公开(公告)号：US11899806B1

公开(公告)日：2024-02-13

申请号：US17359331

申请日：2021-06-25

Applicant: Amazon Technologies, Inc.

Inventor： John Thomas Winters ,  Guanxu Yu ,  Xuefeng Zhai ,  Vamshi Krishna Surabhi ,  Dinesh Thangaraju ,  Nitin Kishore Gupta

IPC: G06F21/62 ,  G06F16/25

CPC classification number: G06F21/6218 ,  G06F16/252

Abstract: Features are disclosed for managing multiple heterogeneously owned data stores (e.g., data sets, data lakes) and provisioning a framework for data consumers and data publishers. A computing device can obtain a plurality of data catalogs associated with the data stores. For example, the computing device may update a hybrid data catalog with information from the plurality of data catalogs. The computing device can further provide a portion of the plurality of data catalogs to a data consumer. The computing device may provide the portion of the plurality of data catalogs based on permissions provided by the data publisher. In response, the computing device can receive a request to access a data store associated with the plurality of data catalogs. The computing device can transmit the request to a corresponding data publisher and, based on a response by the data publisher, may modify the distinct access controls for the data store.

公开(公告)号：US11789911B1

公开(公告)日：2023-10-17

申请号：US17386349

申请日：2021-07-27

Applicant: Amazon Technologies, Inc.

Inventor： Vamshi Krishna Surabhi ,  Dinesh Thangaraju

IPC: G06F16/21 ,  G06F16/25 ,  G06F21/60 ,  G06F21/62

CPC classification number: G06F16/21 ,  G06F16/256 ,  G06F21/602 ,  G06F21/6227

Abstract: A permissions management service may allow a large number of user to access database objects of a database service in a scalable manner. After a data owner on-boards a database of a database service with the permissions management service, the data owner may create a data catalog for a user or user group that indicates the database objects (e.g., tables, views) that are available for the user to request access to. A request from a user may be authenticated by the permissions management service using federation/single sign-on. The user may select database objects from a data catalog of objects that are available for the user to request access to. The permissions management service sends an access request to the database service, indicating the selected database objects. The database service may then grant to the user permission to access the selected objects (e.g., via grant commands).