US 12,462,056 B2
Fine-grained access control via database roles
Damien Carru, New York, NY (US); Pui Kei Johnston Chu, Unionville (CA); Benoit Dageville, San Carlos, CA (US); Shreyas Narendra Desai, Bellevue, WA (US); Subramanian Muralidhar, Mercer Island, WA (US); and Bowen Zhang, Newark, CA (US)
Assigned to Snowflake Inc., Bozeman, MT (US)
Filed by Snowflake Inc., Bozeman, MT (US)
Filed on Jul. 29, 2024, as Appl. No. 18/787,930.
Application 18/787,930 is a continuation of application No. 18/378,575, filed on Oct. 10, 2023, granted, now 12,050,711.
Application 18/378,575 is a continuation of application No. 18/109,191, filed on Feb. 13, 2023, granted, now 11,822,689, issued on Nov. 21, 2023.
Application 18/109,191 is a continuation of application No. 17/957,794, filed on Sep. 30, 2022, granted, now 11,580,245, issued on Feb. 14, 2023.
Application 17/957,794 is a continuation of application No. 17/841,996, filed on Jun. 16, 2022, granted, now 11,487,893, issued on Nov. 1, 2022.
Application 17/841,996 is a continuation of application No. 17/464,538, filed on Sep. 1, 2021, granted, now 11,366,920, issued on Jun. 21, 2022.
Claims priority of provisional application 63/237,490, filed on Aug. 26, 2021.
Prior Publication US 2024/0394395 A1, Nov. 28, 2024
This patent is subject to a terminal disclaimer.
Int. Cl. G06F 21/62 (2013.01); G06F 16/21 (2019.01); G06F 16/25 (2019.01)
CPC G06F 21/6218 (2013.01) [G06F 16/21 (2019.01); G06F 16/256 (2019.01); G06F 2221/2141 (2013.01)] 24 Claims
OG exemplary drawing
 
1. A method comprising:
generating, within a database container of a provider account, a set of database roles, wherein the database container comprises a plurality of objects;
assigning, by a processing device, to each of the set of database roles, a set of grants to a particular subset of the plurality of objects of the database container;
generating an imported database container within a consumer account, the imported database container including an imported copy of each of the set of database roles;
granting, to each of one or more account level roles of the consumer account, the imported copy of one or more of the set of database roles; and
adding a new object to a particular database role of the set of database roles, wherein the new object is immediately available for consumption by any of the one or more account level roles to which the imported copy of the particular database role has been granted.