Abstract: Techniques for configuring a managed event table (MET) include detecting, by at least one hardware processor, a query for the MET. The query received at a first computing node of a network-based database system. The method includes retrieving via an ingestion function configured at the first computing node, reformatted data from a dedicated storage location of a first process into the MET. The reformatted data is based on log data associated with a second process. The first process and the second process are executing at a second computing node of the network-based database system. The method includes processing the query using the reformatted data in the MET.

Abstract: Embodiments of the present disclosure provide a region-specific events account that is used as a central place to store the events shared by consumers of shared applications in that region. For each of a set of provider accounts in a first region, a global account object corresponding to the provider account is replicated to a second region to establish a replicated global account object in the second region. An account data persistence object (DPO) of a first provider account of the set of provider accounts is modified to designate the first provider account as an events account. The events account is a central location within the second region where execution information generated by execution of applications shared with consumer accounts in the second region is stored. The replicated global account object corresponding to the first provider account is updated to designate the first provider account as the events account.

Abstract: A data platform for managing an application as a first-class database object. The data object can include User Interface (UI) components. The data application can be shared by a provider account to a plurality of consumer accounts using a share object and based on grant commands. The consumer accounts can deploy and operate the UI component based on the share object.

Abstract: Disclosed is a system and method of using an event loader to share application information. The method includes generating a first log information object indicating a consumer target where execution information generated by an application shared with a consumer account of a data exchange is written. The method includes generating a first event unloader based on the first log information object. The first event unloader is linked to the application using a mapping. The method includes sending, by a processing device, the execution information generated by the application to the consumer target using the first event unloader.

Abstract: Techniques for configuring event tables include retrieving, by at least one hardware processor of a computing node, log data at a first process of the computing node. The log data is associated with a function executing at a second process of the computing node. The log data is revised using a table stage to generate revised log data. The table stage is configured as a dedicated storage location of the first process. The revising includes a data enrichment process based on metadata associated with execution of the function at the second process. The revised log data is ingested into an event table.

Abstract: A data platform grants privileges to applications accessing resources of the data platform in a secure and efficient way. The data platform determines whether a privilege has been granted to an application and, if not, generates a validation of the request to grant the privilege using a manifest of the application. The data platform generates a grant privilege request user interface, presents the grant privilege user interface to a consumer of the data platform, receives a privilege grant authorization from the consumer, and grants the privilege to the application. The granted privilege is then used by the application to access the resource.

Abstract: Disclosed is an execution information sharing system that duplicates execution information to a provider target (and other targets) as it is being loaded to a consumer target. A first log information object and a second log information object are generated. The first and second log information objects comprise information indicating a consumer target and information indicating a provider target respectively where execution information generated by an application shared with a consumer account of a data exchange is written. A first event unloader and a second event unloader are generated based on the first and second log information objects respectively, wherein the first and second event unloaders are both linked to the application using a mapping. In response to receiving execution information from the application, the execution information is forwarded to the consumer target and the provider target using the first event unloader and the second event unloader respectively.

Abstract: An application package and application instance for a data platform. The application is created in a consumer account of a consumer using the application package. The consumer grants permissions for performing privileged actions in the consumer account to an application role of the application. The application creates objects in the application, creates objects outside of the application in the consumer account, and accesses external systems using permissions granted by the consumer.

Abstract: Embodiments of the present disclosure provide a region-specific events account that is used as a central place to store the events shared by consumers of shared applications in that region. For each of a set of provider accounts in a first region, a global account object corresponding to the provider account is replicated to a second region to establish a replicated global account object in the second region. An account data persistence object (DPO) of a first provider account of the set of provider accounts is modified to designate the first provider account as an events account. The events account is a central location within the second region where execution information generated by execution of applications shared with consumer accounts in the second region is stored. The replicated global account object corresponding to the first provider account is updated to designate the first provider account as the events account.

Abstract: A versioned schema of a data platform. A process of maintaining a call stack of executing objects of an application package having a versioned schema includes calling, by a first procedure executed by one or more processors, a second procedure of a versioned application instance, and determining, by the first procedure, a version of the second procedure based on a call context. In response to determining that the version of the second procedure is not in the call context, the first procedure determines a current version of the versioned application package adds the current version to the call context as the version of the second procedure.

Abstract: An anti-abuse system is provided for a data-platform. An anti-abuse scanner of the data-platform detects a creation of an application package by a provider of content to the data platform where the application package includes a set of files for deployment on the data platform. The anti-abuse scanner performs a review o the set of files to detect malicious content where the review is based on a set of analysis rules and generates a deployment decision for the application package based on a result of the review.

Abstract: Embodiments of the present disclosure related to sharing applications within a data sharing platform. An example method includes replicating a database from a provider account of a data sharing platform to a consumer account of the data sharing platform. The method further includes executing an installation script within the consumer account to install an application in the consumer account of the data sharing platform responsive to the replicating. The method further includes creating, by a processing device, a set of database roles to manage execution of the application in the consumer account, wherein one or more of the set of database roles determine access privileges granted to the application for accessing the database inside the consumer account. The application is to perform a data processing service relative to a data asset in the database.

Abstract: Methodologies for upgrading and patching an in-database application package and its application instances. A data platform determines a number of objects of an application instance running on the data platform at a previous version level of an application package of the application instance. In response to determining the number of objects of the application package running on the data platform at the previous version level of the application package is one or more, the data platform continues determining the number of objects running on the data platform at a previous version level of the application package. In response to determining the number of objects of the application instance running on the data platform at the previous version level of the application package is none, the data platform upgrades the application instance to the new version of the application package.

Abstract: An in-database application package and application instance for a data platform. The data platform creates an application instance of an application package having a versioned schema, creates one or more system roles for the application instance, creates a user role and an administrator role for the application instance, creates one or more objects of the application instance based on a versioned schema, and grants one or more use privileges to the one or more roles. Application instances of the application package are upgraded or patched on the data platform based on application package versions. To ensure a proper upgrade or patch, the data platform tracks versions of executing objects of application instances in a call context.

Abstract: A versioned schema of a data platform. A process of maintaining a call stack of executing objects of an application package having a versioned schema includes calling, by a first procedure executed by one or more processors, a second procedure of a versioned application instance, and determining, by the first procedure, a version of the second procedure based on a call context. In response to determining that the version of the second procedure is not in the call context, the first procedure determines a current version of the versioned application package adds the current version to the call context as the version of the second procedure.

Abstract: A data platform for developing and deploying a user application within a unified security context. The data platform authorizes a first user to use an editor to access source code of a user application based on security policies of a security context and authorizes the first user to use an application and data manager to set usage privileges for a second user to use the user application based on the security policies of the security context. To provide the user application to the second user, the data platform deploys the user application by instantiating a User Defined Function (UDF) server and an application engine of the UDF server within the security context, instantiating the user application as an application of the application engine within the security context, and authorizing access by the user application to databased on the security policies of the security context.

Abstract: An anti-abuse system is provided for a data-platform. An anti-abuse scanner of the data-platform detects a creation of an application package by a provider of content to the data platform where the application package includes a set of files for deployment on the data platform. The anti-abuse scanner performs a review of the set of files to detect malicious content where the review is based on a set of analysis rules and generates a deployment decision for the application package based on a result of the review.

Abstract: A data platform for developing and deploying a user application within a unified security context. The data platform authorizes a first user to use an editor to access source code of a user application based on security policies of a security context and authorizes the first user to use an application and data manager to set usage privileges for a second user to use the user application based on the security policies of the security context. To provide the user application to the second user, the data platform deploys the user application by instantiating a User Defined Function (UDF) server and an application engine of the UDF server within the security context, instantiating the user application as an application of the application engine within the security context, and authorizing access by the user application to databased on the security policies of the security context.

Abstract: Embodiments of the present disclosure enable users of a data sharing system to build native applications that can be shared with other users of the data sharing system. The native applications can be published and discovered in the data sharing system like any other data listing, and consumers can install them in their local data sharing system account to serve their data processing needs. A provider may define an installation script for installing an application and create a share object to which the installation script may be attached. In response to an imported database being created in a consumer account based on the share object, a native application framework may automatically execute the installation script in the consumer account and may create a set of database roles to manage execution of the application in the consumer account.

Abstract: Embodiments of the present disclosure provide a region-specific events account that is used as a central place to store the events shared by consumers of shared applications in that region. Use of such an account helps reduce the operational burden of a provider of the applications as they do not need to determine which accounts have shared events for each different consumer. The provider only needs to login to the events account which is in the same region as the consumer and can query all shared events from different applications that are being used in that region. Also, since the provider can designate an events account in each region, the shared events could be directly ingested into the events account without traveling to a different region.