公开(公告)号：US12105828B2

公开(公告)日：2024-10-01

申请号：US18227818

申请日：2023-07-28

Applicant: Snowflake Inc.

Inventor： Vikas Jain ,  Eric Karlson ,  Sepideh Khoshnood

IPC: G06F21/60 ,  G06F21/62 ,  H04L9/40

CPC classification number: G06F21/6227 ,  G06F21/604 ,  G06F21/6218 ,  H04L63/10 ,  H04L63/102 ,  H04L63/105 ,  H04L63/101 ,  H04L63/104 ,  H04L63/107

Abstract: Embodiments of the present disclosure provide systems and methods for using inherited grants to grant privileges to objects in a container. An inherited grant may be generated that specifies a permission on a first type of object in a container and a grant of the permission to a role. The inherited grant may be attached to the container, wherein the container includes a set of objects of the first type. In response to a first object of the set of objects being referenced via the role, a virtual implied grant may be created based on the inherited grant. Authorization of utilization of the permission on the first object is performed using the virtual implied grant, wherein the virtual implied grant is transient and exists in-memory only for the purpose of authorizing the utilization of the permission on the first object.

公开(公告)号：US20240169077A1

公开(公告)日：2024-05-23

申请号：US18228546

申请日：2023-07-31

Applicant: Snowflake Inc.

Inventor： Vikas Jain ,  Eric Karlson ,  Sepideh Khoshnood

IPC: G06F21/60 ,  G06F21/62

CPC classification number: G06F21/604 ,  G06F21/6218

Abstract: Embodiments of the present disclosure provide systems and methods for using secure schemas to address inconsistencies between standard RBAC rules and the use of inherited grants. A secure schema may be defined that transfers ownership of an object created in the secure schema to a role that owns the secure schema. An inherited grant may be attached to the secure schema, where the inherited grant specifies a permission on a first type of object in the secure schema and a grant of the permission to the role that owns the secure schema. When objects are created in the secure schema, ownership of each of the set of objects is transferred to the role that owns the secure schema to authorize the role that owns the secure schema to manage grants to the set of objects on the secure schema.

公开(公告)号：US12223077B2

公开(公告)日：2025-02-11

申请号：US18506343

申请日：2023-11-10

Applicant: Snowflake Inc.

Inventor： Christine A. Avanessians ,  Damien Carru ,  Ramachandran Natarajan Iyer ,  Eric Karlson ,  Dennis Edgar Lynch

IPC: G06F21/62 ,  G06F21/31

Abstract: Provided herein are systems and methods for global data objects on a data platform where the global data objects are accessible at an organization level. In particular, an organization-level global data object provided by various embodiments can be used as a generic organization object that is owned by a specific organization, and can be managed (e.g., created, deleted, or modified) by use of a leader-based model.

公开(公告)号：US11570259B2

公开(公告)日：2023-01-31

申请号：US17661096

申请日：2022-04-28

Applicant: Snowflake Inc.

Inventor： Khalid Zaman Bijon ,  Damien Carru ,  Christopher Peter Child ,  Eric Karlson ,  Zheng Mi

IPC: H04L67/306 ,  G06F9/54 ,  H04L9/40 ,  G06F21/31 ,  H04L67/02 ,  H04L41/50 ,  H04L41/5041 ,  H04L67/10 ,  H04L67/1097 ,  H04L67/59 ,  H04L67/60

Abstract: Embodiments of the present disclosure may provide a streamlined process for performing operations, such as data sharing and data replication, using multiple accounts. A global identity (also referred to as an organization user) may be employed, where the global identity may have access to multiple accounts across the same or different deployments. The global identity may switch between accounts from its login session and perform various tasks in the context of different accounts without undergoing further authentication.

公开(公告)号：US12223082B2

公开(公告)日：2025-02-11

申请号：US18217288

申请日：2023-06-30

Applicant: Snowflake Inc.

Inventor： Vikas Jain ,  Eric Karlson ,  Sepideh Khoshnood ,  Ramana Rao S. Turlapati

IPC: H04L9/40 ,  G06F21/60 ,  G06F21/62

Abstract: Embodiments of the present disclosure provide systems and methods for managing role hierarchies and assignment of permissions by providing secure roles which are roles where the only user that can grant any privilege to the secure role, is the role that owns the secure role. A set of secure roles that defines a role hierarchy may be generated, wherein only a role that owns the set of secure roles can grant any privilege to each of the secure roles. The role that owns the set of secure roles may grant one or more privileges to a first secure role of the set of secure roles. In response to a user other than the role that owns the set of secure roles attempting to grant a privilege to the first secure role or modify a privilege granted to the first secure role, the attempt may be denied.

公开(公告)号：US20240171586A1

公开(公告)日：2024-05-23

申请号：US18217288

申请日：2023-06-30

Applicant: Snowflake Inc.

Inventor： Vikas Jain ,  Eric Karlson ,  Sepideh Khoshnood ,  Ramana Rao S. Turlapati

IPC: H04L9/40

CPC classification number: H04L63/105 ,  H04L63/102

Abstract: Embodiments of the present disclosure provide systems and methods for managing role hierarchies and assignment of permissions by providing secure roles which are roles where the only user that can grant any privilege to the secure role, is the role that owns the secure role. A set of secure roles that defines a role hierarchy may be generated, wherein only a role that owns the set of secure roles can grant any privilege to each of the secure roles. The role that owns the set of secure roles may grant one or more privileges to a first secure role of the set of secure roles. In response to a user other than the role that owns the set of secure roles attempting to grant a privilege to the first secure role or modify a privilege granted to the first secure role, the attempt may be denied.

公开(公告)号：US20240064210A1

公开(公告)日：2024-02-22

申请号：US18497720

申请日：2023-10-30

Applicant: Snowflake Inc.

Inventor： Khalid Zaman Bijon ,  Damien Carru ,  Christopher Peter Child ,  Eric Karlson ,  Zheng Mi

IPC: H04L67/306 ,  G06F9/54 ,  H04L9/40 ,  G06F21/31 ,  H04L67/02 ,  H04L41/50 ,  H04L41/5041 ,  H04L67/10 ,  H04L67/1097 ,  H04L67/59 ,  H04L67/60

CPC classification number: H04L67/306 ,  G06F9/547 ,  H04L63/08 ,  G06F21/31 ,  H04L67/02 ,  H04L41/50 ,  H04L63/20 ,  H04L63/0815 ,  H04L41/5041 ,  H04L67/10 ,  H04L67/1097 ,  H04L63/102 ,  H04L67/59 ,  H04L67/60

Abstract: Embodiments of the present disclosure may provide a streamlined process for performing operations, such as data sharing and data replication, using multiple accounts. A global identity (also referred to as an organization user) may be employed, where the global identity may have access to multiple accounts across the same or different deployments. The global identity may switch between accounts from its login session and perform various tasks in the context of different accounts without undergoing further authentication.

公开(公告)号：US11838373B2

公开(公告)日：2023-12-05

申请号：US18149799

申请日：2023-01-04

Applicant: Snowflake Inc.

Inventor： Khalid Zaman Bijon ,  Damien Carru ,  Christopher Peter Child ,  Eric Karlson ,  Zheng Mi

IPC: H04L67/306 ,  G06F9/54 ,  H04L9/40 ,  G06F21/31 ,  H04L67/02 ,  H04L41/50 ,  H04L41/5041 ,  H04L67/10 ,  H04L67/1097 ,  H04L67/59 ,  H04L67/60

CPC classification number: H04L67/306 ,  G06F9/547 ,  G06F21/31 ,  H04L41/50 ,  H04L41/5041 ,  H04L63/08 ,  H04L63/0815 ,  H04L63/102 ,  H04L63/20 ,  H04L67/02 ,  H04L67/10 ,  H04L67/1097 ,  H04L67/59 ,  H04L67/60

Abstract: Embodiments of the present disclosure may provide a streamlined process for performing operations, such as data sharing and data replication, using multiple accounts. A global identity (also referred to as an organization user) may be employed, where the global identity may have access to multiple accounts across the same or different deployments. The global identity may switch between accounts from its login session and perform various tasks in the context of different accounts without undergoing further authentication.

公开(公告)号：US20220256004A1

公开(公告)日：2022-08-11

申请号：US17661096

申请日：2022-04-28

Applicant: Snowflake Inc.

Inventor： Khalid Zaman Bijon ,  Damien Carru ,  Christopher Peter Child ,  Eric Karlson ,  Zheng Mi

IPC: H04L67/306 ,  G06F9/54 ,  H04L9/40 ,  G06F21/31 ,  H04L67/02 ,  H04L41/50 ,  H04L41/5041 ,  H04L67/10 ,  H04L67/1097

Abstract: Embodiments of the present disclosure may provide a streamlined process for performing operations, such as data sharing and data replication, using multiple accounts. A global identity (also referred to as an organization user) may be employed, where the global identity may have access to multiple accounts across the same or different deployments. The global identity may switch between accounts from its login session and perform various tasks in the context of different accounts without undergoing further authentication.

公开(公告)号：US20240419829A1

公开(公告)日：2024-12-19

申请号：US18506343

申请日：2023-11-10

Applicant: Snowflake Inc.

Inventor： Christine A. Avanessians ,  Damien Carru ,  Ramachandran Natarajan Iyer ,  Eric Karlson ,  Dennis Edgar Lynch

IPC: G06F21/62 ,  G06F21/31

Abstract: Provided herein are systems and methods for global data objects on a data platform where the global data objects are accessible at an organization level. In particular, an organization-level global data object provided by various embodiments can be used as a generic organization object that is owned by a specific organization, and can be managed (e.g., created, deleted, or modified) by use of a leader-based model.