	US 11,841,969 B2
	Container-centric access control on database objects
Artin Avanes, Palo Alto, CA (US); Khalid Zaman Bijon, Santa Cruz, CA (US); and Peter Povinec, Redwood City, CA (US)
Assigned to Snowflake Inc., Bozeman, MT (US)
Filed by Snowflake Inc., Bozeman, MT (US)
Filed on Nov. 22, 2022, as Appl. No. 18/057,878.
Application 18/057,878 is a continuation of application No. 17/657,578, filed on Mar. 31, 2022, granted, now 11,544,399.
Application 17/657,578 is a continuation of application No. 16/745,922, filed on Jan. 17, 2020, granted, now 11,372,995.
Prior Publication US 2023/0089449 A1, Mar. 23, 2023
This patent is subject to a terminal disclaimer.
Int. Cl. G06F 16/00 (2019.01); G06F 21/62 (2013.01); G06F 16/27 (2019.01)

CPC G06F 21/6218 (2013.01) [G06F 16/27 (2019.01)]

20 Claims

1. A method comprising:

generating, by a first account, a database;

receiving, from a second account, a request to clone the database, the second account having a role that is different from a role of the first account;

determining an identifier of the second account;

using the identifier of the second account to determine the role of the second account stored in a user table;

in response to receiving the request to clone the database, generated by the first account, from the second account, accessing a privilege associated with the determined role of the second account;

retrieving, from a grant table, a grant associated with the accessed privilege of the second account, the grant table associating different roles with different privileges; and

controlling whether to permit or deny cloning of the database based on the grant associated with the accessed privilege retrieved from the grant table.