,  G06F16/21 ,  G06F2221/2141

Abstract: Embodiments of the present disclosure relate to sharing data using database roles. Database roles are generated within a database container of a provider account. Grants to a particular subset of the plurality of data objects of the database container may be assigned to each of the database roles, and each of the database roles are granted to a share object. The share object is mounted within a consumer account to generate an imported copy of each of the database roles. The imported copy of one or more of the database roles is granted to each of one or more account level roles of the consumer account. When a new object is added to a particular database role, it is immediately available for consumption by any account level roles to which the imported copy of the particular database role has been granted.

公开(公告)号：US11822689B2

公开(公告)日：2023-11-21

申请号：US18109191

申请日：2023-02-13

Applicant: Snowflake Inc.

Inventor： Damien Carru ,  Pui Kei Johnston Chu ,  Benoit Dageville ,  Shreyas Narendra Desai ,  Subramanian Muralidhar ,  Bowen Zhang

IPC: G06F21/62 ,  G06F16/25 ,  G06F16/21

CPC classification number: G06F21/6218 ,  G06F16/21 ,  G06F16/256 ,  G06F2221/2141

Abstract: Embodiments of the present disclosure relate to sharing database roles using hidden roles. A database role may be generated within a database container having a plurality of data objects, wherein the database role exists exclusively within the database container. A set of grants to a particular subset of the plurality of data objects of the database container may be assigned to the database role and the database role may be granted to the share object. The share object is mounted within a consumer account to generate an imported database container within the consumer account, the imported database container including an imported copy of the database role. The imported copy of the database role may be granted to each of one or more account level roles of the consumer account to share the particular subset of the plurality of data objects without creating proxy objects in the consumer account that represent the particular subset of the plurality of data objects.

公开(公告)号：US11809586B2

公开(公告)日：2023-11-07

申请号：US17980427

申请日：2022-11-03

Applicant: Snowflake Inc.

Inventor： Damien Carru ,  Jeremy Yujui Chen ,  Pui Kei Johnston Chu ,  Benoit Dageville ,  Subramanian Muralidhar

IPC: G06F7/00 ,  G06F16/00 ,  G06F21/62 ,  G06F16/21 ,  G06F16/2455

CPC classification number: G06F21/6218 ,  G06F16/213 ,  G06F16/24552

Abstract: A consumer account may invoke an operation referencing a set of shared objects stored within a database of a provider account using an imported database that makes the set of shared objects available within the consumer account. A call context of the operation may be updated to cache the imported database, which references a share created from the provider account database, the share having grants to the set of shared objects. One or more database level objects may be discovered in a context of the share and each role granted to the share may be obtained based on the one or more database level objects. Whether any role granted to the share has access to any of the set of shared objects may be determined and the operation may be executed for each of the set of shared objects to which any role granted to the share has access.