Abstract: In an embodiment, a data platform creates an application in a data-provider account. The application includes one or more APIs corresponding to one or more underlying code blocks. The data platform shares provider data with the application in the data-provider account, and also installs, in a data-consumer account, an application instance of the application. The application instance includes one or more APIs corresponding to the one or more APIs in the application in the data-provider account. The data platform shares consumer data with the application instance in the data-consumer account, and invokes one or more of the APIs of the application instance to execute respective associated underlying code blocks, which are not visible to the data-consumer account. The data platform also saves output of the one or more respective associated underlying code blocks locally within the data-consumer account.

Abstract: Disclosed herein are pharmaceutical compositions, devices, their combinations, and their uses thereof for example in treating or preventing headaches.

Abstract: An attachment system includes a rear wall including a front side and a rear side formed on an opposite side from the front side, and a base wall extending from the front side of the rear wall to a front edge and including a top side and a bottom side formed on an opposite side from the top side. The attachment system also includes a lower retaining lip disposed on the base wall and spaced apart from the front side to define a first channel extending along the top side of the base wall, a release tab extending from the base wall, and an upper retaining lip extending from the rear wall and spaced apart from the top side of the base wall to define a second channel extending along the front side of the rear wall.

Abstract: Provided herein are systems and methods for configuring integrity constraints (including a check constraint) and row violation logging using error tables. An example method includes decoding a query received at a network-based database system. The query includes a command to perform an operation on a base table. An integrity constraint associated with the base table is retrieved. The integrity constraint specifies a desired configuration for the base table. A verification of the integrity constraint is performed to detect erroneous data of the base table that violates the desired configuration. The erroneous data is input into an error table that is configured as a nested object of the base table. A notification that the erroneous data is available in the error table is generated and output.

Abstract: In an embodiment, an application is created on a data-provider platform. The application includes one or more application programming interfaces (APIs) corresponding to one or more underlying code blocks. Provider data is shared with the application on the data-provider platform. An application instance of the application is installed in a trusted execution environment (TEE). The application instance includes one or more APIs corresponding to the one or more APIs in the application on the data-provider platform. Consumer data is shared with the application instance from a data-consumer platform. One or more of the APIs of the application instance are invoked to execute, on the TEE, respective associated underlying code blocks that are not visible on the TEE. The output of the one or more respective associated underlying code blocks is saved to the data-consumer platform.

Abstract: Provided herein are systems and methods for configuring integrity constraints (including a check constraint) and row violation logging using error tables. An example method includes decoding a query received at a network-based database system. The query includes a command to perform an operation on a base table. An integrity constraint associated with the base table is retrieved. The integrity constraint specifies a desired configuration for the base table. A verification of the integrity constraint is performed to detect erroneous data of the base table that violates the desired configuration. The erroneous data is input into an error table that is configured as a nested object of the base table. A notification that the erroneous data is available in the error table is generated and output.

Abstract: A method of implementing object tagging framework starts with the processor receiving a tag creation command including a tag name. In response to the tag creation command, the processor creates a current tag. The processor then receives an association command, the tag name and a source object identifier. The processor determines a source object associated with the source object identifier. The source object includes a tag value. The processor associates the current tag with the source object. The processor receives a replication command including the source object and a target object. The processor causes replication of the source object to the target object that comprises replicating the current tag with the tag name and the tag value in the source object to the target object. Other embodiments are also described herein.

Abstract: A method of implementing object tagging framework starts with the processor receiving a tag creation command including a tag name. In response to the tag creation command, the processor creates a current tag. The processor then receives an association command, the tag name and a target object identifier. The processor determines a target object associated with the target object identifier. The target object includes a tag value. The processor associates the current tag with the target object. The processor identifies a first child object of the target object. The target object and the first child object are hierarchical objects. In response to determining that the first child object is tag-unassociated, the processor associates the current tag with the first child object. In response to receiving a query including the tag name, the processor generates an output based on the tag name. Other embodiments are also described herein.

Abstract: In an embodiment, a data platform creates an application in a data-provider account. The application includes one or more APIs corresponding to one or more underlying code blocks. The data platform shares provider data with the application in the data-provider account, and also installs, in a data-consumer account, an application instance of the application. The application instance includes one or more APIs corresponding to the one or more APIs in the application in the data-provider account. The data platform shares consumer data with the application instance in the data-consumer account, and invokes one or more of the APIs of the application instance to execute respective associated underlying code blocks, which are not visible to the data-consumer account. The data platform also saves output of the one or more respective associated underlying code blocks locally within the data-consumer account.

Abstract: Techniques for creating, sharing, and using bundles (also referred to as packages) in a multi-tenant database are described herein. A bundle is a schema object with associated hidden schemas. A bundle can be created by a provider user and can be shared with a plurality of consumer users. The bundle can be used to enable code sharing and distribution without losing control while maintaining security protocols.

Abstract: Row-level security (RLS) may provide fine-grained access control based on flexible, user-defined access policies to databases, tables, objects, and other data structures. A RLS policy may be an entity or object that defines rules for row access. A RLS policy may be decoupled or independent from any specific table. This allows more robust and flexible control. A RLS policy may then be attached to one or more tables. The RLS policy may include a Boolean-valued expression.

Abstract: Systems and methods for managing column hiding are provided. The systems and methods receive, from a client device, a query associated with a table. The systems and methods determine an access restriction associated with the client device. The systems and methods identify a column of the table that is restricted by the access restriction associated with the client device. In response to identifying the column of the table that is restricted by the access restriction associated with the client device, the systems and methods provide a result of the query that excludes data corresponding to the column.

Abstract: Described herein are techniques for data quality monitoring in a network-based data system. A data metric function used to evaluate data quality can be stored, where the data metric function is defined as schema level object. The data metric function can be attached to a table associated with an account and is evaluated on data associates with the table to generate evaluation results. The evaluation results can be stored in an account-specific central database, from which access is provided to the evaluation results to a user for the account.

Abstract: Systems and methods for generating object references with selectable scopes are provided. The systems and methods perform operations including calling, by a first entity, a reference generator function using one or more arguments associated with a database object that the first entity is authorized to access according to a first set of access privileges, the one or more arguments comprising a scope definition that defines persistence of a reference. The operations include obtaining, from the reference generator function, a reference to the database object, the reference persisting according to the scope definition. The operations include passing the reference to a second entity to enable the second entity to perform one or more database operations on the database object according to a second set of access privileges derived from the first set of access privileges.

Abstract: Row-level security (RLS) may provide fine-grained access control based on flexible, user-defined access policies to databases, tables, objects, and other data structures. A RLS policy may be an entity or object that defines rules for row access. A RLS policy may be decoupled or independent from any specific table. This allows more robust and flexible control. A RLS policy may then be attached to one or more tables. The RLS policy may include a Boolean-valued expression.

Abstract: A noisy aggregation constraint system receives a query for a shared dataset, where the query identifies an operation. The noisy aggregation constraint system accesses a set of data from the shared dataset to perform the operation, the set of data comprises data accessed from a table of the shared dataset. The system determines that an aggregation constraint policy is attached to the table, the policy restricts output of data values stored in the table. Based on the context of the query, the system determines that the aggregation constraint policy should be enforced in relation to the query. The system assigns a specified noise level to the shared dataset and generates an output based on the set of data and the operation; the output comprises data values added to the table based on the specified noise level.

Abstract: Systems and methods for managing column hiding are provided. The systems and methods receive, from a client device, a query associated with a table. The systems and methods determine an access restriction associated with the client device. The systems and methods identify a column of the table that is restricted by the access restriction associated with the client device. In response to identifying the column of the table that is restricted by the access restriction associated with the client device, the systems and methods provide a result of the query that excludes data corresponding to the column.

Abstract: A control system for a building includes a controller configured to control a heating, ventilation, and air conditioning (HVAC) system configured to condition a space within the building. An electronic device is configured to be in electronic communication with the controller and provides a first output to the controller that corresponds to a first state of the electronic device. The electronic device provides a second output to the controller that corresponds to a second state of the electronic device. In response to receiving one of the first output or the second output, the controller is configured to change a state of the HVAC system from a first state to a second state. In response to receiving the other of the first output or the second output, the controller is configured to change the state of the HVAC system from the second state to a third state.

Abstract: The cloud data platform receives a first query directed towards a shared dataset, the first query identifying a first operation. The platform accesses a first set of data from the shared dataset to perform the first operation, the first set of data including data accessed from a first table of the shared dataset. The cloud data platform determines that an aggregation constraint policy is attached to the first table, the aggregation constraint policy restricts output of data values stored in the first table and enforces the aggregation constraint policy on the first query based on a context of the first query. The cloud data platform generates an output to the first query based on the first set of data and the first operation, based on enforcing the aggregation constraint policy on the first query.

Abstract: Systems and methods for managing column hiding are provided. The systems and methods receive, from a client device, a query associated with a table. The systems and methods determine an access restriction associated with the client device. The systems and methods identify a column of the table that is restricted by the access restriction associated with the client device. In response to identifying the column of the table that is restricted by the access restriction associated with the client device, the systems and methods provide a result of the query that excludes data corresponding to the column.