公开(公告)号：US20250111070A1

公开(公告)日：2025-04-03

申请号：US18375252

申请日：2023-09-29

Applicant: Snowflake Inc.

Inventor： Damien Carru ,  Eric Karlson ,  Haojie Luan ,  Mohamad Raja Gani Mohamad Abdul ,  Frantisek Rolinek

IPC: G06F21/62 ,  G06F21/60

Abstract: Disclosed are techniques for providing scoped grants that provide object-specific authorization for privileges on user-defined objects. A scoped grant is a grant of a generalized, non-specific privilege that also limits the contexts in which that grant is applicable (i.e., scopes the grant) during authorization, where the “context” is defined by the user-defined object upon which the privilege is being performed. A user statement requesting a grant of a privilege on a user-defined object may be received. A scoped privilege that provides a grant of a base privilege identified from the user statement and limits application of the grant of the base privilege to the user-defined object is created. Scoping object information associated with the user-defined object is provided to an authorization engine, wherein the scoping information includes a set of properties identifying the user-defined object. A scoped grant is created based on the scoped privilege using the scoping object information.

公开(公告)号：US12105828B2

公开(公告)日：2024-10-01

申请号：US18227818

申请日：2023-07-28

Applicant: Snowflake Inc.

Inventor： Vikas Jain ,  Eric Karlson ,  Sepideh Khoshnood

IPC: G06F21/60 ,  G06F21/62 ,  H04L9/40

CPC classification number: G06F21/6227 ,  G06F21/604 ,  G06F21/6218 ,  H04L63/10 ,  H04L63/102 ,  H04L63/105 ,  H04L63/101 ,  H04L63/104 ,  H04L63/107

Abstract: Embodiments of the present disclosure provide systems and methods for using inherited grants to grant privileges to objects in a container. An inherited grant may be generated that specifies a permission on a first type of object in a container and a grant of the permission to a role. The inherited grant may be attached to the container, wherein the container includes a set of objects of the first type. In response to a first object of the set of objects being referenced via the role, a virtual implied grant may be created based on the inherited grant. Authorization of utilization of the permission on the first object is performed using the virtual implied grant, wherein the virtual implied grant is transient and exists in-memory only for the purpose of authorizing the utilization of the permission on the first object.

公开(公告)号：US20240169077A1

公开(公告)日：2024-05-23

申请号：US18228546

申请日：2023-07-31

Applicant: Snowflake Inc.

Inventor： Vikas Jain ,  Eric Karlson ,  Sepideh Khoshnood

IPC: G06F21/60 ,  G06F21/62

CPC classification number: G06F21/604 ,  G06F21/6218

Abstract: Embodiments of the present disclosure provide systems and methods for using secure schemas to address inconsistencies between standard RBAC rules and the use of inherited grants. A secure schema may be defined that transfers ownership of an object created in the secure schema to a role that owns the secure schema. An inherited grant may be attached to the secure schema, where the inherited grant specifies a permission on a first type of object in the secure schema and a grant of the permission to the role that owns the secure schema. When objects are created in the secure schema, ownership of each of the set of objects is transferred to the role that owns the secure schema to authorize the role that owns the secure schema to manage grants to the set of objects on the secure schema.

公开(公告)号：US12223077B2

公开(公告)日：2025-02-11

申请号：US18506343

申请日：2023-11-10

Applicant: Snowflake Inc.

Inventor： Christine A. Avanessians ,  Damien Carru ,  Ramachandran Natarajan Iyer ,  Eric Karlson ,  Dennis Edgar Lynch

IPC: G06F21/62 ,  G06F21/31

Abstract: Provided herein are systems and methods for global data objects on a data platform where the global data objects are accessible at an organization level. In particular, an organization-level global data object provided by various embodiments can be used as a generic organization object that is owned by a specific organization, and can be managed (e.g., created, deleted, or modified) by use of a leader-based model.

公开(公告)号：US11570259B2

公开(公告)日：2023-01-31

申请号：US17661096

申请日：2022-04-28

Applicant: Snowflake Inc.

Inventor： Khalid Zaman Bijon ,  Damien Carru ,  Christopher Peter Child ,  Eric Karlson ,  Zheng Mi

IPC: H04L67/306 ,  G06F9/54 ,  H04L9/40 ,  G06F21/31 ,  H04L67/02 ,  H04L41/50 ,  H04L41/5041 ,  H04L67/10 ,  H04L67/1097 ,  H04L67/59 ,  H04L67/60

Abstract: Embodiments of the present disclosure may provide a streamlined process for performing operations, such as data sharing and data replication, using multiple accounts. A global identity (also referred to as an organization user) may be employed, where the global identity may have access to multiple accounts across the same or different deployments. The global identity may switch between accounts from its login session and perform various tasks in the context of different accounts without undergoing further authentication.

公开(公告)号：US20240419829A1

公开(公告)日：2024-12-19

申请号：US18506343

申请日：2023-11-10

Applicant: Snowflake Inc.

Inventor： Christine A. Avanessians ,  Damien Carru ,  Ramachandran Natarajan Iyer ,  Eric Karlson ,  Dennis Edgar Lynch

IPC: G06F21/62 ,  G06F21/31

Abstract: Provided herein are systems and methods for global data objects on a data platform where the global data objects are accessible at an organization level. In particular, an organization-level global data object provided by various embodiments can be used as a generic organization object that is owned by a specific organization, and can be managed (e.g., created, deleted, or modified) by use of a leader-based model.

公开(公告)号：US12120189B2

公开(公告)日：2024-10-15

申请号：US18497720

申请日：2023-10-30

Applicant: Snowflake Inc.

Inventor： Khalid Zaman Bijon ,  Damien Carru ,  Christopher Peter Child ,  Eric Karlson ,  Zheng Mi

IPC: H04L67/306 ,  G06F9/54 ,  G06F21/31 ,  H04L9/40 ,  H04L41/50 ,  H04L41/5041 ,  H04L67/02 ,  H04L67/10 ,  H04L67/1097 ,  H04L67/59 ,  H04L67/60

CPC classification number: H04L67/306 ,  G06F9/547 ,  G06F21/31 ,  H04L41/50 ,  H04L41/5041 ,  H04L63/08 ,  H04L63/0815 ,  H04L63/102 ,  H04L63/20 ,  H04L67/02 ,  H04L67/10 ,  H04L67/1097 ,  H04L67/59 ,  H04L67/60

Abstract: Embodiments of the present disclosure may provide a streamlined process for performing operations, such as data sharing and data replication, using multiple accounts. A global identity (also referred to as an organization user) may be employed, where the global identity may have access to multiple accounts across the same or different deployments. The global identity may switch between accounts from its login session and perform various tasks in the context of different accounts without undergoing further authentication.

公开(公告)号：US20240169086A1

公开(公告)日：2024-05-23

申请号：US18227818

申请日：2023-07-28

Applicant: Snowflake Inc.

Inventor： Vikas Jain ,  Eric Karlson ,  Sepideh Khoshnood

IPC: G06F21/62

CPC classification number: G06F21/6227

Abstract: Embodiments of the present disclosure provide systems and methods for using inherited grants to grant privileges to objects in a container. An inherited grant may be generated that specifies a permission on a first type of object in a container and a grant of the permission to a role. The inherited grant may be attached to the container, wherein the container includes a set of objects of the first type. In response to a first object of the set of objects being referenced via the role, a virtual implied grant may be created based on the inherited grant. Authorization of utilization of the permission on the first object is performed using the virtual implied grant, wherein the virtual implied grant is transient and exists in-memory only for the purpose of authorizing the utilization of the permission on the first object.

公开(公告)号：US11921876B1

公开(公告)日：2024-03-05

申请号：US18334864

申请日：2023-06-14

Applicant: Snowflake Inc.

Inventor： Christine A. Avanessians ,  Damien Carru ,  Ramachandran Natarajan Iyer ,  Eric Karlson ,  Dennis Edgar Lynch

IPC: G06F21/62 ,  G06F21/31

CPC classification number: G06F21/6218 ,  G06F21/31

Abstract: Provided herein are systems and methods for global data objects on a data platform where the global data objects are accessible at an organization level. In particular, an organization-level global data object provided by various embodiments can be used as a generic organization object that is owned by a specific organization, and can be managed (e.g., created, deleted, or modified) by use of a leader-based model.

公开(公告)号：US20230141984A1

公开(公告)日：2023-05-11

申请号：US18149799

申请日：2023-01-04

Applicant: Snowflake Inc.

Inventor： Khalid Zaman Bijon ,  Damien Carru ,  Christopher Peter Child ,  Eric Karlson ,  Zheng Mi

IPC: H04L67/306 ,  G06F9/54 ,  H04L9/40 ,  G06F21/31 ,  H04L67/02 ,  H04L41/50 ,  H04L41/5041 ,  H04L67/10 ,  H04L67/1097 ,  H04L67/59 ,  H04L67/60

CPC classification number: H04L67/306 ,  G06F9/547 ,  G06F21/31 ,  H04L41/50 ,  H04L41/5041 ,  H04L63/08 ,  H04L63/20 ,  H04L63/102 ,  H04L63/0815 ,  H04L67/02 ,  H04L67/10 ,  H04L67/59 ,  H04L67/60 ,  H04L67/1097

Abstract: Embodiments of the present disclosure may provide a streamlined process for performing operations, such as data sharing and data replication, using multiple accounts. A global identity (also referred to as an organization user) may be employed, where the global identity may have access to multiple accounts across the same or different deployments. The global identity may switch between accounts from its login session and perform various tasks in the context of different accounts without undergoing further authentication.