US 12,169,580 B2
Container-centric access control on database objects
Artin Avanes, Palo Alto, CA (US); Khalid Zaman Bijon, Santa Cruz, CA (US); and Peter Povinec, Redwood City, CA (US)
Assigned to Snowflake Inc., Bozeman, MT (US)
Filed by Snowflake Inc., Bozeman, MT (US)
Filed on Oct. 30, 2023, as Appl. No. 18/497,179.
Application 18/497,179 is a continuation of application No. 18/057,878, filed on Nov. 22, 2022, granted, now 11,841,969.
Application 18/057,878 is a continuation of application No. 17/657,578, filed on Mar. 31, 2022, granted, now 11,544,399.
Application 17/657,578 is a continuation of application No. 16/745,922, filed on Jan. 17, 2020, granted, now 11,372,995.
Prior Publication US 2024/0061948 A1, Feb. 22, 2024
This patent is subject to a terminal disclaimer.
Int. Cl. G06F 16/00 (2019.01); G06F 16/27 (2019.01); G06F 21/62 (2013.01)
CPC G06F 21/6218 (2013.01) [G06F 16/27 (2019.01)] 20 Claims
OG exemplary drawing
 
1. A method comprising:
generating, by a first account using one or more processors coupled to a memory, a database;
receiving, from a second account by one or more processors, a request to clone the database associated with the first account;
determining an identifier of the second account;
using the identifier of the second account to determine a role of the second account stored in a user table;
retrieving, from a grant table, a grant associated with a privilege of the second account, the grant table associating different roles with different privileges;
controlling whether to permit or deny cloning of the database based on the grant associated with the privilege retrieved from the grant table;
in response to permitting cloning of the database, determining whether the request to clone the database comprises a command to copy grants; and
selectively copying one or more grants from the grant table into a clone of the database based on determining whether the request to clone the database comprises the command to copy grants.