公开(公告)号：US20250111070A1

公开(公告)日：2025-04-03

申请号：US18375252

申请日：2023-09-29

Applicant: Snowflake Inc.

Inventor： Damien Carru ,  Eric Karlson ,  Haojie Luan ,  Mohamad Raja Gani Mohamad Abdul ,  Frantisek Rolinek

IPC: G06F21/62 ,  G06F21/60

Abstract: Disclosed are techniques for providing scoped grants that provide object-specific authorization for privileges on user-defined objects. A scoped grant is a grant of a generalized, non-specific privilege that also limits the contexts in which that grant is applicable (i.e., scopes the grant) during authorization, where the “context” is defined by the user-defined object upon which the privilege is being performed. A user statement requesting a grant of a privilege on a user-defined object may be received. A scoped privilege that provides a grant of a base privilege identified from the user statement and limits application of the grant of the base privilege to the user-defined object is created. Scoping object information associated with the user-defined object is provided to an authorization engine, wherein the scoping information includes a set of properties identifying the user-defined object. A scoped grant is created based on the scoped privilege using the scoping object information.