Abstract: A system is disclosed that includes one or more hardware processors and at least one memory storing instructions. The system receives a first query directed towards a shared dataset and accesses a first set of data from a first table in the shared dataset. The system determines that an aggregation constraint policy is attached to the first table, which restricts output of data values stored in the table. The system performs a uniqueness check on join keys for a join operation associated with the first table, verifying that at least one row from the first table is not amplified in the result. The system enforces the aggregation constraint policy on the first query based on this verification. The system generates an output to the first query based on the first set of data. This approach helps control data aggregation and ensures privacy when accessing shared datasets.

Abstract: Described is a system for join constraints for query processing by receiving a first query directed towards a shared dataset in a data clean room; assessing the first query to identify that the one or more functions s at least a join function; determining that the first query is configured to join a first set of data from the shared dataset with a second set of data using the join function; determining that a join constraint policy is to be enforced in relation to the first query; and generating an output to the first query based on the execution of the one or more functions, the output to the first query without data values stored in the portion of the first set of data based on determining that the join constraint policy is to be enforced in relation to the first query.

Abstract: A data platform that implements memoizable functions for database objects. The data platform detects a first execution of a memoizable function and generates a first key based on metadata of one or more database objects operated on by the memoizable function and generates a first result for the memoizable function based on the one or more database objects. The data platform detects a second execution of the memoizable function and generates a second key based on the metadata of the one or more database objects operated on by the memoizable function. When the first key and the second key are equal, the data platform reuses the first result of the memoizable function. When the first key and second key do not match, the data platform generates a second result for the second execution of the memoizable function.

Abstract: Embodiments of the present disclosure provide techniques for mountless querying of listing data. A processing device obtains a query that includes a universal listing identifier of a database, wherein the universal listing identifier is different from an identifier for the database. The processing device activates, at runtime, at least one role for accessing the database and shared objects based on the universal listing identifier. The processing device generates, based on the universal listing identifier and the at least one activated role, an in-memory placeholder object associated with the database. The processing device provides access to data of the database based on the in-memory placeholder object and the query.

Abstract: A tag propagator may obtain a SQL statement. As a result of obtaining the SQL statement, object dependencies between objects referenced in the SQL statement may be determined. Tags associated with the determined object dependencies may be further determined. The tags may be propagated.

Abstract: An entity-level privacy system receives a query directed towards a shared dataset, the shared dataset comprising one or more data entries associated with one or more distinct entities, each entity of the one or more distinct entities being identifiable by one or more unique entity identifiers. The entity-level privacy system implements an entity-level privacy constraint, the entity-level privacy constraint comprising a dynamic aggregation constraint based on the one or more unique entity identifiers. The entity-level privacy system determines that the one or more unique entity identifiers satisfy a threshold condition comprising a minimum number of entities. The entity-level privacy system enforces the entity-level privacy constraint on the query and generates an output to the query based on the entity-level privacy constraint and the dynamic aggregation constraint while maintaining entity-level privacy associated with the one or more distinct entities.

Abstract: Row-level security (RLS) may provide fine-grained access control based on flexible, user-defined access policies to databases, tables, objects, and other data structures. A RLS policy may be an entity or object that defines rules for row access. A RLS policy may be decoupled or independent from any specific table. This allows more robust and flexible control. A RLS policy may then be attached to one or more tables. The RLS policy may include a Boolean-valued expression.

Abstract: Some embodiments include receiving a first query directed towards a shared dataset, accessing a first set of data from the shared dataset to perform the one or more functions, determining that a row access policy is to be enforced in relation to the first query, and generating an output to the first query based on an execution of the one or more functions.

Abstract: A data platform creates an application in a data-provider account, where the application includes one or more application programming interfaces (APIs) corresponding to one or more underlying code blocks. The data platform shares homomorphically encrypted provider data with the application in the data-provider account. The data platform installs, in a data-consumer account, an application instance of the application. The data platform shares homomorphically encrypted consumer data with the application instance in the data-consumer account. The data platform invokes one or more of the APIs of the application instance to execute respective associated underlying code blocks, which are not visible to the data-consumer account, and which operate on the shared homomorphically encrypted provider data and the shared homomorphically encrypted consumer data. The data platform saves homomorphically encrypted output of the one or more respective associated underlying code blocks locally within the data-consumer account.

Abstract: Various embodiments provide for managing differential privacy on a database system using one or more differential privacy policies and one or more differential privacy budgets associated with the one or more differential privacy policies.

Abstract: Various embodiments provide for using one or more differential privacy domains on a database system to execute a differentially private query on the database system.

Abstract: Various embodiments provide for using one or more stored procedures to implement differential privacy on a database system.

Abstract: Aspects of the present disclosure address systems, methods, and devices for tracking object dependencies in a cloud database system. An object dependency created between a referencing object and a referenced object is detected. Based on detecting the object dependency, a dependency record is generated. The dependency record includes dependency information describing the object dependency between the reference object and the referenced object. The dependency record is stored in a database of dependency records.

Abstract: A database system facilitates secure data sharing by implementing projection constraints within a query processing framework. Upon receiving a query directed to a shared dataset, the system, utilizing hardware processors, identifies a subset of data within the dataset that is subject to a projection constraint policy. The applicability of the projection constraint is determined based on the context of the query, which is derived from a data sharing agreement. The system processes the query by selectively restricting the projection of data values from constrained columns, while allowing specific operations to be performed on the data. The output generated in response to the query is compliant with the projection constraint policy, providing derived data based on the allowed operations without revealing the actual data values. This ensures the confidentiality of sensitive information while enabling collaborative data analysis and sharing among various users of the database system.

Abstract: In an embodiment, a data platform creates an application in a data-provider account. The application includes one or more APIs corresponding to one or more underlying code blocks. The data platform shares provider data with the application in the data-provider account, and also installs, in a data-consumer account, an application instance of the application. The application instance includes one or more APIs corresponding to the one or more APIs in the application in the data-provider account. The data platform shares consumer data with the application instance in the data-consumer account, and invokes one or more of the APIs of the application instance to execute respective associated underlying code blocks, which are not visible to the data-consumer account. The data platform also saves output of the one or more respective associated underlying code blocks locally within the data-consumer account.

Abstract: Provided herein are systems and methods for configuring integrity constraints (including a check constraint) and row violation logging using error tables. An example method includes decoding a query received at a network-based database system. The query includes a command to perform an operation on a base table. An integrity constraint associated with the base table is retrieved. The integrity constraint specifies a desired configuration for the base table. A verification of the integrity constraint is performed to detect erroneous data of the base table that violates the desired configuration. The erroneous data is input into an error table that is configured as a nested object of the base table. A notification that the erroneous data is available in the error table is generated and output.

Abstract: In an embodiment, an application is created on a data-provider platform. The application includes one or more application programming interfaces (APIs) corresponding to one or more underlying code blocks. Provider data is shared with the application on the data-provider platform. An application instance of the application is installed in a trusted execution environment (TEE). The application instance includes one or more APIs corresponding to the one or more APIs in the application on the data-provider platform. Consumer data is shared with the application instance from a data-consumer platform. One or more of the APIs of the application instance are invoked to execute, on the TEE, respective associated underlying code blocks that are not visible on the TEE. The output of the one or more respective associated underlying code blocks is saved to the data-consumer platform.

Abstract: Provided herein are systems and methods for configuring integrity constraints (including a check constraint) and row violation logging using error tables. An example method includes decoding a query received at a network-based database system. The query includes a command to perform an operation on a base table. An integrity constraint associated with the base table is retrieved. The integrity constraint specifies a desired configuration for the base table. A verification of the integrity constraint is performed to detect erroneous data of the base table that violates the desired configuration. The erroneous data is input into an error table that is configured as a nested object of the base table. A notification that the erroneous data is available in the error table is generated and output.

Abstract: A method of implementing object tagging framework starts with the processor receiving a tag creation command including a tag name. In response to the tag creation command, the processor creates a current tag. The processor then receives an association command, the tag name and a source object identifier. The processor determines a source object associated with the source object identifier. The source object includes a tag value. The processor associates the current tag with the source object. The processor receives a replication command including the source object and a target object. The processor causes replication of the source object to the target object that comprises replicating the current tag with the tag name and the tag value in the source object to the target object. Other embodiments are also described herein.

Abstract: A method of implementing object tagging framework starts with the processor receiving a tag creation command including a tag name. In response to the tag creation command, the processor creates a current tag. The processor then receives an association command, the tag name and a target object identifier. The processor determines a target object associated with the target object identifier. The target object includes a tag value. The processor associates the current tag with the target object. The processor identifies a first child object of the target object. The target object and the first child object are hierarchical objects. In response to determining that the first child object is tag-unassociated, the processor associates the current tag with the first child object. In response to receiving a query including the tag name, the processor generates an output based on the tag name. Other embodiments are also described herein.