公开(公告)号：US20240281530A1

公开(公告)日：2024-08-22

申请号：US18650636

申请日：2024-04-30

申请人： Snowflake Inc.

发明人： Damien Carru ,  Pui Kei Johnston Chu ,  Benoit Dageville ,  Iulia Ion ,  Unmesh Jagtap ,  Subramanian Muralidhar ,  James Pan ,  Nihar Pasala ,  Hrushikesh Shrinivas Paralikar ,  Jake Tsuyemura ,  Ryan Charles Quistorff ,  Rishabh Gupta

IPC分类号： G06F21/56 ,  G06F8/60

CPC分类号： G06F21/565 ,  G06F8/60 ,  G06F2221/033

摘要： An anti-abuse system is provided for a data-platform. An anti-abuse scanner of the data-platform detects a creation of an application package by a provider of content to the data platform where the application package includes a set of files for deployment on the data platform. The anti-abuse scanner performs a review o the set of files to detect malicious content where the review is based on a set of analysis rules and generates a deployment decision for the application package based on a result of the review.

公开(公告)号：US20240272900A1

公开(公告)日：2024-08-15

申请号：US18525359

申请日：2023-11-30

申请人： Snowflake Inc.

发明人： Karol Pawel Bienkowski ,  Damien Carru ,  Jeremy Yujui Chen ,  Pui Kei Johnston Chu ,  Benoit Dageville ,  Scott C. Gray ,  Unmesh Jagtap ,  Subramanian Muralidhar

IPC分类号： G06F8/71 ,  G06F9/448

CPC分类号： G06F8/71 ,  G06F9/4488

摘要： An in-database application package and application instance for a data platform. The data platform creates an application instance of an application package having a versioned schema, creates one or more system roles for the application instance, creates a user role and an administrator role for the application instance, creates one or more objects of the application instance based on a versioned schema, and grants one or more use privileges to the one or more roles. Application instances of the application package are upgraded or patched on the data platform based on application package versions. To ensure a proper upgrade or patch, the data platform tracks versions of executing objects of application instances in a call context.

公开(公告)号：US20240037263A1

公开(公告)日：2024-02-01

申请号：US18378575

申请日：2023-10-10

申请人： Snowflake Inc.

发明人： Damien Carru ,  Pui Kei Johnston Chu ,  Benoit Dageville ,  Shreyas Narendra Desai ,  Subramanian Muralidhar ,  Bowen Zhang

IPC分类号： G06F21/62 ,  G06F16/25 ,  G06F16/21

CPC分类号： G06F21/6218 ,  G06F16/256 ,  G06F16/21 ,  G06F2221/2141

摘要： Embodiments of the present disclosure relate to sharing data using database roles. Database roles are generated within a database container of a provider account. Grants to a particular subset of the plurality of data objects of the database container may be assigned to each of the database roles, and each of the database roles are granted to a share object. The share object is mounted within a consumer account to generate an imported copy of each of the database roles. The imported copy of one or more of the database roles is granted to each of one or more account level roles of the consumer account. When a new object is added to a particular database role, it is immediately available for consumption by any account level roles to which the imported copy of the particular database role has been granted.

公开(公告)号：US11822689B2

公开(公告)日：2023-11-21

申请号：US18109191

申请日：2023-02-13

申请人： Snowflake Inc.

发明人： Damien Carru ,  Pui Kei Johnston Chu ,  Benoit Dageville ,  Shreyas Narendra Desai ,  Subramanian Muralidhar ,  Bowen Zhang

IPC分类号： G06F21/62 ,  G06F16/25 ,  G06F16/21

CPC分类号： G06F21/6218 ,  G06F16/21 ,  G06F16/256 ,  G06F2221/2141

摘要： Embodiments of the present disclosure relate to sharing database roles using hidden roles. A database role may be generated within a database container having a plurality of data objects, wherein the database role exists exclusively within the database container. A set of grants to a particular subset of the plurality of data objects of the database container may be assigned to the database role and the database role may be granted to the share object. The share object is mounted within a consumer account to generate an imported database container within the consumer account, the imported database container including an imported copy of the database role. The imported copy of the database role may be granted to each of one or more account level roles of the consumer account to share the particular subset of the plurality of data objects without creating proxy objects in the consumer account that represent the particular subset of the plurality of data objects.

公开(公告)号：US11809586B2

公开(公告)日：2023-11-07

申请号：US17980427

申请日：2022-11-03

申请人： Snowflake Inc.

发明人： Damien Carru ,  Jeremy Yujui Chen ,  Pui Kei Johnston Chu ,  Benoit Dageville ,  Subramanian Muralidhar

IPC分类号： G06F7/00 ,  G06F16/00 ,  G06F21/62 ,  G06F16/21 ,  G06F16/2455

CPC分类号： G06F21/6218 ,  G06F16/213 ,  G06F16/24552

摘要： A consumer account may invoke an operation referencing a set of shared objects stored within a database of a provider account using an imported database that makes the set of shared objects available within the consumer account. A call context of the operation may be updated to cache the imported database, which references a share created from the provider account database, the share having grants to the set of shared objects. One or more database level objects may be discovered in a context of the share and each role granted to the share may be obtained based on the one or more database level objects. Whether any role granted to the share has access to any of the set of shared objects may be determined and the operation may be executed for each of the set of shared objects to which any role granted to the share has access.

公开(公告)号：US20230135712A1

公开(公告)日：2023-05-04

申请号：US17980427

申请日：2022-11-03

申请人： Snowflake Inc.

发明人： Damien Carru ,  Jeremy Yujui Chen ,  Pui Kei Johnston Chu ,  Benoit Dageville ,  Subramanian Muralidhar

IPC分类号： G06F21/62 ,  G06F16/2455 ,  G06F16/21

摘要： A consumer account may invoke an operation referencing a set of shared objects stored within a database of a provider account using an imported database that makes the set of shared objects available within the consumer account. A call context of the operation may be updated to cache the imported database, which references a share created from the provider account database, the share having grants to the set of shared objects. One or more database level objects may be discovered in a context of the share and each role granted to the share may be obtained based on the one or more database level objects. Whether any role granted to the share has access to any of the set of shared objects may be determined and the operation may be executed for each of the set of shared objects to which any role granted to the share has access.

公开(公告)号：US20230102349A1

公开(公告)日：2023-03-30

申请号：US18062656

申请日：2022-12-07

申请人： Snowflake Inc.

发明人： Artin Avanes ,  Khalid Zaman Bijon ,  Damien Carru ,  Thierry Cruanes ,  Vikas Jain ,  Zheng Mi ,  Subramanian Muralidhar

IPC分类号： G06F21/62 ,  G06F16/22 ,  G06F16/27 ,  G06F16/25 ,  G06F16/248

摘要： A shared database platform implements dynamic masking on data shared between users where specific data is masked, transformed, or otherwise modified based on preconfigured functions that are associated with user roles. The shared database platform can implement the masking at runtime dynamically in response to users requesting access to a database object that is associated with one or more masking policies.

公开(公告)号：US11507685B1

公开(公告)日：2022-11-22

申请号：US17586646

申请日：2022-01-27

申请人： Snowflake Inc.

发明人： Damien Carru ,  Thierry Cruanes ,  Subramanian Muralidhar ,  Nicola Dan Onose ,  Ryan Michael Thomas Shelly ,  Brian Smith ,  Jaeyun Noh

IPC分类号： H04L29/06 ,  G06F21/62 ,  H04L9/40 ,  G06F16/245 ,  H04L9/32 ,  G06F16/248

摘要： Techniques described herein can allow users to share cached results of an original query with other users while protecting sensitive information. The techniques described herein can check whether the other users have access to the underlying data queried before allowing those users to see the stored query results. That is, the system may perform privilege checks on the shared users before giving them access to the stored query results but without having to re-run the original query.

公开(公告)号：US11249988B2

公开(公告)日：2022-02-15

申请号：US16945344

申请日：2020-07-31

申请人： Snowflake Inc.

发明人： Damien Carru ,  Thierry Cruanes ,  Istvan Cseri ,  Benoit Dageville ,  Zheng Mi ,  Subramanian Muralidhar

IPC分类号： G06F16/23 ,  G06F16/27 ,  G06F16/9535 ,  G06Q30/00

摘要： A database platform receives an object identifier from a client in association with a database session. The client is associated with a customer account of the database platform, and the database session is associated with the client. In response to receiving the object identifier, the database platform identifies a resolution namespace for the object identifier, where the resolution namespace for the object identifier is a namespace that is specified in the object identifier if the object identifier includes a specified namespace, and where the resolution namespace is otherwise a current account-level namespace of the database session. The database platform resolves the object identifier with reference to the identified resolution namespace for the object identifier, including identifying an object corresponding to the object identifier in the customer account.

公开(公告)号：US11055430B2

公开(公告)日：2021-07-06

申请号：US17086269

申请日：2020-10-30

申请人： Snowflake Inc.

发明人： Artin Avanes ,  Khalid Zaman Bijon ,  Damien Carru ,  Thierry Cruanes ,  Vikas Jain ,  Zheng Mi ,  Subramanian Muralidhar

IPC分类号： G06F21/62 ,  G06F16/27 ,  G06F16/25 ,  G06F16/22 ,  G06F16/248

摘要： A shared database platform implements dynamic masking on data shared between users where specific data is masked, transformed, or otherwise modified based on preconfigured functions that are associated with user roles. The shared database platform can implement the masking at runtime dynamically in response to users requesting access to a database object that is associated with one or more masking policies.