Abstract: Embodiments disclosed herein provide systems, methods, and computer readable media for data lineage based multi-data store recovery. In a particular embodiment, a method provides identifying first data in a first table of a plurality of tables stored in a plurality of data stores and restoring the first data to a first correct version of the first data in a prior version of the first table. The method further provides identifying a second table of the plurality of tables that descends from the first table and includes second descendent data that stems from the first data. The method also provides restoring the second descendent data to a second correct version of the second descendent data in a prior version of the second table.

Abstract: The technology disclosed herein accelerates traversal of a privilege graph indicating access permissions to resources of data environments. In a particular example, a method provides identifying a first node type of a start node of a plurality of nodes in a privilege graph and a second node type of an end node of the plurality of nodes. The privilege graph indicates access privileges for a plurality of users to features of a plurality of data environments. The method also provides identifying one or more possible paths between the first node type and the second node type based on a schema of the privilege graph and traversing the plurality of nodes from the start node to the end node while ignoring paths that are not included in the one or more possible paths.

Abstract: Embodiments disclosed herein provide systems, methods, and computer readable media for data lineage based multi-data store recovery. In a particular embodiment, a method provides identifying first data in a first table of a plurality of tables stored in a plurality of data stores and restoring the first data to a first correct version of the first data in a prior version of the first table. The method further provides identifying a second table of the plurality of tables that descends from the first table and includes second descendent data that stems from the first data. The method also provides restoring the second descendent data to a second correct version of the second descendent data in a prior version of the second table.

Abstract: The technology disclosed herein reduces nodes and edges within a privilege graph that indicates access privileges for users to features of data environments. In a particular example, a method provides identifying two attribute nodes of a plurality of nodes in a privilege graph and determining that the two attribute nodes share the same one or more outbound edges. The method further provides combining the two attribute nodes into a combined node. The combined node represents attributes represented by the two attribute nodes. The method also provides tracing the privilege graph from a user through the combined node when determining which of the access privileges correspond to the user.

Abstract: Embodiments disclosed herein provide systems, methods, and computer readable media for container based application reification. In a particular embodiment, an application reification system is provided including one or more computer readable storage media and a processing system operatively coupled with the one or more computer readable storage media. The application reification system further includes program instructions stored on the one or more computer readable storage media that, when read and executed by the processing system, direct the processing system to preserve a version of application data at a first time and a configuration of an application at the first time. At a second time subsequent to the first time, the program instructions direct the processing system to create a template for a container containing the application in the configuration and a pointer to the version of the application data in a secondary storage repository.

Abstract: An example networked computing system for iterative node level recovery comprises a node cluster; a database; at least one processor configured by instructions to perform operations comprising at least: identifying a failed node among existing nodes in the node cluster; identifying and initiating a replacement node as a new node for the node cluster; accessing at the database a logical backup of the node cluster; retrieving logical backup data of the node cluster and identifying specific rows of backup data to be restored to the new node; restoring the specific data rows to the new node; identifying new data written by applications, to the existing nodes of the node cluster, during restoration of the new node; iteratively accessing supplementary back up data to identify supplementary data rows to be restored to the new node; and iteratively restoring the supplementary data rows to the new node until the new node is synchronized with the existing nodes in the node cluster.

Abstract: Embodiments disclosed herein provide systems, methods, and computer readable media for container based application reification. In a particular embodiment, an application reification system is provided including one or more computer readable storage media and a processing system operatively coupled with the one or more computer readable storage media. The application reification system further includes program instructions stored on the one or more computer readable storage media that, when read and executed by the processing system, direct the processing system to preserve a version of application data at a first time and a configuration of an application at the first time. At a second time subsequent to the first time, the program instructions direct the processing system to create a template for a container containing the application in the configuration and a pointer to the version of the application data in a secondary storage repository.

Abstract: The technology disclosed herein enables pushing of access-privilege information from data environments to a graphing service. In a particular embodiment, a method includes registering a data environment to enable the data environment to use Application Programming Interface (API) calls and receiving an API call transmitted from the data environment. The API call provides information about access permissions for the data environment. The method further includes incorporating the information into a privilege graph representing data access authorizations.

Abstract: The technology disclosed herein enables enforcement of high-level rules defined by a user across multiple data environments. In a particular embodiment, a method includes receiving a high-level rule from a user for enforcement across a plurality of data environments and interpreting the high-level rule into a computer-readable rule. The method further includes translating the computer-readable rule into an instruction compatible with a data environment of the plurality of data environments. The method also includes providing the instruction to the data environment, wherein the data environment implements the high-level rule within the data environment based on the instruction.

Abstract: The technology disclosed herein enables generation of effective permissions between principals and resources from access policies. In a particular embodiment, a method includes, in an effective permissions service, retrieving one or more access policies that define access permissions between a principal and a resource of the plurality of resources. The method also includes determining an effective permission defining the access of the principal to the resource based on the access policies and defining the effective permission in a canonical format. The method further includes storing the effective permission for reference when the principal attempts to access the resource.

Abstract: An example networked computing system comprises a node cluster; a database; at least one processor configured by instructions to perform operations in a method of node level recovery, the method comprising operations including at least: identifying a failed node among existing nodes in the node cluster; identifying and initiating a replacement node as a new node for the node cluster; accessing at the database a logical backup of the node cluster; retrieving logical backup data of the node cluster from the logical backup and applying a node level filter to identify rows of backup data associated with the failed node; and restoring the data rows identified by the node level filter to the new node.

Abstract: Embodiments disclosed herein provide systems, methods, and computer readable media for infinite versioning by automatic coalescing. In a particular embodiment, a method provides determining an age range for a plurality of data versions stored in a secondary data repository and identifying first data versions of the plurality of data versions that are within the age range. The method further provides determining a compaction ratio for the first data versions and compacting the first data versions based on the compaction ratio.

Abstract: The technology disclosed herein enables representation of data access authorizations using a privilege graph. In a particular embodiment, a method includes identifying first attributes of a first user. The method further includes traversing nodes of a privilege graph using the first attributes to determine subsequent nodes until one or more nodes representing a first subset of environments of a plurality of data environments is reached. The method also includes authorizing the first user to access the first subset.

Abstract: The technology disclosed herein enables generation of a privilege graph to represent data access authorizations. In a particular embodiment, a method includes extracting identity information for a plurality of users from a plurality of identity environments and privilege information from a plurality of data environments. The method further includes forming subgraphs for the identity environments and the data environments from the identity information and the privilege information. The method also includes translating the subgraphs into a canonical schema and, after translating the subgraphs, combining the subgraphs into the privilege graph.

Abstract: An example networked computing system comprises a node cluster; a database; at least one processor configured by instructions to perform operations in a method of node level recovery, the method comprising operations including at least: identifying a failed node among existing nodes in the node cluster; identifying and initiating a replacement node as a new node for the node cluster; accessing at the database a logical backup of the node cluster; retrieving logical backup data of the node cluster from the logical backup and applying a node level filter to identify rows of backup data associated with the failed node; and restoring the data rows identified by the node level filter to the new node.

Abstract: An example networked computing system for iterative node level recovery comprises a node cluster; a database; at least one processor configured by instructions to perform operations comprising at least: identifying a failed node among existing nodes in the node cluster; identifying and initiating a replacement node as a new node for the node cluster; accessing at the database a logical backup of the node cluster; retrieving logical backup data of the node cluster and identifying specific rows of backup data to be restored to the new node; restoring the specific data rows to the new node; identifying new data written by applications, to the existing nodes of the node cluster, during restoration of the new node; iteratively accessing supplementary back up data to identify supplementary data rows to be restored to the new node; and iteratively restoring the supplementary data rows to the new node until the new node is synchronized with the existing nodes in the node cluster.

Abstract: An example networked computing system for filtered node level recovery comprises a node cluster; a database; and at least one processor to perform operations comprising at least: identifying a failed node among existing nodes in the node cluster; identifying and initiating a replacement node as a new node for the node cluster; accessing at the database a logical backup of the node cluster; retrieving logical backup data of the node cluster and applying a node-level filter to identify specific rows of backup data to be restored to the new node; restoring the specific data rows to the new node; identifying new data written by applications, to the existing nodes of the node cluster, during restoration of the new node; accessing supplementary back up data and applying the node-level filter to identify supplementary data rows to be restored to the new node; and restoring the supplementary data rows to the new node.

Abstract: Embodiments disclosed herein provide systems, methods, and computer readable media for infinite versioning by automatic coalescing. In a particular embodiment, a method provides determining an age range for a plurality of data versions stored in a secondary data repository and identifying first data versions of the plurality of data versions that are within the age range. The method further provides determining a compaction ratio for the first data versions and compacting the first data versions based on the compaction ratio.

Abstract: Embodiments disclosed herein provide systems, methods, and computer readable media for container based application reification. In a particular embodiment, an application reification system is provided including one or more computer readable storage media and a processing system operatively coupled with the one or more computer readable storage media. The application reification system further includes program instructions stored on the one or more computer readable storage media that, when read and executed by the processing system, direct the processing system to preserve a version of application data at a first time and a configuration of an application at the first time. At a second time subsequent to the first time, the program instructions direct the processing system to create a template for a container containing the application in the configuration and a pointer to the version of the application data in a secondary storage repository.

Abstract: Embodiments disclosed herein provide systems, methods, and computer readable media for infinite versioning by automatic coalescing. In a particular embodiment, a method provides determining an age range for a plurality of data versions stored in a secondary data repository and identifying first data versions of the plurality of data versions that are within the age range. The method further provides determining a compaction ratio for the first data versions and compacting the first data versions based on the compaction ratio.