US 11,055,430 B2
Dynamic shared data object masking
Artin Avanes, Palo Alto, CA (US); Khalid Zaman Bijon, Santa Cruz, CA (US); Damien Carru, New York, NY (US); Thierry Cruanes, San Mateo, CA (US); Vikas Jain, Fremont, CA (US); Zheng Mi, Palo Alto, CA (US); and Subramanian Muralidhar, Mercer Island, WA (US)
Assigned to Snowflake Inc., San Mateo, CA (US)
Filed by Snowflake Inc., San Mateo, CA (US)
Filed on Oct. 30, 2020, as Appl. No. 17/86,269.
Application 17/086,269 is a continuation of application No. 16/698,142, filed on Nov. 27, 2019, granted, now 10,867,063.
Prior Publication US 2021/0157948 A1, May 27, 2021
This patent is subject to a terminal disclaimer.
Int. Cl. G06F 21/62 (2013.01); G06F 16/27 (2019.01); G06F 16/25 (2019.01); G06F 16/22 (2019.01); G06F 16/248 (2019.01)
CPC G06F 21/6227 (2013.01) [G06F 16/221 (2019.01); G06F 16/2282 (2019.01); G06F 16/248 (2019.01); G06F 16/252 (2019.01); G06F 16/27 (2019.01)] 30 Claims
OG exemplary drawing
 
1. A method comprising:
identifying a database object on a network site;
receiving, from a first client device of a first end-user of the network site, a share masking policy for modifying data in the database object, the share masking policy comprising a plurality of database user defined functions (UDFs) to initiate masking operations on the database object in response to one or more of a plurality of end-user role types of end-users requesting access to the database object on the network site, each of the plurality of end-user role types being mapped, by the first end-user of the network site, to a different database UDF of the plurality of database UDFs;
receiving a request to access the database object from a second client device of a second end-user;
determining that an end-user role of the second end-user matches one of the plurality of end-user role types in the share masking policy;
applying the one of the plurality of database UDFs on the database object to generate masked data; and
causing, on the second client device, a presentation of the masked data.