diff --git a/.env.example b/.env.example
index 56d7dc5..dd9c57f 100644
--- a/.env.example
+++ b/.env.example
@@ -72,5 +72,5 @@ DEKART_STATIC_FILES=
 REACT_APP_CUSTOM_CODE=
 DEKART_DEV_CLAIMS_EMAIL=
 DEKART_DEV_REFRESH_TOKEN=
-DEKART_DOCKER_DEV_TAG= dekart-dev
-DEKART_DOCKER_E2E_TAG= dekart-e2e
+DEKART_DOCKER_DEV_TAG=dekart-dev
+DEKART_DOCKER_E2E_TAG=dekart-e2e
diff --git a/.github/workflows/e2e.yaml b/.github/workflows/e2e.yaml
index 0533e56..609defa 100644
--- a/.github/workflows/e2e.yaml
+++ b/.github/workflows/e2e.yaml
@@ -234,6 +234,8 @@ jobs:
             -e DEKART_SNOWFLAKE_ACCOUNT_ID=${{ secrets.SNOWFLAKE_ACCOUNT_ID }} \
             -e DEKART_SNOWFLAKE_USER=${{ secrets.SNOWFLAKE_USER }} \
             -e DEKART_SNOWFLAKE_PASSWORD=${{ secrets.SNOWFLAKE_PASSWORD }} \
+            -e DEKART_DEV_CLAIMS_EMAIL=test@gmail.com \
+            -e DEKART_REQUIRE_AMAZON_OIDC=1 \
             dekartxyz/dekart:${{ env.IMAGE_CACHE_KEY }}
       - name: Upload cypress artifacts
         if: failure()
diff --git a/.gitignore b/.gitignore
index 583d0a2..e781d80 100644
--- a/.gitignore
+++ b/.gitignore
@@ -45,4 +45,7 @@ cypress/screenshots
 
 # IDE
 .idea
-testtmp*
\ No newline at end of file
+testtmp*
+
+# .env
+.env.*
\ No newline at end of file
diff --git a/Makefile b/Makefile
index 9f7d903..f5622e3 100644
--- a/Makefile
+++ b/Makefile
@@ -1,10 +1,10 @@
-.PHONY: proto-build proto-docker proto docker docker-compose-up docker-compose-rm version minor patch
+.PHONY: proto-clean proto-build proto-docker proto nodetest docker-compose-up down cloudsql up-and-down
 
 # load .env
 # https://lithic.tech/blog/2020-05/makefile-dot-env
 ifneq (,$(wildcard ./.env))
     include .env
-    export
+    # export # don't export, it will be available only in this Makefile
 endif
 
 UNAME := $(shell uname -m)
@@ -184,8 +184,6 @@ docker: # build docker for local use
 
 up-and-down:
 	docker-compose  --env-file .env --profile local up; docker-compose --env-file .env --profile local down --volumes
-
-
 up:
 	docker-compose  --env-file .env --profile local up
 
@@ -195,12 +193,24 @@ down:
 cloudsql:
 	docker-compose  --env-file .env --profile cloudsql up
 
-server:
+
+define run_server
+	@set -a; \
+	. $(1); \
+	set +a; \
 	go run ./src/server/main.go
+endef
+
+# Pattern rule to match any target starting with ".env."
+server-%:
+	$(call run_server,.env.$*)
+
+# Rule for the default .env file
+server:
+	$(call run_server,.env)
 
 npm:
 	npm i --legacy-peer-deps
-
 prerelease:
 	npm version prerelease --preid=rc
 preminor:
diff --git a/cypress/e2e/athena/spec.cy.js b/cypress/e2e/athena/spec.cy.js
index 5cf0664..a06554d 100644
--- a/cypress/e2e/athena/spec.cy.js
+++ b/cypress/e2e/athena/spec.cy.js
@@ -4,7 +4,7 @@ import copy from '../../fixtures/copy.json'
 describe('basic query flow', () => {
   it('should make simple athena query and get ready status', () => {
     cy.visit('/')
-    cy.get(`button:contains("${copy.create_report}")`).click()
+    cy.get('button#dekart-create-report').click()
     cy.get('button:contains("Add data from...")').click()
     cy.get('span:contains("SQL query")').click()
     cy.get('textarea').type(copy.simple_athena_query, { force: true })
@@ -17,7 +17,7 @@ describe('basic query flow', () => {
 describe('cancelling query', () => {
   it('should cancels query', () => {
     cy.visit('/')
-    cy.get(`button:contains("${copy.create_report}")`).click()
+    cy.get('button#dekart-create-report').click()
     cy.get('button:contains("Add data from...")').click()
     cy.get('span:contains("SQL query")').click()
     cy.get('textarea').type(copy.simple_athena_query, { force: true })
diff --git a/cypress/e2e/bq/basicFlow.cy.js b/cypress/e2e/bq/basicFlow.cy.js
index eb57d11..e837bc3 100644
--- a/cypress/e2e/bq/basicFlow.cy.js
+++ b/cypress/e2e/bq/basicFlow.cy.js
@@ -4,7 +4,7 @@ import copy from '../../fixtures/copy.json'
 describe('basic query flow', () => {
   it('should make simple bigquery query and get ready status', () => {
     cy.visit('/')
-    cy.get(`button:contains("${copy.create_report}")`).click()
+    cy.get('button#dekart-create-report').click()
     cy.get('button:contains("Add data from...")').click()
     cy.get('span:contains("SQL query")').click()
     cy.get('textarea').type(copy.simple_sql_query, { force: true })
diff --git a/cypress/e2e/bq/cancelQuery.cy.js b/cypress/e2e/bq/cancelQuery.cy.js
index dac7dde..054e6b6 100644
--- a/cypress/e2e/bq/cancelQuery.cy.js
+++ b/cypress/e2e/bq/cancelQuery.cy.js
@@ -4,7 +4,7 @@ import copy from '../../fixtures/copy.json'
 describe('cancelling query', () => {
   it('should cancels query', () => {
     cy.visit('/')
-    cy.get(`button:contains("${copy.create_report}")`).click()
+    cy.get('button#dekart-create-report').click()
     cy.get('button:contains("Add data from...")').click()
     cy.get('span:contains("SQL query")').click()
     cy.get('textarea').type(copy.simple_sql_query, { force: true })
diff --git a/cypress/e2e/bq/scripts.cy.js b/cypress/e2e/bq/scripts.cy.js
index d6dfbbc..c6c72b1 100644
--- a/cypress/e2e/bq/scripts.cy.js
+++ b/cypress/e2e/bq/scripts.cy.js
@@ -4,7 +4,7 @@ import copy from '../../fixtures/copy.json'
 describe('support bq scripts', () => {
   it('retrieve result for bigquery script', () => {
     cy.visit('/')
-    cy.get(`button:contains("${copy.create_report}")`).click()
+    cy.get('button#dekart-create-report').click()
     cy.get('button:contains("Add data from...")').click()
     cy.get('span:contains("SQL query")').click()
     cy.get('textarea').type(copy.bigquery_script, { force: true })
diff --git a/cypress/e2e/bq/updateDataset.cy.js b/cypress/e2e/bq/updateDataset.cy.js
index 5090ee6..96046cb 100644
--- a/cypress/e2e/bq/updateDataset.cy.js
+++ b/cypress/e2e/bq/updateDataset.cy.js
@@ -5,7 +5,7 @@ describe('update dataset', () => {
   it('should persist kepler config when updating dataset', () => {
     // create report
     cy.visit('/')
-    cy.get(`button:contains("${copy.create_report}")`).click()
+    cy.get('button#dekart-create-report').click()
 
     // first query
     cy.get('button:contains("Add data from...")').click()
diff --git a/cypress/e2e/google-oauth/testConnection.cy.js b/cypress/e2e/google-oauth/testConnection.cy.js
index 725665e..7b45414 100644
--- a/cypress/e2e/google-oauth/testConnection.cy.js
+++ b/cypress/e2e/google-oauth/testConnection.cy.js
@@ -6,7 +6,7 @@ describe('basic query flow', () => {
     cy.visit('/')
 
     // create connection
-    cy.get('button:contains("Create connection")').click()
+    cy.get('button:contains("BigQuery")').click()
     const randomConnectionName = `test-${Math.floor(Math.random() * 1000000)}`
     cy.get('div.ant-modal-title').should('contain', 'BigQuery')
     cy.get('input#connectionName').clear()
diff --git a/cypress/e2e/pg/cancelQuery.cy.js b/cypress/e2e/pg/cancelQuery.cy.js
index d5a1d03..ae7996f 100644
--- a/cypress/e2e/pg/cancelQuery.cy.js
+++ b/cypress/e2e/pg/cancelQuery.cy.js
@@ -4,7 +4,7 @@ import copy from '../../fixtures/copy.json'
 describe('cancelling query', () => {
   it('should cancels query', () => {
     cy.visit('/')
-    cy.get(`button:contains("${copy.create_report}")`).click()
+    cy.get('button#dekart-create-report').click()
     cy.get('button:contains("Add data from...")').click()
     cy.get('span:contains("SQL query")').click()
     cy.get('textarea').type(copy.simple_pg_query_long, { force: true })
diff --git a/cypress/e2e/pg/happyPath.cy.js b/cypress/e2e/pg/happyPath.cy.js
index 8ab3e2d..e370834 100644
--- a/cypress/e2e/pg/happyPath.cy.js
+++ b/cypress/e2e/pg/happyPath.cy.js
@@ -4,7 +4,7 @@ import copy from '../../fixtures/copy.json'
 describe('happy path', () => {
   it('should make simple postgres query and get ready status', () => {
     cy.visit('/')
-    cy.get(`button:contains("${copy.create_report}")`).click()
+    cy.get('button#dekart-create-report').click()
     cy.get('button:contains("Add data from...")').click()
     cy.get('span:contains("SQL query")').click()
     cy.get('textarea').type(copy.simple_pg_query, { force: true })
diff --git a/cypress/e2e/snowflake-s3/cancelQuery.cy.js b/cypress/e2e/snowflake-s3/cancelQuery.cy.js
index 9ccc385..410eaf5 100644
--- a/cypress/e2e/snowflake-s3/cancelQuery.cy.js
+++ b/cypress/e2e/snowflake-s3/cancelQuery.cy.js
@@ -4,7 +4,7 @@ import copy from '../../fixtures/copy.json'
 describe('cancelling query', () => {
   it('should cancels query', () => {
     cy.visit('/')
-    cy.get(`button:contains("${copy.create_report}")`).click()
+    cy.get('button#dekart-create-report').click()
     cy.get('button:contains("Add data from...")').click()
     cy.get('span:contains("SQL query")').click()
     cy.get('textarea').type(copy.simple_snowflake_query, { force: true })
diff --git a/cypress/e2e/snowflake-s3/emptyResult.cy.js b/cypress/e2e/snowflake-s3/emptyResult.cy.js
index fc49748..08361d4 100644
--- a/cypress/e2e/snowflake-s3/emptyResult.cy.js
+++ b/cypress/e2e/snowflake-s3/emptyResult.cy.js
@@ -4,7 +4,7 @@ import copy from '../../fixtures/copy.json'
 describe('empty path', () => {
   it('should complete query returning empty result', () => {
     cy.visit('/')
-    cy.get(`button:contains("${copy.create_report}")`).click()
+    cy.get('button#dekart-create-report').click()
     cy.get('button:contains("Add data from...")').click()
     cy.get('span:contains("SQL query")').click()
     cy.get('textarea').type('SELECT ROUND(uniform(-90::float, 90::float, random()), 6) AS lat, ROUND(uniform(-180::float, 180::float, random()), 6) AS lon FROM TABLE(GENERATOR(ROWCOUNT => 0))', { force: true })
diff --git a/cypress/e2e/snowflake-s3/fork.cy.js b/cypress/e2e/snowflake-s3/fork.cy.js
index 58270b4..a3d1038 100644
--- a/cypress/e2e/snowflake-s3/fork.cy.js
+++ b/cypress/e2e/snowflake-s3/fork.cy.js
@@ -21,9 +21,8 @@ async function getColorAtMapCenter (win) {
 
 describe('fork', () => {
   it('should have same viz style after fork', () => {
-    let originalColor
     cy.visit('/')
-    cy.get(`button:contains("${copy.create_report}")`).click()
+    cy.get('button#dekart-create-report').click()
     cy.get('button:contains("Add data from...")').click()
     cy.get('span:contains("SQL query")').click()
     cy.get('textarea').type('select 0 as lat, 0 as lon', { force: true })
diff --git a/cypress/e2e/snowflake-s3/happyPath.cy.js b/cypress/e2e/snowflake-s3/happyPath.cy.js
index 3473900..14d8b57 100644
--- a/cypress/e2e/snowflake-s3/happyPath.cy.js
+++ b/cypress/e2e/snowflake-s3/happyPath.cy.js
@@ -4,7 +4,7 @@ import copy from '../../fixtures/copy.json'
 describe('happy path', () => {
   it('should make simple snowflake query and get ready status', () => {
     cy.visit('/')
-    cy.get(`button:contains("${copy.create_report}")`).click()
+    cy.get('button#dekart-create-report').click()
     cy.get('button:contains("Add data from...")').click()
     cy.get('span:contains("SQL query")').click()
     cy.get('textarea').type(copy.simple_snowflake_query, { force: true })
diff --git a/cypress/e2e/snowflake-s3/spec.cy.js b/cypress/e2e/snowflake-s3/spec.cy.js
index 0490a98..e914212 100644
--- a/cypress/e2e/snowflake-s3/spec.cy.js
+++ b/cypress/e2e/snowflake-s3/spec.cy.js
@@ -4,7 +4,7 @@ import copy from '../../fixtures/copy.json'
 describe('basic query flow', () => {
   it('should make simple snowflake query and get ready status', () => {
     cy.visit('/')
-    cy.get(`button:contains("${copy.create_report}")`).click()
+    cy.get('button#dekart-create-report').click()
     cy.get('button:contains("Add data from...")').click()
     cy.get('span:contains("SQL query")').click()
     cy.get('textarea').type(copy.simple_snowflake_query, { force: true })
@@ -18,7 +18,7 @@ describe('basic query flow', () => {
 describe('cancelling query', () => {
   it('should cancels query', () => {
     cy.visit('/')
-    cy.get(`button:contains("${copy.create_report}")`).click()
+    cy.get('button#dekart-create-report').click()
     cy.get('button:contains("Add data from...")').click()
     cy.get('span:contains("SQL query")').click()
     cy.get('textarea').type(copy.simple_snowflake_query, { force: true })
diff --git a/cypress/e2e/snowflake/happyPath.cy.js b/cypress/e2e/snowflake/happyPath.cy.js
index ec91be8..764b9f0 100644
--- a/cypress/e2e/snowflake/happyPath.cy.js
+++ b/cypress/e2e/snowflake/happyPath.cy.js
@@ -4,7 +4,7 @@ import copy from '../../fixtures/copy.json'
 describe('happy path', () => {
   it('should make simple snowflake query and get ready status', () => {
     cy.visit('/')
-    cy.get(`button:contains("${copy.create_report}")`).click()
+    cy.get('button#dekart-create-report').click()
     cy.get('textarea').type(copy.simple_snowflake_query, { force: true })
     cy.get(`button:contains("${copy.execute}")`).click()
     cy.get(`span:contains("${copy.ready}")`, { timeout: 20000 }).should('be.visible')
diff --git a/cypress/e2e/snowflake/runAllQueries.cy.js b/cypress/e2e/snowflake/runAllQueries.cy.js
index 01cc2c4..e667988 100644
--- a/cypress/e2e/snowflake/runAllQueries.cy.js
+++ b/cypress/e2e/snowflake/runAllQueries.cy.js
@@ -4,7 +4,7 @@ import copy from '../../fixtures/copy.json'
 describe('run all queries', () => {
   it('should run all queries', () => {
     cy.visit('/')
-    cy.get(`button:contains("${copy.create_report}")`).click()
+    cy.get('button#dekart-create-report').click()
     cy.get('textarea').type('SELECT ROUND(uniform(-90::float, 90::float, random()), 6) AS lat, ROUND(uniform(-180::float, 180::float, random()), 6) AS lon FROM TABLE(GENERATOR(ROWCOUNT => 1000))', { force: true })
     cy.get(`button:contains("${copy.execute}")`).click()
     cy.get(`span:contains("${copy.ready}")`, { timeout: 20000 }).should('be.visible')
diff --git a/cypress/fixtures/copy.json b/cypress/fixtures/copy.json
index c5eda93..9ea72d9 100644
--- a/cypress/fixtures/copy.json
+++ b/cypress/fixtures/copy.json
@@ -1,5 +1,4 @@
 {
-  "create_report": "Report",
   "bigquery_query": "BigQuery query",
   "athena_query": "Athena query",
   "snowflake_query": "Snowflake query",
diff --git a/go.mod b/go.mod
index a3aa9e4..429cbac 100644
--- a/go.mod
+++ b/go.mod
@@ -23,6 +23,7 @@ require (
 )
 
 require (
+	cloud.google.com/go/secretmanager v1.10.0
 	github.com/DATA-DOG/go-sqlmock v1.5.2
 	github.com/snowflakedb/gosnowflake v1.6.22
 	github.com/stretchr/testify v1.8.1
diff --git a/go.sum b/go.sum
index 92f703f..e35a2ee 100644
--- a/go.sum
+++ b/go.sum
@@ -12,6 +12,8 @@ cloud.google.com/go/datacatalog v1.13.0 h1:4H5IJiyUE0X6ShQBqgFFZvGGcrwGVndTwUSLP
 cloud.google.com/go/iam v1.1.0 h1:67gSqaPukx7O8WLLHMa0PNs3EBGd2eE4d+psbO/CO94=
 cloud.google.com/go/iam v1.1.0/go.mod h1:nxdHjaKfCr7fNYx/HJMM8LgiMugmveWlkatear5gVyk=
 cloud.google.com/go/longrunning v0.4.2 h1:WDKiiNXFTaQ6qz/G8FCOkuY9kJmOJGY67wPUC1M2RbE=
+cloud.google.com/go/secretmanager v1.10.0 h1:pu03bha7ukxF8otyPKTFdDz+rr9sE3YauS5PliDXK60=
+cloud.google.com/go/secretmanager v1.10.0/go.mod h1:MfnrdvKMPNra9aZtQFvBcvRU54hbPD8/HayQdlUgJpU=
 cloud.google.com/go/storage v1.30.1 h1:uOdMxAs8HExqBlnLtnQyP0YkvbiDpdGShGKtx6U/oNM=
 cloud.google.com/go/storage v1.30.1/go.mod h1:NfxhC0UJE1aXSx7CIIbCf7y9HKT7BiccwkR7+P7gN8E=
 dmitri.shuralyov.com/gpu/mtl v0.0.0-20190408044501-666a987793e9/go.mod h1:H6x//7gZCb22OMCxBHrMx7a5I7Hp++hsVxbQ4BYO7hU=
diff --git a/migrations/000023__cloud_snowflake_connection.up.sql b/migrations/000023__cloud_snowflake_connection.up.sql
new file mode 100644
index 0000000..496d2cf
--- /dev/null
+++ b/migrations/000023__cloud_snowflake_connection.up.sql
@@ -0,0 +1,6 @@
+ALTER TABLE connections
+ADD COLUMN connection_type INT default 1,
+ADD COLUMN snowflake_account_id text default NULL,
+ADD COLUMN snowflake_username text default NULL,
+ADD COLUMN snowflake_password_encrypted text default NULL,
+ADD COLUMN snowflake_warehouse text default NULL;
diff --git a/proto/dekart.proto b/proto/dekart.proto
index 41999a8..a9e7064 100644
--- a/proto/dekart.proto
+++ b/proto/dekart.proto
@@ -80,8 +80,6 @@ message GetUserStreamResponse {
     StreamOptions stream_options = 1;
     int64 connection_update = 2;
     string email = 3; // user email used to show user icon in UI
-    bool sensitive_scopes_granted = 4; // user has granted sensitive scopes
-    bool sensitive_scopes_granted_once = 5; // user has granted sensitive scopes at least once, now we request all scopes at once
 }
 
 message TestConnectionRequest {
@@ -127,6 +125,22 @@ message Connection {
     int64 updated_at = 8;
     int64 dataset_count = 9;
     bool can_store_files = 10;
+    enum ConnectionType {
+        CONNECTION_TYPE_UNSPECIFIED = 0;
+        CONNECTION_TYPE_BIGQUERY = 1;
+        CONNECTION_TYPE_SNOWFLAKE = 2;
+    }
+    ConnectionType connection_type = 11;
+    string snowflake_account_id = 12;
+    string snowflake_username = 13;
+    Secret snowflake_password = 14;
+    string snowflake_warehouse = 15;
+}
+
+message Secret {
+    string client_encrypted = 1; // encrypted with client key
+    string server_encrypted = 2; // encrypted with server key
+    int32 length = 3; // length of the password for placeholder
 }
 
 message GetUsageRequest {}
@@ -180,6 +194,10 @@ message GetEnvResponse {
             TYPE_UX_ACCESS_ERROR_INFO_HTML = 13;
             TYPE_UX_NOT_FOUND_ERROR_INFO_HTML = 14;
             TYPE_UX_SAMPLE_QUERY_SQL = 15;
+            TYPE_AES_KEY = 16;
+            TYPE_AES_IV = 17;
+            TYPE_AUTH_ENABLED = 18;
+            TYPE_USER_DEFINED_CONNECTION = 19;
         }
         Type type = 1;
         string value = 2;
@@ -191,6 +209,7 @@ message GetEnvResponse {
 message RedirectState {
     string token_json = 1;
     string error  = 2;
+    bool sensitive_scopes_granted = 3; // if true, sensitive scope are granted
 }
 
 // AuthState is used to pass state between UI, auth endpoint and Google OAuth via redirect
@@ -238,6 +257,8 @@ message Report {
     bool is_author = 9; // user is the author of the report
     int64 created_at = 10;
     int64 updated_at = 11;
+    bool is_sharable = 12; // can be shared with other users (depends where result is stored)
+    bool need_sensitive_scope = 13; // need sensitive scope to run queries and read results
 }
 
 message Dataset {
@@ -261,7 +282,7 @@ message Query {
         JOB_STATUS_PENDING = 1;
         JOB_STATUS_RUNNING = 2;
         JOB_STATUS_DONE_LEGACY = 3;  // legacy for backwards compatibility
-        JOB_STATUS_READING_RESULTS = 4; // job is done proccessing results
+        JOB_STATUS_READING_RESULTS = 4; // job is done processing results
         JOB_STATUS_DONE = 5;
     }
 
diff --git a/src/client/App.js b/src/client/App.js
index 3e2e6d1..fe55c57 100644
--- a/src/client/App.js
+++ b/src/client/App.js
@@ -19,6 +19,7 @@ import { authRedirect, setRedirectState } from './actions/redirect'
 import { subscribeUserStream, unsubscribeUserStream } from './actions/user'
 import GrantScopesPage from './GrantScopesPage'
 import { loadLocalStorage } from './actions/localStorage'
+import { loadSessionStorage } from './actions/sessionStorage'
 
 // RedirectState reads states passed in the URL from the server
 function RedirectState () {
@@ -50,11 +51,10 @@ function AppRedirect () {
   const httpError = useSelector(state => state.httpError)
   const { status, doNotAuthenticate } = httpError
   const { newReportId } = useSelector(state => state.reportStatus)
-  const userStream = useSelector(state => state.user.stream)
-  const needSensitiveScopes = useSelector(state => state.env.needSensitiveScopes)
-  const sensitiveScopesGranted = userStream?.sensitiveScopesGranted
+  const sensitiveScopesNeeded = useSelector(state => state.user.sensitiveScopesNeeded)
+  const sensitiveScopesGranted = useSelector(state => state.user.sensitiveScopesGranted)
   const sensitiveScopesGrantedOnce = useSelector(state => state.user.sensitiveScopesGrantedOnce)
-  const location = useLocation()
+  const redirectStateReceived = useSelector(state => state.user.redirectStateReceived)
   const dispatch = useDispatch()
 
   useEffect(() => {
@@ -62,17 +62,17 @@ function AppRedirect () {
       const state = new AuthState()
       state.setUiUrl(window.location.href)
       state.setAction(AuthState.Action.ACTION_REQUEST_CODE)
-      state.setSensitiveScope(sensitiveScopesGrantedOnce) // if user has granted sensitive scopes once, request them right away without onboarding
+      state.setSensitiveScope(sensitiveScopesGranted || sensitiveScopesGrantedOnce) // if user has granted sensitive scopes on this device request token with sensitive scopes
       dispatch(authRedirect(state))
     }
-  }, [status, doNotAuthenticate, dispatch, sensitiveScopesGrantedOnce])
+  }, [status, doNotAuthenticate, dispatch, sensitiveScopesGrantedOnce, sensitiveScopesGranted])
 
   if (status === 401 && doNotAuthenticate === false) {
     // redirect to authentication endpoint from useEffect above
     return null
   }
 
-  if (httpError.status && location.pathname !== `/${httpError.status}`) {
+  if (httpError.status) {
     return <Redirect to={`/${httpError.status}`} push />
   }
 
@@ -80,7 +80,9 @@ function AppRedirect () {
     return <Redirect to={`/reports/${newReportId}/source`} push />
   }
 
-  if (userStream && needSensitiveScopes && !sensitiveScopesGranted) {
+  if (
+    redirectStateReceived && sensitiveScopesNeeded && !sensitiveScopesGranted
+  ) {
     return <Redirect to='/grant-scopes' push />
   }
 
@@ -100,40 +102,60 @@ function PageHistory ({ visitedPages }) {
   return null
 }
 
+function NotFoundPage () {
+  return (
+    <Result
+      icon={<QuestionOutlined />} title='404' subTitle={
+        <>
+          <p>Page not found</p>
+        </>
+      }
+    />
+  )
+}
+
 export default function App () {
   const errorMessage = useSelector(state => state.httpError.message)
   const status = useSelector(state => state.httpError.status)
   const env = useSelector(state => state.env)
-  const usage = useSelector(state => state.usage)
+  const envLoaded = env.loaded
   const userDefinedConnection = useSelector(state => state.connection.userDefined)
   const dispatch = useDispatch()
   const visitedPages = React.useRef(['/'])
+  const storageLoaded = useSelector(state => state.storage.loaded)
+  const page401 = window.location.pathname.startsWith('/401')
 
   useEffect(() => {
+    dispatch(loadSessionStorage())
     dispatch(loadLocalStorage())
   }, [dispatch])
 
   useEffect(() => {
-    if (window.location.pathname.startsWith('/401')) {
-      // do not load env and usage on 401 page
+    if (page401 || envLoaded) {
       return
     }
-    if (status === 401) {
+    dispatch(getEnv())
+  }, [dispatch, page401, envLoaded])
+
+  // do not call API until storage is loaded and environment is loaded and not 401
+  const loadData = storageLoaded && env.loaded && status !== 401
+
+  useEffect(() => {
+    if (!loadData) {
       return
     }
-    if (!env.loaded) {
-      dispatch(getEnv())
-    }
-    if (!usage.loaded) {
-      dispatch(getUsage())
-    }
-  }, [env, usage, dispatch, status])
-  useEffect(() => {
     dispatch(subscribeUserStream())
+    dispatch(getUsage())
     return () => {
       dispatch(unsubscribeUserStream())
     }
-  }, [dispatch])
+  }, [dispatch, loadData])
+
+  // do not render until storage is loaded and environment is loaded
+  const startRender = loadData || page401 || status === 401
+  if (!startRender) {
+    return null
+  }
   return (
     <Router>
       <PageHistory visitedPages={visitedPages} />
@@ -170,7 +192,7 @@ export default function App () {
           <Result icon={<WarningOutlined />} title='401' subTitle={errorMessage || 'Unauthorized'} />
         </Route>
         <Route path='*'>
-          <Result icon={<QuestionOutlined />} title='404' subTitle='Page not found' />
+          <NotFoundPage />
         </Route>
       </Switch>
     </Router>
diff --git a/src/client/ConnectionModal.js b/src/client/ConnectionModal.js
index 90f00b0..8d549d4 100644
--- a/src/client/ConnectionModal.js
+++ b/src/client/ConnectionModal.js
@@ -5,26 +5,26 @@ import { useSelector, useDispatch } from 'react-redux'
 import Button from 'antd/es/button'
 import styles from './ConnectionModal.module.css'
 import { useEffect } from 'react'
-import { archiveConnection, closeConnectionDialog, connectionChanged, saveConnection, testConnection } from './actions/connection'
+import { archiveConnection, closeConnectionDialog, connectionChanged, reOpenDialog, saveConnection, testConnection } from './actions/connection'
 import { CheckCircleTwoTone, ExclamationCircleTwoTone, LoadingOutlined } from '@ant-design/icons'
 import Tooltip from 'antd/es/tooltip'
 import AutoComplete from 'antd/es/auto-complete'
 import Alert from 'antd/es/alert'
+import { Connection } from '../proto/dekart_pb'
+import { DatasourceIcon } from './Datasource'
 
-function Footer ({ form }) {
+function Footer ({ form, testDisabled }) {
   const { dialog, test } = useSelector(state => state.connection)
   const { tested, testing, error: testError, success: testSuccess } = test
-  const { id, loading } = dialog
-
-  const connection = useSelector(state => state.connection.list.find(s => s.id === id))
+  const { id, loading, connectionType } = dialog
 
   const dispatch = useDispatch()
 
   return (
     <div className={styles.modalFooter}>
       <Button
-        type='primary' disabled={testing || tested} loading={testing} onClick={() => {
-          dispatch(testConnection(form.getFieldsValue()))
+        type='primary' disabled={testing || tested || testDisabled} loading={testing} onClick={() => {
+          dispatch(testConnection(connectionType, form.getFieldsValue()))
         }}
       >
         Test Connection
@@ -37,10 +37,9 @@ function Footer ({ form }) {
       <div className={styles.spacer} />
       <Button
         id='saveConnection'
-        type={tested && testSuccess ? 'primary' : 'default'} disabled={!tested || loading} danger={connection?.datasetCount > 0} onClick={() => {
-          dispatch(saveConnection(id, form.getFieldsValue()))
+        type={tested && testSuccess ? 'primary' : 'default'} disabled={(!tested || loading) && !testDisabled} onClick={() => {
+          dispatch(saveConnection(id, connectionType, form.getFieldsValue()))
         }}
-        title={connection?.datasetCount > 0 ? 'This connection is used in dataset. Modifying it may lead to errors in reports. Consider creating new connection and archiving this one' : 'Save connection'}
       >
         Save
       </Button>
@@ -51,39 +50,87 @@ function Footer ({ form }) {
   )
 }
 
-export default function ConnectionModal () {
-  const { dialog, projects } = useSelector(state => state.connection)
-  const { visible, id, loading } = dialog
-
-  const env = useSelector(state => state.env)
-  const { BIGQUERY_PROJECT_ID, CLOUD_STORAGE_BUCKET } = env.variables
-
+function SnowflakeConnectionModal ({ form }) {
+  const { dialog } = useSelector(state => state.connection)
+  const { id, loading } = dialog
+  const dispatch = useDispatch()
   const connection = useSelector(state => state.connection.list.find(s => s.id === id))
+  const datasetUsed = connection?.datasetCount > 0
+  const passwordChanged = form.getFieldValue('snowflakePassword') !== connection?.snowflakePassword
 
+  return (
+    <Modal
+      open
+      title={<><DatasourceIcon type={Connection.ConnectionType.CONNECTION_TYPE_SNOWFLAKE} /> Snowflake</>}
+      onCancel={() => dispatch(closeConnectionDialog())}
+      footer={<Footer form={form} testDisabled={!passwordChanged} />}
+    >
+      <div className={styles.modalBody}>
+        <Form
+          form={form}
+          disabled={loading}
+          layout='vertical' onValuesChange={(changedValues, allValues) => {
+            if (changedValues.snowflakeAccountId) {
+              const snowflakeAccountId = changedValues.snowflakeAccountId
+              form.setFieldsValue({
+                snowflakeAccountId: snowflakeAccountId.replace('.', '-')
+              })
+            }
+            dispatch(connectionChanged())
+          }}
+        >
+          {datasetUsed ? <div className={styles.datasetsCountAlert}><Alert message={<>This connection is used in {connection.datasetCount} dataset{connection.datasetCount > 1 ? 's' : ''}.</>} description='Changing make cause report errors' type='warning' /></div> : null}
+          <Form.Item label='Connection Name' required name='connectionName'>
+            <Input placeholder='Snowflake' />
+          </Form.Item>
+          <Form.Item
+            required label='Snowflake Account ID' name='snowflakeAccountId' extra={
+              <><a href='https://docs.snowflake.com/en/user-guide/admin-account-identifier#using-an-account-name-as-an-identifier' target='_blank' rel='noreferrer'>Snowflake Account Identifier</a> that your Snowflake cluster is running.</>
+            }
+          >
+            <Input placeholder='ORGNAME-ACCOUNT_NAME' />
+          </Form.Item>
+          <Form.Item required label='Snowflake Username' name='snowflakeUsername' extra='The database username for the account that you want to use to connect to your database.'>
+            <Input placeholder='USERNAME' />
+          </Form.Item>
+          <Form.Item required label='Snowflake Password' name='snowflakePassword' extra={<>The password for the username that you use to connect to the database.</>}>
+            <Input.Password
+              placeholder='PASSWORD' visibilityToggle={passwordChanged} onFocus={() => {
+                if (!passwordChanged) {
+                  form.setFieldsValue({ snowflakePassword: '' })
+                }
+              }} onBlur={() => {
+                if (form.getFieldValue('snowflakePassword') === '') {
+                  form.setFieldsValue({ snowflakePassword: connection?.snowflakePassword })
+                }
+              }}
+            />
+          </Form.Item>
+          <Form.Item label='Snowflake Warehouse' name='snowflakeWarehouse' extra='Optional: Snowflake warehouse. If the user lacks a default warehouse, you’ll need to enter the warehouse to connect to.'>
+            <Input />
+          </Form.Item>
+        </Form>
+      </div>
+    </Modal>
+  )
+}
+function BigQueryConnectionModal ({ form }) {
+  const { dialog, projects } = useSelector(state => state.connection)
+  const env = useSelector(state => state.env)
+  const { DEKART_STORAGE } = env.variables
+  const { id, loading } = dialog
   const dispatch = useDispatch()
-  const [form] = Form.useForm()
+  const connection = useSelector(state => state.connection.list.find(s => s.id === id))
 
-  useEffect(() => {
-    if (connection) {
-      form.setFieldsValue(connection)
-    }
-    if (BIGQUERY_PROJECT_ID) {
-      form.setFieldsValue({ bigqueryProjectId: BIGQUERY_PROJECT_ID })
-    }
-    if (CLOUD_STORAGE_BUCKET) {
-      form.setFieldsValue({ cloudStorageBucket: CLOUD_STORAGE_BUCKET })
-    }
-  }, [connection, BIGQUERY_PROJECT_ID, CLOUD_STORAGE_BUCKET, form])
+  // only name can be changed for connections used in datasets
+  const nameChangeOnly = connection?.datasetCount > 0
 
-  if (!visible) {
-    return null
-  }
   return (
     <Modal
       open
-      title='BigQuery'
+      title={<><DatasourceIcon type={Connection.ConnectionType.CONNECTION_TYPE_BIGQUERY} /> BigQuery</>}
       onCancel={() => dispatch(closeConnectionDialog())}
-      footer={<Footer form={form} />}
+      footer={<Footer form={form} testDisabled={nameChangeOnly} />}
     >
       <div className={styles.modalBody}>
         <Form
@@ -91,44 +138,87 @@ export default function ConnectionModal () {
           disabled={loading}
           layout='vertical' onValuesChange={(changedValues, allValues) => {
             if (changedValues.bigqueryProjectId || changedValues.cloudStorageBucket) {
-              dispatch(connectionChanged(allValues))
+              dispatch(connectionChanged())
             }
             if (changedValues.bigqueryProjectId && !allValues.connectionName) {
               form.setFieldsValue({ connectionName: changedValues.bigqueryProjectId })
             }
           }}
         >
-          {connection?.datasetCount > 0 ? <div className={styles.datasetsCountAlert}><Alert message={<>Danger zone! This connection is used in {connection.datasetCount} dataset{connection.datasetCount > 1 ? 's' : ''}.</>} description='Modifying it may lead to queries and results not being found in reports. Consider creating new connection and archiving this one. Modifying name is safe.' type='error' /></div> : null}
+          {nameChangeOnly ? <div className={styles.datasetsCountAlert}><Alert message={<>This connection is used in {connection.datasetCount} dataset{connection.datasetCount > 1 ? 's' : ''}.</>} description='Only the name can be changed.' type='warning' /></div> : null}
           <Form.Item
             label='Project ID' extra={(() => {
-              if (projects && !BIGQUERY_PROJECT_ID) {
+              if (projects) {
                 return projects.length ? 'Click to select you BigQuery project ID' : <>→ <a target='_blank' href='https://dekart.xyz/docs/configuration/environment-variables/?ref=no-gcp-project#user-authorization-via-google-oauth-20-flow' rel='noreferrer'>Ensure your account has access to the Google Cloud Project</a></>
               }
               return <LoadingOutlined />
             })()} required name='bigqueryProjectId'
           >
-            {
-              projects?.length > 0 && !BIGQUERY_PROJECT_ID
-                ? (
-                  <AutoComplete
-                    options={(projects || []).map(project => ({ value: project, label: project }))}
-                  // suffixIcon={<DownOutlined />}
-                    showArrow
-                    filterOption={(inputValue, option) => option.value.toUpperCase().indexOf(inputValue.toUpperCase()) !== -1}
-                  />
-
-                  )
-                : <Input readOnly={BIGQUERY_PROJECT_ID} />
-              }
+            <AutoComplete
+              options={(projects || []).map(project => ({ value: project, label: project }))}
+              // suffixIcon={<DownOutlined />}
+              showArrow
+              disabled={nameChangeOnly}
+              filterOption={(inputValue, option) => option.value.toUpperCase().indexOf(inputValue.toUpperCase()) !== -1}
+            />
           </Form.Item>
           <Form.Item label='Connection Name' required name='connectionName'>
             <Input />
           </Form.Item>
-          <Form.Item label='Optional: query cache bucket' extra={<>Google Cloud Storage bucket to permanently cache query results. When not provided, query results are read from <a href='https://cloud.google.com/bigquery/docs/cached-results' target='_blank' rel='noreferrer'>BigQuery result cache</a></>} name='cloudStorageBucket'>
-            <Input placeholder='my-gcs-bucket' readOnly={CLOUD_STORAGE_BUCKET} />
-          </Form.Item>
+          {DEKART_STORAGE === 'USER'
+            ? (
+              <Form.Item label='Optional: Storage Bucket' extra={<>Google Cloud Storage bucket to permanently cache query results. Required to share map with other users.</>} name='cloudStorageBucket'>
+                <Input placeholder='my-gcs-bucket' disabled={nameChangeOnly} />
+              </Form.Item>
+              )
+            : (
+              <Form.Item label='Storage Bucket' required extra={<>Google Cloud Storage bucket to permanently cache query results.</>} name='cloudStorageBucket'>
+                <Input placeholder='my-gcs-bucket' disabled={nameChangeOnly} />
+              </Form.Item>
+              )}
+
         </Form>
       </div>
     </Modal>
   )
 }
+
+export default function ConnectionModal () {
+  const { dialog } = useSelector(state => state.connection)
+  const { visible, id, connectionType } = dialog
+  const dispatch = useDispatch()
+
+  useEffect(() => {
+    dispatch(reOpenDialog())
+  }, [dispatch])
+
+  const env = useSelector(state => state.env)
+  const { BIGQUERY_PROJECT_ID, CLOUD_STORAGE_BUCKET } = env.variables
+
+  const connection = useSelector(state => state.connection.list.find(s => s.id === id))
+
+  const [form] = Form.useForm()
+
+  useEffect(() => {
+    if (connection) {
+      form.setFieldsValue(connection)
+    }
+    if (BIGQUERY_PROJECT_ID) {
+      form.setFieldsValue({ bigqueryProjectId: BIGQUERY_PROJECT_ID })
+    }
+    if (CLOUD_STORAGE_BUCKET) {
+      form.setFieldsValue({ cloudStorageBucket: CLOUD_STORAGE_BUCKET })
+    }
+  }, [connection, BIGQUERY_PROJECT_ID, CLOUD_STORAGE_BUCKET, form])
+
+  if (!visible) {
+    return null
+  }
+  switch (connectionType) {
+    case Connection.ConnectionType.CONNECTION_TYPE_SNOWFLAKE:
+      return <SnowflakeConnectionModal form={form} />
+    case Connection.ConnectionType.CONNECTION_TYPE_BIGQUERY:
+    default:
+      return <BigQueryConnectionModal form={form} />
+  }
+}
diff --git a/src/client/Dataset.js b/src/client/Dataset.js
index 9e3ffa0..6161d80 100644
--- a/src/client/Dataset.js
+++ b/src/client/Dataset.js
@@ -8,8 +8,7 @@ import { createQuery } from './actions/query'
 import { createFile } from './actions/file'
 import Dropdown from 'antd/es/dropdown'
 import { ConsoleSqlOutlined, UploadOutlined, MoreOutlined } from '@ant-design/icons'
-import ConnectionModal from './ConnectionModal'
-import Datasource from './Datasource'
+import { Datasource } from './Datasource'
 import { updateDatasetConnection } from './actions/dataset'
 import { useHistory } from 'react-router-dom/cjs/react-router-dom'
 
@@ -71,6 +70,7 @@ function DatasetSelector ({ dataset }) {
   const env = useSelector(state => state.env)
   const userDefinedConnection = useSelector(state => state.connection.userDefined)
   const connectionList = useSelector(state => state.connection.list)
+  const selectedConnection = connectionList.find(c => c.id === dataset.connectionId)
   const history = useHistory()
   if (!env.loaded) {
     return null
@@ -85,7 +85,7 @@ function DatasetSelector ({ dataset }) {
         {userDefinedConnection
           ? (
             <>
-              <Datasource />
+              <Datasource connection={selectedConnection} />
               <div className={styles.datasource}>
                 <Select
                   placeholder='Select connection'
@@ -110,7 +110,6 @@ function DatasetSelector ({ dataset }) {
                   }}
                   />
               </div>
-              <ConnectionModal />
             </>
             )
           : <DatasetTypeSelector dataset={dataset} />}
diff --git a/src/client/Datasource.js b/src/client/Datasource.js
index c9b02b8..19c5f22 100644
--- a/src/client/Datasource.js
+++ b/src/client/Datasource.js
@@ -1,15 +1,21 @@
 import { useSelector } from 'react-redux'
 import styles from './Datasource.module.css'
 import { getDatasourceMeta } from './lib/datasource'
+import classNames from 'classnames'
 
-export default function Datasource () {
+export function Datasource ({ connection }) {
   const env = useSelector(state => state.env)
   if (!env.loaded) {
     return null
   }
   const { DATASOURCE } = env.variables
 
-  const { style } = getDatasourceMeta(DATASOURCE)
+  let { style } = getDatasourceMeta(DATASOURCE)
+
+  if (connection) {
+    const { connectionType } = connection
+    style = getDatasourceMeta(connectionType).style
+  }
 
   return (
     <div className={styles.datasource}>
@@ -17,3 +23,14 @@ export default function Datasource () {
     </div>
   )
 }
+
+export function DatasourceIcon ({ type }) {
+  return (
+    <span className={classNames(
+      styles.datasourceIcon,
+      'anticon',
+      styles[getDatasourceMeta(type).style]
+    )}
+    />
+  )
+}
diff --git a/src/client/Datasource.module.css b/src/client/Datasource.module.css
index 823d60c..b1c1e66 100644
--- a/src/client/Datasource.module.css
+++ b/src/client/Datasource.module.css
@@ -19,4 +19,12 @@
 
 .athena {
     background-image: url('./athena.svg');
-}
\ No newline at end of file
+}
+
+.datasourceIcon {
+    width: 1em;
+    height: 1em;
+    display: inline-block;
+    color: #57B7D3;
+    background-size: contain;
+}
diff --git a/src/client/DekartMenu.js b/src/client/DekartMenu.js
index 9a3a13c..6ddb660 100644
--- a/src/client/DekartMenu.js
+++ b/src/client/DekartMenu.js
@@ -1,7 +1,7 @@
 import Menu from 'antd/es/menu'
 import styles from './DekartMenu.module.css'
 import { useDispatch, useSelector } from 'react-redux'
-import { getRef } from './lib/ref'
+import { getUrlRef } from './lib/ref'
 import { MenuOutlined, MessageOutlined } from '@ant-design/icons'
 import { Link } from 'react-router-dom/cjs/react-router-dom'
 import { createReport } from './actions/report'
@@ -9,23 +9,33 @@ import { createReport } from './actions/report'
 export default function DekartMenu () {
   const env = useSelector(state => state.env)
   const usage = useSelector(state => state.usage)
+  const userDefinedConnection = useSelector(state => state.connection.userDefined)
   const dispatch = useDispatch()
   const { authEnabled } = env
-  const userDefinedConnection = useSelector(state => state.connection.userDefined)
-  const ref = getRef(env, usage)
+  const ref = getUrlRef(env, usage)
   return (
     <div className={styles.dekartMenu}>
       <Menu mode='horizontal' theme='dark'>
-        <Menu.SubMenu popupClassName={styles.subMenu} title={<MenuOutlined />} key='home' active='yes' href='/'>
-          <Menu.Item key='my'>
-            <Link to='/'>{authEnabled ? 'My Reports' : 'Reports'}</Link>
-          </Menu.Item>
-          <Menu.Item key='shared' disabled={!authEnabled}>
-            <Link to='/shared'>Shared reports</Link>
-          </Menu.Item>
-          {userDefinedConnection
-            ? <Menu.Item key='connections'><Link to='/connections'>Connections</Link></Menu.Item>
-            : null}
+        <Menu.SubMenu
+          popupClassName={styles.subMenu} title={<MenuOutlined />} key='home' active='yes'
+        >
+          {authEnabled
+            ? (
+              <>
+                <Menu.Item key='my'>
+                  <Link to='/'>My Reports</Link>
+                </Menu.Item>
+                <Menu.Item key='shared'>
+                  <Link to='/shared'>Shared reports</Link>
+                </Menu.Item>
+              </>
+              )
+            : (
+              <Menu.Item key='reports'>
+                <Link to='/'>Reports</Link>
+              </Menu.Item>
+              )}
+          {userDefinedConnection ? (<Menu.Item key='connections'><Link to='/connections'>Connections</Link></Menu.Item>) : null}
           <Menu.Divider />
           <Menu.Item key='create' onClick={() => dispatch(createReport())}>New Report</Menu.Item>
         </Menu.SubMenu>
diff --git a/src/client/GrantScopesPage.js b/src/client/GrantScopesPage.js
index 7f3c33f..68112f6 100644
--- a/src/client/GrantScopesPage.js
+++ b/src/client/GrantScopesPage.js
@@ -14,13 +14,12 @@ function getLastPage (visitedPages) {
 
 export default function GrantScopesPage ({ visitedPages }) {
   const dispatch = useDispatch()
-  const userStream = useSelector(state => state.user.stream)
+  const sensitiveScopesGranted = useSelector(state => state.user.sensitiveScopesGranted)
   const sensitiveScopesGrantedOnce = useSelector(state => state.user.sensitiveScopesGrantedOnce)
 
   useEffect(() => {
     if (
-      !userStream || // userStream is not yet loaded
-      userStream.sensitiveScopesGranted // user has already granted sensitive scopes
+      sensitiveScopesGranted // user has already granted sensitive scopes
     ) {
       return
     }
@@ -28,13 +27,9 @@ export default function GrantScopesPage ({ visitedPages }) {
       dispatch(requestSensitiveScopes(getLastPage(visitedPages)))
     }
   }
-  , [dispatch, userStream, visitedPages, sensitiveScopesGrantedOnce])
+  , [dispatch, sensitiveScopesGranted, visitedPages, sensitiveScopesGrantedOnce])
 
-  if (!userStream) {
-    return null
-  }
-
-  if (userStream.sensitiveScopesGranted) {
+  if (sensitiveScopesGranted) {
     // user shouldn't be here
     return <Redirect to='/' push />
   }
diff --git a/src/client/Header.js b/src/client/Header.js
index 84b584e..27200e8 100644
--- a/src/client/Header.js
+++ b/src/client/Header.js
@@ -1,7 +1,7 @@
 import styles from './Header.module.css'
 import { useDispatch, useSelector } from 'react-redux'
 import DekartMenu from './DekartMenu'
-import { getRef } from './lib/ref'
+import { getUrlRef } from './lib/ref'
 import Avatar from 'antd/es/avatar'
 import Dropdown from 'antd/es/dropdown'
 import { AuthState } from '../proto/dekart_pb'
@@ -23,10 +23,37 @@ function getSignature (email) {
 function User ({ buttonDivider }) {
   const token = useSelector(state => state.token)
   const userStream = useSelector(state => state.user.stream)
+  const { authEnabled } = useSelector(state => state.env)
   const dispatch = useDispatch()
-  if (!userStream || !token) {
+  if (!userStream || !authEnabled) {
     return null
   }
+  const items = [{
+    label: userStream && userStream.email,
+    disabled: true
+  }]
+  if (token) {
+    items.push({
+      label: 'Switch account',
+      onClick: () => {
+        const state = new AuthState()
+        state.setUiUrl(window.location.href)
+        state.setAction(AuthState.Action.ACTION_REQUEST_CODE)
+        state.setSwitchAccount(true)
+        dispatch(authRedirect(state))
+      }
+    })
+    items.push({
+      label: 'Sign out',
+      onClick: () => {
+        const state = new AuthState()
+        state.setUiUrl(window.location.href)
+        state.setAction(AuthState.Action.ACTION_REVOKE)
+        state.setAccessTokenToRevoke(token.access_token)
+        dispatch(authRedirect(state))
+      }
+    })
+  }
   return (
     <div className={classNames(
       styles.user,
@@ -34,37 +61,9 @@ function User ({ buttonDivider }) {
     )}
     >
       <Dropdown
-        overlayClassName={styles.userDropdown} menu={{
-          items: [
-            {
-              label: userStream && userStream.email,
-              disabled: true
-            },
-            {
-              label: 'Switch account',
-              onClick: () => {
-                const state = new AuthState()
-                state.setUiUrl(window.location.href)
-                state.setAction(AuthState.Action.ACTION_REQUEST_CODE)
-                state.setSwitchAccount(true)
-                dispatch(authRedirect(state))
-              }
-            },
-            {
-              label: 'Sign out',
-              onClick: () => {
-                const state = new AuthState()
-                state.setUiUrl(window.location.href)
-                state.setAction(AuthState.Action.ACTION_REVOKE)
-                state.setAccessTokenToRevoke(token.access_token)
-                dispatch(authRedirect(state))
-              }
-            }
-          ]
-        }}
-      ><Avatar>{getSignature(userStream && userStream.email)}</Avatar>
+        overlayClassName={styles.userDropdown} menu={{ items }}
+      ><Avatar>{getSignature(userStream.email)}</Avatar>
       </Dropdown>
-
     </div>
   )
 }
@@ -74,7 +73,7 @@ export function Header ({ buttons, title }) {
   const usage = useSelector(state => state.usage)
   let homePage
   if (env.loaded && usage.loaded) {
-    homePage = env.variables.UX_HOMEPAGE + '?ref=' + getRef(env, usage)
+    homePage = env.variables.UX_HOMEPAGE + '?ref=' + getUrlRef(env, usage)
   }
   return (
     <div className={styles.header}>
diff --git a/src/client/HomePage.js b/src/client/HomePage.js
index d3ce19f..a7cec73 100644
--- a/src/client/HomePage.js
+++ b/src/client/HomePage.js
@@ -6,16 +6,19 @@ import Radio from 'antd/es/radio'
 import Result from 'antd/es/result'
 import Table from 'antd/es/table'
 import { useDispatch, useSelector } from 'react-redux'
-import { PlusOutlined, FileSearchOutlined, GiftOutlined, UsergroupAddOutlined, ApiTwoTone } from '@ant-design/icons'
+import { PlusOutlined, FileSearchOutlined, UsergroupAddOutlined, ApiTwoTone, GiftOutlined, LockOutlined, TeamOutlined } from '@ant-design/icons'
 import DataDocumentationLink from './DataDocumentationLink'
-import { getRef } from './lib/ref'
+import { getUrlRef } from './lib/ref'
 import Switch from 'antd/es/switch'
 import { archiveReport, subscribeReports, unsubscribeReports, createReport } from './actions/report'
-import { testVersion } from './actions/version'
-import { editConnection, newConnection, setDefaultConnection } from './actions/connection'
+import { editConnection, newConnection, newConnectionScreen, setDefaultConnection } from './actions/connection'
 import ConnectionModal from './ConnectionModal'
 import Tooltip from 'antd/es/tooltip'
 import { useHistory } from 'react-router-dom/cjs/react-router-dom'
+import { Connection } from '../proto/dekart_pb'
+import Onboarding from './Onboarding'
+import { DatasourceIcon } from './Datasource'
+import { testVersion } from './actions/version'
 
 function Loading () {
   return null
@@ -39,6 +42,16 @@ function ArchiveReportButton ({ report }) {
 }
 
 const columns = [
+  {
+    dataIndex: 'icon',
+    render: (t, report) => {
+      if (report.discoverable) {
+        return <TeamOutlined title='This report is discoverable by others users in the workspace' />
+      }
+      return <LockOutlined title='This is visible only to you' />
+    },
+    className: styles.iconColumn
+  },
   {
     dataIndex: 'title',
     render: (t, report) => <a href={`/reports/${report.id}`}>{report.title}</a>,
@@ -70,6 +83,11 @@ const columns = [
     render: (t, connection) => <OpenConnectionButton connection={connection} />,
     className: styles.titleColumn
   },
+  {
+    dataIndex: 'connectionIcon',
+    render: (t, connection) => <DatasourceIcon type={connection.connectionType} />,
+    className: styles.iconColumn
+  },
   {
     dataIndex: 'setDefault',
     render: (t, connection) => <SetDefault connection={connection} />,
@@ -104,7 +122,7 @@ function OpenConnectionButton ({ connection }) {
     <Button
       type='link'
       onClick={() => {
-        dispatch(editConnection(connection.id))
+        dispatch(editConnection(connection.id, connection.connectionType))
       }}
     >{connection.connectionName}
     </Button>
@@ -115,16 +133,19 @@ function filterColumns (filter) {
   return filter.map(f => columns.find(c => c.dataIndex === f))
 }
 
-function getColumns (reportFilter, archived) {
+function getColumns (reportFilter, archived, authEnabled) {
   if (reportFilter === 'my') {
     if (archived) {
       return filterColumns(['archivedTitle', 'delete'])
     }
+    if (authEnabled) {
+      return filterColumns(['icon', 'title', 'delete'])
+    }
     return filterColumns(['title', 'delete'])
   } else if (reportFilter === 'connections') {
-    return filterColumns(['connectionName', 'author', 'setDefault'])
+    return filterColumns(['connectionIcon', 'connectionName', 'author', 'setDefault'])
   } else {
-    return filterColumns(['title', 'author'])
+    return filterColumns(['icon', 'title', 'author'])
   }
 }
 
@@ -135,24 +156,60 @@ function FirstReportOnboarding () {
       <Result
         status='success'
         title='You are all set'
-        subTitle='Get ready to create you first map with Dekart'
-        extra={<Button icon={<PlusOutlined />} type='primary' onClick={() => dispatch(createReport())}>Create Report</Button>}
+        subTitle='Everything is ready to create you first map.'
+        extra={(
+          <>
+            <Button icon={<PlusOutlined />} id='dekart-create-report' type='primary' onClick={() => dispatch(createReport())}>Create report</Button>
+          </>
+        )}
       />
       <DataDocumentationLink />
     </>
   )
 }
 
-function FirstConnectionOnboarding () {
+// selects between Google Cloud and Snowflake
+function ConnectionTypeSelector () {
+  const connectionList = useSelector(state => state.connection.list)
+  const { DATASOURCE } = useSelector(state => state.env.variables)
+  const showCancel = connectionList.length > 0 // show cancel button if there are connections
   const dispatch = useDispatch()
+  return (
+    <>
+      {
+        DATASOURCE === 'USER'
+          ? (
+            <div className={styles.connectionTypeSelector}>
+              <Button icon={<DatasourceIcon type={Connection.ConnectionType.CONNECTION_TYPE_BIGQUERY} />} size='large' onClick={() => dispatch(newConnection(Connection.ConnectionType.CONNECTION_TYPE_BIGQUERY))}>BigQuery</Button>
+              <Button icon={<DatasourceIcon type={Connection.ConnectionType.CONNECTION_TYPE_SNOWFLAKE} />} size='large' onClick={() => dispatch(newConnection(Connection.ConnectionType.CONNECTION_TYPE_SNOWFLAKE))}>Snowflake</Button>
+            </div>
+            )
+          : ( // by default only BQ
+            <div className={styles.connectionTypeSelector}>
+              <Button icon={<DatasourceIcon type={Connection.ConnectionType.CONNECTION_TYPE_BIGQUERY} />} size='large' onClick={() => dispatch(newConnection(Connection.ConnectionType.CONNECTION_TYPE_BIGQUERY))}>BigQuery</Button>
+            </div>
+            )
+      }
+      {showCancel
+        ? (
+          <div>
+            <Button type='link' onClick={() => dispatch(newConnectionScreen(false))}>Return back</Button>
+          </div>
+          )
+        : null}
+    </>
+  )
+}
+
+function CreateConnection () {
   return (
     <>
       <Result
         status='success'
         icon={<ApiTwoTone />}
         title='Ready to connect!'
-        subTitle={<>Next step, select <b>Project ID</b> for BigQuery billing and <b>Storage Bucket</b> name to store your query results.</>}
-        extra={<Button type='primary' onClick={() => { dispatch(newConnection()) }}>Create connection</Button>}
+        subTitle={<>Select your data source to start building your map.</>}
+        extra={<ConnectionTypeSelector />}
       />
     </>
   )
@@ -205,7 +262,7 @@ function ReportsHeader (
       <div className={styles.rightCornerAction}>
         {
           reportFilter === 'connections'
-            ? <Button onClick={() => { dispatch(newConnection()) }}>New Connection</Button>
+            ? <Button onClick={() => { dispatch(newConnectionScreen(true)) }}>New Connection</Button>
             : (
               <>
                 {
@@ -218,7 +275,7 @@ function ReportsHeader (
                       )
                     : null
                 }
-                <Button onClick={() => dispatch(createReport())}>New Report</Button>
+                <Button id='dekart-create-report' onClick={() => dispatch(createReport())}>New Report</Button>
               </>
               )
         }
@@ -231,9 +288,10 @@ function ReportsHeader (
 function Reports ({ createReportButton, reportFilter }) {
   const [archived, setArchived] = useState(false)
   const reportsList = useSelector(state => state.reportsList)
-  const { loaded: envLoaded } = useSelector(state => state.env)
+  const { loaded: envLoaded, authEnabled } = useSelector(state => state.env)
   const connectionList = useSelector(state => state.connection.list)
   const userDefinedConnection = useSelector(state => state.connection.userDefined)
+  const newConnectionScreen = useSelector(state => state.connection.screen)
   useEffect(() => {
     if (reportsList.archived.length === 0) {
       setArchived(false)
@@ -242,10 +300,10 @@ function Reports ({ createReportButton, reportFilter }) {
   if (!envLoaded) {
     return null
   }
-  if (userDefinedConnection && connectionList.length === 0) {
+  if ((userDefinedConnection && connectionList.length === 0) || newConnectionScreen) {
     return (
       <div className={styles.reports}>
-        <FirstConnectionOnboarding />
+        <CreateConnection />
       </div>
     )
   }
@@ -273,7 +331,7 @@ function Reports ({ createReportButton, reportFilter }) {
           ? (
             <Table
               dataSource={dataSource}
-              columns={getColumns(reportFilter, archived)}
+              columns={getColumns(reportFilter, archived, authEnabled)}
               showHeader={false}
               rowClassName={styles.reportsRow}
               pagination={false}
@@ -318,18 +376,6 @@ function OnboardingDiscoverableReports () {
   )
 }
 
-function Onboarding ({ icon, title, steps }) {
-  return (
-    <div className={styles.onboarding}>
-      <div className={styles.onboardingIcon}>{icon}</div>
-      <div className={styles.onboardingContent}>
-        <div className={styles.onboardingTitle}>{title}</div>
-        <div className={styles.onboardingSteps}>{steps}</div>
-      </div>
-    </div>
-  )
-}
-
 function NewVersion () {
   const release = useSelector(state => state.release)
   const env = useSelector(state => state.env)
@@ -339,7 +385,7 @@ function NewVersion () {
     dispatch(testVersion())
   }, [dispatch])
   if (release) {
-    const ref = getRef(env, usage)
+    const ref = getUrlRef(env, usage)
     return (
       <div className={styles.newRelease}>
         <GiftOutlined className={styles.newReleaseIcon} />
diff --git a/src/client/HomePage.module.css b/src/client/HomePage.module.css
index 84af6cf..39a2672 100644
--- a/src/client/HomePage.module.css
+++ b/src/client/HomePage.module.css
@@ -16,6 +16,11 @@
     flex-direction: column;
 }
 
+.iconColumn {
+    padding-right: 0 !important;
+    opacity: 0.7;
+}
+
 .dataDocs {
     display: block;
 }
@@ -158,4 +163,18 @@
     flex-direction: row;
     align-items: right;
     gap: 10px;
+}
+
+.stepBySetLink {
+    margin-top: 15px;
+}
+
+.connectionTypeSelector :global(.ant-btn) {
+    font-size: 1.4em;
+    height: 60px;
+    margin: 0.5em;
+}
+
+.connectionTypeSelector {
+    margin-bottom: 10px;
 }
\ No newline at end of file
diff --git a/src/client/Onboarding.js b/src/client/Onboarding.js
new file mode 100644
index 0000000..b94aa93
--- /dev/null
+++ b/src/client/Onboarding.js
@@ -0,0 +1,13 @@
+import styles from './Onboarding.module.css'
+
+export default function Onboarding ({ icon, title, steps }) {
+  return (
+    <div className={styles.onboarding}>
+      <div className={styles.onboardingIconWrapper}><div className={styles.onboardingIcon}>{icon}</div></div>
+      <div className={styles.onboardingContent}>
+        <div className={styles.onboardingTitle}>{title}</div>
+        <div className={styles.onboardingSteps}>{steps}</div>
+      </div>
+    </div>
+  )
+}
diff --git a/src/client/Onboarding.module.css b/src/client/Onboarding.module.css
new file mode 100644
index 0000000..86ec028
--- /dev/null
+++ b/src/client/Onboarding.module.css
@@ -0,0 +1,32 @@
+.onboarding {
+    display: flex;
+    flex-direction: row;
+    width: 100%;
+    margin-top: 20px;
+    background-color: white;
+    padding: 20px;
+    border: 1px solid #F0F0F0;
+}
+
+.onboardingIcon {
+    font-size: 42px;
+    color: white;
+    background-color: #349DFE;
+    border-radius: 50%;
+    width: 70px;
+    height: 70px;
+    display: flex;
+    align-items: center;
+    justify-content: center;
+    margin-right: 20px;
+}
+
+.onboardingSteps {
+    opacity: 0.7;
+}
+
+.onboardingTitle {
+    font-size: 24px;
+    margin-bottom: 10px;
+}
+
diff --git a/src/client/Query.js b/src/client/Query.js
index 4049feb..9755ed9 100644
--- a/src/client/Query.js
+++ b/src/client/Query.js
@@ -15,6 +15,7 @@ import DataDocumentationLink from './DataDocumentationLink'
 import { cancelQuery, queryChanged, runQuery } from './actions/query'
 import { showDataTable } from './actions/showDataTable'
 import Tooltip from 'antd/es/tooltip'
+import { getDatasourceMeta } from './lib/datasource'
 
 function CancelButton ({ query }) {
   const dispatch = useDispatch()
@@ -101,7 +102,7 @@ function QueryEditor ({ queryId, queryText, onChange, canWrite }) {
           />
         )}
       </AutoSizer>
-      {queryText ? null : <SampleQuery queryId={queryId} />}
+      {queryText && queryText.trim().length ? null : <SampleQuery queryId={queryId} />}
     </div>
   )
 }
@@ -182,29 +183,46 @@ function QueryStatus ({ children, query }) {
 }
 
 function SampleQuery ({ queryId }) {
-  const UX_SAMPLE_QUERY_SQL = useSelector(state => state.env.variables.UX_SAMPLE_QUERY_SQL)
+  const { UX_SAMPLE_QUERY_SQL, UX_DATA_DOCUMENTATION } = useSelector(state => state.env.variables)
   const queryStatus = useSelector(state => state.queryStatus[queryId])
+  const dataset = useSelector(state => state.dataset.list.find(q => q.queryId === queryId))
+  const connection = useSelector(state => state.connection.list.find(c => c.id === dataset?.connectionId))
+  const datasetCount = useSelector(state => state.connection.list.reduce((dc, c) => {
+    return dc + c.datasetCount
+  }, 0))
   const downloadingSource = queryStatus?.downloadingSource
   const dispatch = useDispatch()
-  if (downloadingSource) {
+  if (UX_DATA_DOCUMENTATION) {
+    return <DataDocumentationLink className={styles.dataDoc} />
+  }
+  if (
+    downloadingSource ||
+    !(
+      datasetCount < 2 // show sample query for the first one
+    )
+  ) {
     // do not show sample query while downloading source
     return null
   }
-  if (!UX_SAMPLE_QUERY_SQL) {
-    // no sample query, show data documentation link
-    return <DataDocumentationLink className={styles.dataDoc} />
+  let showSampleQuery = UX_SAMPLE_QUERY_SQL
+  if (!showSampleQuery && connection) {
+    showSampleQuery = getDatasourceMeta(connection.connectionType)?.sampleQuery
   }
-  return (
-    <div className={styles.sampleQuery}>
-      <Button
-        type='link' onClick={() => {
-          dispatch(queryChanged(queryId, UX_SAMPLE_QUERY_SQL))
-        }}
-        title='Try running a sample query'
-      >Try sample SQL query
-      </Button>
-    </div>
-  )
+  if (showSampleQuery) {
+    return (
+      <div className={styles.sampleQuery}>
+        <Tooltip title={<>Don't know where to start?<br />Try running public dataset query.</>}>
+          <Button
+            type='link' onClick={() => {
+              dispatch(queryChanged(queryId, showSampleQuery))
+            }}
+          >💡 Start with a sample query
+          </Button>
+        </Tooltip>
+      </div>
+    )
+  }
+  return null
 }
 
 export default function Query ({ query }) {
diff --git a/src/client/ReportHeaderButtons.js b/src/client/ReportHeaderButtons.js
index 12b87f4..1df8858 100644
--- a/src/client/ReportHeaderButtons.js
+++ b/src/client/ReportHeaderButtons.js
@@ -11,15 +11,20 @@ import { toggleModal } from '@dekart-xyz/kepler.gl/dist/actions/ui-state-actions
 import { EXPORT_DATA_ID, EXPORT_IMAGE_ID, EXPORT_MAP_ID } from '@dekart-xyz/kepler.gl/dist/constants'
 import Dropdown from 'antd/es/dropdown'
 
-function ForkButton ({ reportId, disabled, primary }) {
+function ForkButton ({ primary }) {
   const dispatch = useDispatch()
+  const { id: reportId } = useSelector(state => state.report)
+
+  const onClick = () => {
+    dispatch(forkReport(reportId))
+  }
+
   if (primary) {
     return (
       <Button
         type='primary'
         icon={<ForkOutlined />}
-        disabled={disabled}
-        onClick={() => dispatch(forkReport(reportId))}
+        onClick={onClick}
       >Fork
       </Button>
     )
@@ -28,10 +33,9 @@ function ForkButton ({ reportId, disabled, primary }) {
     <Button
       type='text'
       icon={<ForkOutlined />}
-      disabled={disabled}
-      onClick={() => dispatch(forkReport(reportId))}
+      onClick={onClick}
       id='dekart-fork-button'
-      title='Fork Report'
+      title='Fork this report'
     />
   )
 }
@@ -83,7 +87,7 @@ function RefreshButton () {
 function EditModeButtons ({ changed }) {
   const dispatch = useDispatch()
   const history = useHistory()
-  const { id, discoverable, canWrite, allowEdit, isAuthor } = useSelector(state => state.report)
+  const { id, canWrite } = useSelector(state => state.report)
   const { canSave } = useSelector(state => state.reportStatus)
 
   return (
@@ -97,11 +101,11 @@ function EditModeButtons ({ changed }) {
         onClick={() => history.replace(`/reports/${id}`)}
       />
       <ExportDropdown />
-      <ShareButton reportId={id} discoverable={discoverable} isAuthor={isAuthor} allowEdit={allowEdit} />
+      <ShareButton />
       {canWrite
         ? (
           <>
-            <ForkButton reportId={id} disabled={!canSave} />
+            <ForkButton />
             <Button
               id='dekart-save-button'
               type={changed ? 'primary' : 'default'}
@@ -112,7 +116,7 @@ function EditModeButtons ({ changed }) {
             </Button>
           </>
           )
-        : <ForkButton reportId={id} disabled={!canSave} />}
+        : <ForkButton primary />}
     </div>
   )
 }
@@ -158,15 +162,14 @@ function ExportDropdown () {
 
 function ViewModeButtons () {
   const history = useHistory()
-  const { id, discoverable, canWrite, allowEdit, isAuthor } = useSelector(state => state.report)
-  const { canSave } = useSelector(state => state.reportStatus)
+  const { id, canWrite } = useSelector(state => state.report)
   if (canWrite) {
     return (
       <div className={styles.reportHeaderButtons}>
         <RefreshButton />
         <ExportDropdown />
-        <ShareButton reportId={id} discoverable={discoverable} isAuthor={isAuthor} allowEdit={allowEdit} />
-        <ForkButton reportId={id} disabled={!canSave} />
+        <ShareButton />
+        <ForkButton />
         <Button
           type='primary'
           disabled={!canWrite}
@@ -188,8 +191,8 @@ function ViewModeButtons () {
         title='View SQL source'
       />
       <ExportDropdown />
-      <ShareButton reportId={id} discoverable={discoverable} isAuthor={isAuthor} allowEdit={allowEdit} />
-      <ForkButton reportId={id} disabled={!canSave} />
+      <ShareButton />
+      <ForkButton primary />
     </div>
   )
 }
diff --git a/src/client/ReportPage.js b/src/client/ReportPage.js
index 8aff655..9b67a6b 100644
--- a/src/client/ReportPage.js
+++ b/src/client/ReportPage.js
@@ -22,6 +22,7 @@ import { closeReport, openReport, reportTitleChange } from './actions/report'
 import { setError } from './actions/message'
 import Tooltip from 'antd/es/tooltip'
 import prettyBites from 'pretty-bytes'
+import { getDatasourceMeta } from './lib/datasource'
 
 function TabIcon ({ query }) {
   let iconColor = 'transparent'
@@ -67,18 +68,21 @@ function getOnTabEditHandler (dispatch, reportId) {
   }
 }
 
-function getQueryTooltip (query) {
+function QueryTooltip ({ query, dataset }) {
+  const connectionList = useSelector(state => state.connection.list)
   if (!query) {
     return null
   }
-  if (query.jobStatus !== QueryType.JobStatus.JOB_STATUS_DONE) {
-    return null
-  }
   const updatedAt = new Date(query.updatedAt * 1000)
+  const connection = connectionList.find(c => c.id === dataset.connectionId)
+  const connectionMeta = connection ? getDatasourceMeta(connection.connectionType) : null
 
   const processed = query.bytesProcessed ? `Processed ${prettyBites(query.bytesProcessed)}` : 'cached'
   return (
     <span className={styles.queryTooltip}>
+      {
+        connection && connectionMeta ? <span>{connection.connectionName} ({connectionMeta.name})</span> : null
+      }
       <span title={updatedAt.toISOString()}>{updatedAt.toLocaleString()}</span>
       <span>{processed}</span>
       {
@@ -95,7 +99,7 @@ function getTabPane (dataset, queries, files, status) {
   let tooltip = null
   if (dataset.queryId) {
     const query = queries.find(q => q.id === dataset.queryId)
-    tooltip = getQueryTooltip(query)
+    tooltip = <QueryTooltip query={query} dataset={dataset} />
     tabIcon = <TabIcon query={query} />
     changed = status.changed
   }
diff --git a/src/client/ShareButton.js b/src/client/ShareButton.js
index 5270882..fb31f0b 100644
--- a/src/client/ShareButton.js
+++ b/src/client/ShareButton.js
@@ -1,141 +1,175 @@
 import Button from 'antd/es/button'
 import Modal from 'antd/es/modal'
-import { EditOutlined, UsergroupAddOutlined, LinkOutlined, LockOutlined, InfoCircleOutlined, FileSearchOutlined } from '@ant-design/icons'
+import { LockOutlined, TeamOutlined, LinkOutlined } from '@ant-design/icons'
 import { useEffect, useState } from 'react'
 import styles from './ShareButton.module.css'
 import { useDispatch, useSelector } from 'react-redux'
-import Tooltip from 'antd/es/tooltip'
-import { getRef } from './lib/ref'
-import Switch from 'antd/es/switch'
 import { copyUrlToClipboard } from './actions/clipboard'
 import { setDiscoverable } from './actions/report'
+import Select from 'antd/es/select'
 
 function CopyLinkButton () {
   const dispatch = useDispatch()
+  const discoverable = useSelector(state => state.report.discoverable)
   return (
     <Button
       icon={<LinkOutlined />}
+      disabled={!discoverable}
       title='Copy link to report'
-      onClick={() => dispatch(copyUrlToClipboard(window.location.toString()))}
+      onClick={() => dispatch(copyUrlToClipboard(window.location.toString(), 'Report URL copied to clipboard'))}
     >Copy Link
     </Button>
   )
 }
 
-function AuthTypeTitle ({ authType, referer }) {
-  const { anchor, title } = {
-    AMAZON_OIDC: { anchor: 'user-authorization-via-amazon-load-balancer', title: 'Amazon OIDC' },
-    IAP: { anchor: 'user-authorization-via-google-iap', title: 'Google IAP' },
-    GOOGLE_OAUTH: { anchor: '', title: 'Google OAuth 2.0 flow' }
-  }[authType]
-  return (
-    <><span>Users authorized via </span>
-      <a
-        target='_blank' href={`https://dekart.xyz/docs/configuration/environment-variables/?ref=${referer}#${anchor}`} rel='noreferrer'
-      >{title}
-      </a> header
-    </>
-  )
+function WorkspacePermissionsDescription () {
+  const { isSharable, discoverable, allowEdit } = useSelector(state => state.report)
+  console.log('WorkspacePermissionsDescription', { isSharable, discoverable, allowEdit })
+  switch (true) {
+    case !isSharable:
+      return <>⚠️ This report cannot be shared between workspace users.<br />💡 Create a connection with a storage bucket and generate a new report from it.</>
+    case allowEdit:
+      return <>Everyone with access to this workspace can view and edit this report</>
+    case discoverable:
+      return <>Everyone with access to this workspace can discover and refresh this report</>
+    default:
+      return <>This report is private. Only the author can see it</>
+  }
+}
+
+const workspacePermissions = {
+  CANNOT_VIEW: 'CANNOT_VIEW',
+  VIEW: 'VIEW',
+  EDIT: 'EDIT'
+}
+
+const workspacePermissionsLabels = {
+  [workspacePermissions.CANNOT_VIEW]: 'Cannot view',
+  [workspacePermissions.VIEW]: 'View',
+  [workspacePermissions.EDIT]: 'Edit'
+}
+
+function WorkspacePermissionsTitle () {
+  const { isSharable } = useSelector(state => state.report)
+  if (!isSharable) {
+    return <div className={styles.statusLabelTitle}>Workspace Sharing</div>
+  }
+  return <div className={styles.statusLabelTitle}>Anyone in workspace</div>
 }
 
-function ModalContent ({ reportId, discoverable, isAuthor, allowEdit }) {
-  const env = useSelector(state => state.env)
-  const usage = useSelector(state => state.usage)
-  const { loaded: envLoaded, authEnabled, authType } = env
+function permissionValueFromReportProps ({ discoverable, allowEdit }) {
+  switch (true) {
+    case discoverable && allowEdit:
+      return workspacePermissions.EDIT
+    case discoverable:
+      return workspacePermissions.VIEW
+    default:
+      return workspacePermissions.CANNOT_VIEW
+  }
+}
+
+function reportPropsFromPermissionValue (value) {
+  switch (value) {
+    case workspacePermissions.CANNOT_VIEW:
+      return { discoverable: false, allowEdit: false }
+    case workspacePermissions.VIEW:
+      return { discoverable: true, allowEdit: false }
+    case workspacePermissions.EDIT:
+      return { discoverable: true, allowEdit: true }
+    default:
+      throw new Error(`Unknown permission value: ${value}`)
+  }
+}
+
+function WorkspacePermissionsSelect () {
+  const { isPublic, id, isAuthor, allowEdit, discoverable, isSharable } = useSelector(state => state.report)
   const dispatch = useDispatch()
-  const [discoverableSwitch, setDiscoverableSwitch] = useState(discoverable)
-  const [allowEditSwitch, setAllowEditSwitch] = useState(allowEdit)
+  const value = permissionValueFromReportProps({ discoverable, allowEdit })
+  const [selectValue, setSelectValue] = useState(value)
 
-  // when changed by another user, reset state
   useEffect(() => {
-    setDiscoverableSwitch(discoverable)
-  }, [discoverable])
-  useEffect(() => {
-    setAllowEditSwitch(allowEdit)
-  }, [allowEdit])
+    setSelectValue(value)
+  }, [value])
 
-  if (!envLoaded) {
+  if (!isSharable) {
+    return <Button href='/connections'>Manage connections</Button>
+  }
+  const disabled = !isAuthor
+  return (
+    <Select
+      defaultValue={value}
+      value={selectValue}
+      disabled={disabled}
+      className={styles.workspaceStatusSelect}
+      loading={selectValue !== value}
+      onChange={(newValue) => {
+        setSelectValue(newValue)
+        const { discoverable, allowEdit } = reportPropsFromPermissionValue(newValue)
+        dispatch(setDiscoverable(id, discoverable, allowEdit))
+      }}
+      options={[
+        { value: workspacePermissions.CANNOT_VIEW, label: isPublic ? 'View' : workspacePermissionsLabels[workspacePermissions.CANNOT_VIEW] },
+        { value: workspacePermissions.VIEW, label: isPublic ? 'Refresh' : workspacePermissionsLabels[workspacePermissions.VIEW] },
+        { value: workspacePermissions.EDIT, label: workspacePermissionsLabels[workspacePermissions.EDIT] }
+      ]}
+    />
+  )
+}
+function WorkspacePermissions () {
+  const { canWrite, discoverable } = useSelector(state => state.report)
+  if (!canWrite && !discoverable) { // show only for discoverable workspace reports
     return null
   }
-
-  if (authEnabled) {
-    return (
-      <>
-        <div className={styles.reportStatus}>
-          <div className={styles.reportStatusIcon}><LockOutlined /></div>
-          <div className={styles.reportStatusDetails}>
-            <div className={styles.reportStatusDetailsText}>{(() => {
-              switch (true) {
-                case discoverable && allowEdit:
-                  return 'Everyone can view and edit report'
-                case !discoverable && allowEdit:
-                  return 'Everyone with link can edit report'
-                case discoverable && !allowEdit:
-                  return 'Everyone with link can view and refresh report'
-                default:
-                  return 'Everyone with a link can view report'
-              }
-            })()}
-            </div>
-            <div className={styles.reportAuthStatus}>
-              <Tooltip title={<AuthTypeTitle authType={authType} referer={getRef(env, usage)} />}>
-                <span className={styles.authEnabled}>User authorization enabled</span>
-              </Tooltip>
-            </div>
-          </div>
+  return (
+    <>
+      <div className={styles.workspaceStatus}>
+        <div className={styles.workspaceStatusIcon}><TeamOutlined /></div>
+        <div className={styles.workspaceStatusLabel}>
+          <WorkspacePermissionsTitle />
+          <div className={styles.statusLabelDescription}><WorkspacePermissionsDescription /></div>
         </div>
-        <div className={styles.boolStatus}>
-          <div className={styles.boolStatusIcon}><FileSearchOutlined /></div>
-          <div className={styles.boolStatusLabel}>Allow everyone to discover and refresh report</div>
-          <div className={styles.boolStatusControl}>
-            <Switch
-              checked={discoverable}
-              disabled={!isAuthor}
-              title={!isAuthor ? 'Only the author can change this setting' : undefined}
-              onChange={(checked) => {
-                setDiscoverableSwitch(checked)
-                dispatch(setDiscoverable(reportId, checked, allowEdit))
-              }}
-              loading={discoverableSwitch !== discoverable}
-            />
-          </div>
+        <div className={styles.workspaceStatusControl}>
+          <WorkspacePermissionsSelect />
         </div>
-        <div className={styles.boolStatus}>
-          <div className={styles.boolStatusIcon}><EditOutlined /></div>
-          <div className={styles.boolStatusLabel}>Allow everyone to edit the report</div>
-          <div className={styles.boolStatusControl}>
-            <Switch
-              checked={allowEdit}
-              disabled={!isAuthor}
-              title={!isAuthor ? 'Only the author can change this setting' : undefined}
-              onChange={(checked) => {
-                setAllowEditSwitch(checked)
-                dispatch(setDiscoverable(reportId, discoverable, checked))
-              }}
-              loading={allowEditSwitch !== allowEdit}
-            />
-          </div>
-        </div>
-      </>
-    )
-  }
+      </div>
+    </>
+  )
+}
+
+function ModalContent () {
+  // const env = useSelector(state => state.env)
+  // const { loaded: envLoaded, authEnabled } = env
+
+  // if (!authEnabled) {
+  //   return null
+  // }
+
+  // if (!envLoaded) {
+  //   return null
+  // }
 
   return (
-    <div className={styles.reportStatus}>
-      <div className={styles.reportStatusIcon}><InfoCircleOutlined /></div>
-      <div className={styles.reportStatusDetails}>
-        <div className={styles.reportStatusDetailsText}>Everyone can edit report</div>
-      </div>
-    </div>
+    <>
+      <WorkspacePermissions />
+    </>
   )
 }
 
-export default function ShareButton ({ reportId, discoverable, isAuthor, allowEdit }) {
+export default function ShareButton () {
   const [modalOpen, setModalOpen] = useState(false)
+  const { discoverable } = useSelector(state => state.report)
+  const { authEnabled } = useSelector(state => state.env)
+  if (!authEnabled) {
+    return null
+  }
+  let icon = <LockOutlined />
+  if (discoverable) {
+    icon = <TeamOutlined />
+  }
   return (
     <>
       <Button
-        icon={<UsergroupAddOutlined />}
+        icon={icon}
         ghost
         type='text'
         title='Share and export'
@@ -155,9 +189,9 @@ export default function ShareButton ({ reportId, discoverable, isAuthor, allowEd
               Done
             </Button>
           </div>
-      }
+        }
       >
-        <ModalContent reportId={reportId} discoverable={discoverable} isAuthor={isAuthor} allowEdit={allowEdit} />
+        <ModalContent />
       </Modal>
     </>
   )
diff --git a/src/client/ShareButton.module.css b/src/client/ShareButton.module.css
index 1ad684a..801ec91 100644
--- a/src/client/ShareButton.module.css
+++ b/src/client/ShareButton.module.css
@@ -11,7 +11,16 @@
     flex: 1;
 }
 
-.boolStatusIcon {
+.workspaceStatusSelect {
+    min-width: 130px;
+}
+
+.statusLabelDescription {
+    font-size: 0.8em;
+    color: #666;
+}
+
+.workspaceStatusIcon {
     font-size: 1.2em;
     position: relative;
     opacity: 0.65;
@@ -29,6 +38,13 @@
     margin-left: 10px;
 }
 
+.workspaceStatusLabel {
+    flex: 1;
+    font-size: 1.2em;
+    margin-left: 10px;
+    margin-right: 10px;
+}
+
 .boolStatusLabel {
     flex: 1;
     font-size: 1.2em;
@@ -38,8 +54,16 @@
 
 .reportStatusDetailsText {
     font-size: 1.2em;
+    font-weight: bold;
 }
 
+.workspaceStatus {
+    border-top: 1px solid #f0f0f0;
+    padding: 20px;
+    display: flex;
+    flex-direction: row;
+    align-items: flex-start;
+}
 .boolStatus {
     border-top: 1px solid #f0f0f0;
     padding: 20px;
@@ -48,6 +72,16 @@
     align-items: flex-start;
 }
 
+.boolStatusS {
+    font-size: 0.9em;
+    padding: 20px;
+    padding-top: 0px;
+    padding-left: 45px;
+    display: flex;
+    flex-direction: row;
+    align-items: flex-start;
+}
+
 .reportStatus {
     padding: 20px;
     display: flex;
diff --git a/src/client/actions/clipboard.js b/src/client/actions/clipboard.js
index aac2704..123dcd8 100644
--- a/src/client/actions/clipboard.js
+++ b/src/client/actions/clipboard.js
@@ -1,10 +1,12 @@
 import { success } from './message'
 import copy from 'copy-to-clipboard'
 
-export function copyUrlToClipboard (url) {
+export function copyUrlToClipboard (url, successMessage) {
   return (dispatch) => {
     dispatch({ type: copyUrlToClipboard.name, url })
     copy(url)
-    success('Report URL copied to clipboard')
+    if (successMessage) {
+      dispatch(success(successMessage))
+    }
   }
 }
diff --git a/src/client/actions/connection.js b/src/client/actions/connection.js
index 74a5486..a53db5f 100644
--- a/src/client/actions/connection.js
+++ b/src/client/actions/connection.js
@@ -1,13 +1,17 @@
-import { ArchiveConnectionRequest, CreateConnectionRequest, GetConnectionListRequest, Connection, TestConnectionRequest, UpdateConnectionRequest, SetDefaultConnectionRequest, GetGcpProjectListRequest } from '../../proto/dekart_pb'
+import { ArchiveConnectionRequest, CreateConnectionRequest, GetConnectionListRequest, Connection, TestConnectionRequest, UpdateConnectionRequest, SetDefaultConnectionRequest, GetGcpProjectListRequest, Secret } from '../../proto/dekart_pb'
 import { Dekart } from '../../proto/dekart_pb_service'
 import { grpcCall } from './grpc'
+import { updateSessionStorage } from './sessionStorage'
+import { needSensitiveScopes } from './user'
 
 export function connectionCreated ({ id, connectionName }) {
   return { type: connectionCreated.name, id, connectionName }
 }
 
 export function closeConnectionDialog () {
-  return { type: closeConnectionDialog.name }
+  return async (dispatch) => {
+    dispatch({ type: closeConnectionDialog.name })
+  }
 }
 
 export function projectListUpdate (projectsList) {
@@ -32,9 +36,9 @@ export function getProjectList () {
   }
 }
 
-export function editConnection (id) {
+export function editConnection (id, connectionType) {
   return async (dispatch) => {
-    dispatch({ type: editConnection.name, id })
+    dispatch({ type: editConnection.name, id, connectionType })
     dispatch(getProjectList())
   }
 }
@@ -73,11 +77,36 @@ export function archiveConnection (id) {
   }
 }
 
-export function newConnection () {
-  return async (dispatch) => {
+// newConnectionScreen toggles the new connection screen with datasource selection
+export function newConnectionScreen (show) {
+  return { type: newConnectionScreen.name, show }
+}
+
+// reOpenDialog reopens the last opened dialog after permissions are granted
+export function reOpenDialog () {
+  return (dispatch, getState) => {
+    const { lastOpenedDialog } = getState().connection
+    if (lastOpenedDialog) {
+      dispatch(updateSessionStorage('lastOpenedDialog', null))
+      dispatch(newConnection(lastOpenedDialog.connectionType))
+      dispatch({ type: reOpenDialog.name })
+    }
+  }
+}
+
+// newConnection opens a modal to create a new connection
+export function newConnection (connectionType) {
+  return async (dispatch, getState) => {
+    const { user } = getState()
+    if (connectionType === Connection.ConnectionType.CONNECTION_TYPE_BIGQUERY && !user.sensitiveScopesGranted) {
+      dispatch(updateSessionStorage('lastOpenedDialog', { connectionType })) // remember the dialog state
+      dispatch(needSensitiveScopes())
+    }
     // just to show the modal
-    dispatch({ type: newConnection.name })
-    dispatch(getProjectList())
+    dispatch({ type: newConnection.name, connectionType })
+    if (connectionType === Connection.ConnectionType.CONNECTION_TYPE_BIGQUERY) {
+      dispatch(getProjectList())
+    }
   }
 }
 
@@ -95,6 +124,13 @@ export function getConnectionsList () {
       dispatch(grpcCall(Dekart.GetConnectionList, request, resolve))
     })
 
+    res.connectionsList.forEach((connection) => {
+      // replace password with placeholder
+      // no password is returned from the server, only the length
+      if (connection.snowflakePassword?.length > 0) {
+        connection.snowflakePassword = '*'.repeat(connection.snowflakePassword.length)
+      }
+    })
     dispatch(connectionListUpdate(res.connectionsList))
   }
 }
@@ -103,16 +139,27 @@ export function connectionSaved () {
   return { type: connectionSaved.name }
 }
 
-export function saveConnection (id, connectionProps) {
+export function saveConnection (id, connectionType, connectionProps) {
   return async (dispatch, getState) => {
+    const connection = new Connection()
+    connection.setConnectionType(connectionType)
     dispatch({ type: saveConnection.name })
     if (!id) {
       // create new connection
       const request = new CreateConnectionRequest()
-      const connection = new Connection()
-      connection.setConnectionName(connectionProps.connectionName)
-      connection.setBigqueryProjectId(connectionProps.bigqueryProjectId)
-      connection.setCloudStorageBucket(connectionProps.cloudStorageBucket)
+      if (connectionType === Connection.ConnectionType.CONNECTION_TYPE_SNOWFLAKE) {
+        connection.setConnectionName(connectionProps.connectionName)
+        connection.setSnowflakeAccountId(connectionProps.snowflakeAccountId)
+        connection.setSnowflakeUsername(connectionProps.snowflakeUsername)
+        connection.setSnowflakeWarehouse(connectionProps.snowflakeWarehouse)
+        const secret = new Secret()
+        secret.setClientEncrypted(await encryptPassword(connectionProps.snowflakePassword, getState().env.variables.AES_KEY, getState().env.variables.AES_IV))
+        connection.setSnowflakePassword(secret)
+      } else {
+        connection.setConnectionName(connectionProps.connectionName)
+        connection.setBigqueryProjectId(connectionProps.bigqueryProjectId)
+        connection.setCloudStorageBucket(connectionProps.cloudStorageBucket)
+      }
       request.setConnection(connection)
 
       const res = await new Promise((resolve) => {
@@ -121,13 +168,27 @@ export function saveConnection (id, connectionProps) {
 
       dispatch(connectionCreated(res.connection))
     } else {
+      const prevConnection = getState().connection.list.find(c => c.id === id)
+
       // update existing connection
       const request = new UpdateConnectionRequest()
-      const connection = new Connection()
       connection.setId(id)
-      connection.setConnectionName(connectionProps.connectionName)
-      connection.setBigqueryProjectId(connectionProps.bigqueryProjectId)
-      connection.setCloudStorageBucket(connectionProps.cloudStorageBucket)
+      if (connectionType === Connection.ConnectionType.CONNECTION_TYPE_SNOWFLAKE) {
+        connection.setConnectionName(connectionProps.connectionName)
+        connection.setSnowflakeAccountId(connectionProps.snowflakeAccountId)
+        connection.setSnowflakeUsername(connectionProps.snowflakeUsername)
+        connection.setSnowflakeWarehouse(connectionProps.snowflakeWarehouse)
+        if (prevConnection?.snowflakePassword !== connectionProps.snowflakePassword) {
+          // update password only if it was changed, otherwise it's just a placeholder
+          const secret = new Secret()
+          secret.setClientEncrypted(await encryptPassword(connectionProps.snowflakePassword, getState().env.variables.AES_KEY, getState().env.variables.AES_IV))
+          connection.setSnowflakePassword(secret)
+        }
+      } else {
+        connection.setConnectionName(connectionProps.connectionName)
+        connection.setBigqueryProjectId(connectionProps.bigqueryProjectId)
+        connection.setCloudStorageBucket(connectionProps.cloudStorageBucket)
+      }
       request.setConnection(connection)
 
       await new Promise((resolve) => {
@@ -139,23 +200,84 @@ export function saveConnection (id, connectionProps) {
   }
 }
 
-export function connectionChanged ({ connectionName, bigqueryProjectId, cloudStorageBucket }) {
-  return { type: connectionChanged.name, connectionName, bigqueryProjectId, cloudStorageBucket }
+export function connectionChanged () {
+  return { type: connectionChanged.name }
 }
 
 export function testConnectionResponse ({ success, error }) {
   return { type: testConnectionResponse.name, success, error }
 }
 
-export function testConnection ({ connectionName, bigqueryProjectId, cloudStorageBucket }) {
+async function encryptPassword (password, key, iv) {
+  // Convert key and IV from Base64
+  const keyArrayBuffer = await window.crypto.subtle.importKey(
+    'raw',
+    base64ToArrayBuffer(key),
+    { name: 'AES-GCM' },
+    false,
+    ['encrypt']
+  )
+  const ivArray = base64ToArrayBuffer(iv)
+
+  // Encrypt the password
+  const encoder = new TextEncoder()
+  const encrypted = await window.crypto.subtle.encrypt(
+    {
+      name: 'AES-GCM',
+      iv: new Uint8Array(ivArray)
+    },
+    keyArrayBuffer,
+    encoder.encode(password)
+  )
+
+  // Convert encrypted data to Base64 for easy transmission
+  const encryptedBase64 = arrayBufferToBase64(encrypted)
+  return encryptedBase64
+}
+
+function base64ToArrayBuffer (base64) {
+  const binaryString = window.atob(base64)
+  const len = binaryString.length
+  const bytes = new Uint8Array(len)
+  for (let i = 0; i < len; i++) {
+    bytes[i] = binaryString.charCodeAt(i)
+  }
+  return bytes.buffer
+}
+
+function arrayBufferToBase64 (buffer) {
+  let binary = ''
+  const bytes = new Uint8Array(buffer)
+  const len = bytes.byteLength
+  for (let i = 0; i < len; i++) {
+    binary += String.fromCharCode(bytes[i])
+  }
+  return window.btoa(binary)
+}
+
+export function testConnection (connectionType, values) {
   return async (dispatch, getState) => {
     dispatch({ type: testConnection.name })
-
+    const { env: { variables: { AES_IV, AES_KEY } } } = getState()
     const request = new TestConnectionRequest()
     const connection = new Connection()
-    connection.setConnectionName(connectionName)
-    connection.setBigqueryProjectId(bigqueryProjectId)
-    connection.setCloudStorageBucket(cloudStorageBucket)
+    connection.setConnectionType(connectionType)
+    if (connectionType === Connection.ConnectionType.CONNECTION_TYPE_SNOWFLAKE) {
+      const { connectionName, snowflakeAccountId, snowflakeUsername, snowflakeWarehouse, snowflakePassword } = values
+      connection.setConnectionName(connectionName)
+      connection.setSnowflakeAccountId(snowflakeAccountId)
+      connection.setSnowflakeUsername(snowflakeUsername)
+      connection.setSnowflakeWarehouse(snowflakeWarehouse)
+      const secret = new Secret()
+      secret.setClientEncrypted(await encryptPassword(snowflakePassword, AES_KEY, AES_IV))
+      connection.setSnowflakePassword(secret)
+    } else { // bigquery
+      const { connectionName, bigqueryProjectId, cloudStorageBucket } = values
+      connection.setConnectionName(connectionName)
+      connection.setBigqueryProjectId(bigqueryProjectId)
+      connection.setCloudStorageBucket(cloudStorageBucket)
+    }
+
     request.setConnection(connection)
 
     const res = await new Promise((resolve) => {
diff --git a/src/client/actions/dataset.js b/src/client/actions/dataset.js
index a8c13e4..2aa562f 100644
--- a/src/client/actions/dataset.js
+++ b/src/client/actions/dataset.js
@@ -113,7 +113,7 @@ export function downloadDataset (dataset, sourceId, extension, prevDatasetsList)
       return
     }
     // check if dataset was already added to kepler
-    const addedDatasets = getState().keplerGl.kepler.visState.datasets
+    const addedDatasets = getState().keplerGl.kepler?.visState.datasets || {}
     const prevDataset = prevDatasetsList.find(d => d.id in addedDatasets)
     const i = datasets.findIndex(d => d.id === dataset.id)
     if (i < 0) {
diff --git a/src/client/actions/grpc.js b/src/client/actions/grpc.js
index a34eaa0..9311f50 100644
--- a/src/client/actions/grpc.js
+++ b/src/client/actions/grpc.js
@@ -117,6 +117,11 @@ export function grpcStream (endpoint, request, cb) {
       headers
     )
     dispatch({ type: grpcStream.name, endpoint, cancelable })
+
+    // avoid error on page reload
+    window.addEventListener('beforeunload', () => {
+      dispatch(grpcStreamCancel(endpoint))
+    })
   }
 }
 
diff --git a/src/client/actions/localStorage.js b/src/client/actions/localStorage.js
index 79eaa24..f8e6b23 100644
--- a/src/client/actions/localStorage.js
+++ b/src/client/actions/localStorage.js
@@ -29,7 +29,7 @@ export function loadLocalStorage () {
     const localStorageValue = window.localStorage.getItem(LOCAL_STORAGE_KEY)
     if (localStorageValue) {
       current = JSON.parse(localStorageValue)
-      dispatch(localStorageInit())
     }
+    dispatch(localStorageInit())
   }
 }
diff --git a/src/client/actions/redirect.js b/src/client/actions/redirect.js
index 3ccd3fc..41623ca 100644
--- a/src/client/actions/redirect.js
+++ b/src/client/actions/redirect.js
@@ -1,7 +1,14 @@
 import { AuthState } from '../../proto/dekart_pb'
+import { updateLocalStorage } from './localStorage'
 
 export function setRedirectState (redirectState) {
-  return { type: setRedirectState.name, redirectState }
+  return async (dispatch) => {
+    dispatch({ type: setRedirectState.name, redirectState })
+    if (redirectState.getSensitiveScopesGranted()) {
+      // remember that the user has granted sensitive scopes on this device once
+      dispatch(updateLocalStorage('sensitiveScopesGrantedOnce', true))
+    }
+  }
 }
 
 export function requestSensitiveScopes (returnPath) {
diff --git a/src/client/actions/report.js b/src/client/actions/report.js
index ddaad57..780a6f4 100644
--- a/src/client/actions/report.js
+++ b/src/client/actions/report.js
@@ -3,12 +3,13 @@ import { receiveMapConfig, removeDataset } from '@dekart-xyz/kepler.gl/dist/acti
 
 import { grpcCall, grpcStream, grpcStreamCancel } from './grpc'
 import { success } from './message'
-import { ArchiveReportRequest, CreateReportRequest, SetDiscoverableRequest, ForkReportRequest, Query, Report, ReportListRequest, UpdateReportRequest, File, ReportStreamRequest } from '../../proto/dekart_pb'
+import { ArchiveReportRequest, CreateReportRequest, SetDiscoverableRequest, ForkReportRequest, Query, Report, ReportListRequest, UpdateReportRequest, File, ReportStreamRequest, PublishReportRequest } from '../../proto/dekart_pb'
 import { Dekart } from '../../proto/dekart_pb_service'
 import { createQuery, downloadQuerySource } from './query'
 import { downloadDataset } from './dataset'
 import { shouldAddQuery } from '../lib/shouldAddQuery'
 import { shouldUpdateDataset } from '../lib/shouldUpdateDataset'
+import { needSensitiveScopes } from './user'
 
 export function closeReport () {
   return (dispatch) => {
@@ -28,7 +29,8 @@ function getReportStream (reportId, onMessage, onError) {
 }
 
 export function openReport (reportId, edit) {
-  return (dispatch) => {
+  return (dispatch, getState) => {
+    const user = getState().user
     dispatch({
       type: openReport.name,
       edit
@@ -39,7 +41,11 @@ export function openReport (reportId, edit) {
         if (err) {
           return err
         }
-        dispatch(reportUpdate(reportStreamResponse))
+        if (reportStreamResponse.report.needSensitiveScope && !user.sensitiveScopesGranted) {
+          dispatch(needSensitiveScopes())
+        } else {
+          dispatch(reportUpdate(reportStreamResponse))
+        }
       }
     ))
   }
@@ -208,8 +214,18 @@ export function newForkedReport (id) {
   return { type: newForkedReport.name, id }
 }
 
+export function publishReport (reportId, publish) {
+  return async (dispatch) => {
+    dispatch({ type: publishReport.name })
+    const req = new PublishReportRequest()
+    req.setReportId(reportId)
+    req.setPublish(publish)
+    dispatch(grpcCall(Dekart.PublishReport, req))
+  }
+}
+
 export function forkReport (reportId) {
-  return async (dispatch, getState) => {
+  return async (dispatch) => {
     dispatch({ type: forkReport.name })
     const request = new ForkReportRequest()
     request.setReportId(reportId)
diff --git a/src/client/actions/sessionStorage.js b/src/client/actions/sessionStorage.js
new file mode 100644
index 0000000..9124f39
--- /dev/null
+++ b/src/client/actions/sessionStorage.js
@@ -0,0 +1,42 @@
+
+const SESSION_STORAGE_KEY = 'dekart-session-storage-v1'
+
+const initialState = {
+  lastOpenedDialog: null // connection dialog state
+}
+
+let current = initialState
+
+export default function sessionStorageReset () {
+  window.sessionStorage.removeItem(SESSION_STORAGE_KEY)
+  return {
+    type: sessionStorageReset.name,
+    current: initialState
+  }
+}
+
+export function sessionStorageInit () {
+  return {
+    type: sessionStorageInit.name,
+    current
+  }
+}
+
+export function updateSessionStorage (key, value) {
+  current[key] = value
+  window.sessionStorage.setItem(SESSION_STORAGE_KEY, JSON.stringify(current))
+  return {
+    type: updateSessionStorage.name,
+    current
+  }
+}
+
+export function loadSessionStorage () {
+  return (dispatch) => {
+    const sessionStorageValue = window.sessionStorage.getItem(SESSION_STORAGE_KEY)
+    if (sessionStorageValue) {
+      current = JSON.parse(sessionStorageValue)
+    }
+    dispatch(sessionStorageInit())
+  }
+}
diff --git a/src/client/actions/user.js b/src/client/actions/user.js
index eef1d09..e40aa07 100644
--- a/src/client/actions/user.js
+++ b/src/client/actions/user.js
@@ -20,7 +20,6 @@ export function subscribeUserStream () {
     }
     dispatch(grpcStream(Dekart.GetUserStream, request, (message, err) => {
       if (message) {
-        dispatch(updateLocalStorage('sensitiveScopesGrantedOnce', message.sensitiveScopesGrantedOnce))
         dispatch(updateLocalStorage('loginHint', message.email))
         dispatch(userStreamUpdate(message))
         if (prevRes.connectionUpdate !== message.connectionUpdate) {
@@ -33,6 +32,10 @@ export function subscribeUserStream () {
   }
 }
 
+export function needSensitiveScopes () {
+  return { type: needSensitiveScopes.name }
+}
+
 export function unsubscribeUserStream () {
   return (dispatch, getState) => {
     dispatch(grpcStreamCancel(Dekart.GetUserStream))
diff --git a/src/client/lib/datasource.js b/src/client/lib/datasource.js
index 81a0017..06fe311 100644
--- a/src/client/lib/datasource.js
+++ b/src/client/lib/datasource.js
@@ -1,17 +1,40 @@
+import { Connection } from '../../proto/dekart_pb'
 
 export function getDatasourceMeta (datasource) {
   switch (datasource) {
     case 'SNOWFLAKE':
+    case Connection.ConnectionType.CONNECTION_TYPE_SNOWFLAKE:
       return {
         name: 'Snowflake',
         style: 'snowflake',
+        sampleQuery: `-- Generate 100 random latitude and longitude points
+SELECT
+    ROUND(uniform(-90::float, 90::float, random()), 6) AS lat,  -- Generate random latitude between -90 and 90
+    ROUND(uniform(-180::float, 180::float, random()), 6) AS lon  -- Generate random longitude between -180 and 180
+FROM
+    TABLE(GENERATOR(ROWCOUNT => 100));  -- Create 100 rows
+`,
         usageStatsId: 3
       }
     case 'BQ':
+    case Connection.ConnectionType.CONNECTION_TYPE_BIGQUERY:
+    case Connection.ConnectionType.CONNECTION_TYPE_UNSPECIFIED: // legacy user connections
       return {
         name: 'BigQuery',
         style: 'bigquery',
-        usageStatsId: 2
+        usageStatsId: 2,
+        sampleQuery: `-- Select a random 0.1% sample of crimes from the Chicago crime dataset
+SELECT
+    primary_type,  -- Type of crime
+    district,      -- District where the crime occurred
+    latitude,      -- Latitude of the crime location
+    longitude,     -- Longitude of the crime location
+    date           -- Date of the crime
+FROM
+    \`bigquery-public-data.chicago_crime.crime\`  -- Chicago crime dataset
+WHERE
+    RAND() < 0.1 / 100.0;  -- Randomly select approximately 0.1% of the records
+`
       }
     case 'ATHENA':
       return {
diff --git a/src/client/lib/ref.js b/src/client/lib/ref.js
index ccd3581..23c8ec8 100644
--- a/src/client/lib/ref.js
+++ b/src/client/lib/ref.js
@@ -22,7 +22,7 @@ function getStats (env, usage) {
   ].join('-')
 }
 
-export function getRef (env, usage, location = window.location, v = version) {
+export function getUrlRef (env, usage, location = window.location, v = version) {
   if (!env.loaded || !usage.loaded) {
     return 'dekart-unknown'
   }
diff --git a/src/client/reducers/connectionReducer.js b/src/client/reducers/connectionReducer.js
index 1287245..24cd673 100644
--- a/src/client/reducers/connectionReducer.js
+++ b/src/client/reducers/connectionReducer.js
@@ -1,11 +1,13 @@
 import { combineReducers } from 'redux'
-import { closeConnectionDialog, connectionChanged, connectionCreated, connectionListUpdate, connectionSaved, editConnection, newConnection, projectListUpdate, saveConnection, testConnection, testConnectionResponse } from '../actions/connection'
+import { closeConnectionDialog, connectionChanged, connectionCreated, connectionListUpdate, connectionSaved, editConnection, newConnection, newConnectionScreen, projectListUpdate, reOpenDialog, saveConnection, testConnection, testConnectionResponse } from '../actions/connection'
+import { sessionStorageInit } from '../actions/sessionStorage'
 import { setEnv } from '../actions/env'
 
 function dialog (state = {
   visible: false,
   loading: true,
-  id: null
+  id: null,
+  connectionType: null
 }, action) {
   switch (action.type) {
     case closeConnectionDialog.name:
@@ -17,6 +19,7 @@ function dialog (state = {
       return {
         ...state,
         id: action.id,
+        connectionType: action.connectionType,
         visible: true,
         loading: false
       }
@@ -25,7 +28,8 @@ function dialog (state = {
         ...state,
         visible: true,
         id: null,
-        loading: false
+        loading: false,
+        connectionType: action.connectionType
       }
     case connectionCreated.name:
       return {
@@ -106,8 +110,7 @@ function listLoaded (state = false, action) {
 function userDefined (state = false, action) {
   switch (action.type) {
     case setEnv.name: {
-      const { BIGQUERY_PROJECT_ID, CLOUD_STORAGE_BUCKET, DATASOURCE } = action.variables
-      return (BIGQUERY_PROJECT_ID === '' && DATASOURCE === 'BQ') || (CLOUD_STORAGE_BUCKET === '' && DATASOURCE !== 'SNOWFLAKE')
+      return Boolean(action.variables.USER_DEFINED_CONNECTION)
     }
     default:
       return state
@@ -123,11 +126,35 @@ function projects (state = null, action) {
   }
 }
 
+function screen (state = false, action) {
+  switch (action.type) {
+    case newConnectionScreen.name:
+      return action.show
+    case newConnection.name:
+      return false
+    default:
+      return state
+  }
+}
+
+function lastOpenedDialog (state = null, action) {
+  switch (action.type) {
+    case sessionStorageInit.name:
+      return action.current.lastOpenedDialog || null
+    case reOpenDialog.name:
+      return null // only open dialog once
+    default:
+      return state
+  }
+}
+
 export default combineReducers({
   dialog,
   test,
   list,
   userDefined,
   listLoaded,
-  projects
+  projects,
+  screen,
+  lastOpenedDialog
 })
diff --git a/src/client/reducers/rootReducer.js b/src/client/reducers/rootReducer.js
index 8fdb5ec..e5c50de 100644
--- a/src/client/reducers/rootReducer.js
+++ b/src/client/reducers/rootReducer.js
@@ -15,6 +15,8 @@ import connection from './connectionReducer'
 import user from './userReducer'
 import httpError from './httpErrorReducer'
 import dataset from './datasetReducer'
+import storage from './storageReducer'
+import { setRedirectState } from '../actions/redirect'
 
 const customKeplerGlReducer = keplerGlReducer.initialState({
   uiState: {
@@ -148,21 +150,16 @@ function usage (state = defaultUsage, action) {
 const defaultEnv = { loaded: false, variables: {}, authEnabled: null, authType: 'UNSPECIFIED' }
 function env (state = defaultEnv, action) {
   switch (action.type) {
+    case setRedirectState.name:
+      return {
+        ...state,
+        loaded: false // reset when user auth details like token change
+      }
     case setEnv.name:
       return {
         loaded: true,
         variables: action.variables,
-        authEnabled: action.variables.REQUIRE_AMAZON_OIDC === '1' || action.variables.REQUIRE_IAP === '1' || action.variables.REQUIRE_GOOGLE_OAUTH === '1',
-        authType: (
-          action.variables.REQUIRE_IAP === '1'
-            ? 'IAP'
-            : action.variables.REQUIRE_AMAZON_OIDC
-              ? 'AMAZON_OIDC'
-              : action.variables.REQUIRE_GOOGLE_OAUTH
-                ? 'GOOGLE_OAUTH'
-                : 'NONE'
-        ),
-        needSensitiveScopes: action.variables.REQUIRE_GOOGLE_OAUTH
+        authEnabled: Boolean(action.variables.AUTH_ENABLED),
       }
     default:
       return state
@@ -229,5 +226,6 @@ export default combineReducers({
   token,
   stream,
   user,
-  dataset
+  dataset,
+  storage
 })
diff --git a/src/client/reducers/storageReducer.js b/src/client/reducers/storageReducer.js
new file mode 100644
index 0000000..84e38d7
--- /dev/null
+++ b/src/client/reducers/storageReducer.js
@@ -0,0 +1,27 @@
+import { localStorageInit } from '../actions/localStorage'
+import { sessionStorageInit } from '../actions/sessionStorage'
+
+const initialState = {
+  loaded: false, // both loaded
+  sessionStorageLoaded: false,
+  localStorageLoaded: false
+}
+
+export default function storage (state = initialState, action) {
+  switch (action.type) {
+    case sessionStorageInit.name:
+      return {
+        ...state,
+        loaded: state.localStorageLoaded, // both loaded
+        sessionStorageLoaded: true
+      }
+    case localStorageInit.name:
+      return {
+        ...state,
+        loaded: state.sessionStorageLoaded, // both loaded
+        localStorageLoaded: true
+      }
+    default:
+      return state
+  }
+}
diff --git a/src/client/reducers/userReducer.js b/src/client/reducers/userReducer.js
index 494d702..677dabe 100644
--- a/src/client/reducers/userReducer.js
+++ b/src/client/reducers/userReducer.js
@@ -1,6 +1,7 @@
 import { combineReducers } from 'redux'
-import { userStreamUpdate } from '../actions/user'
+import { needSensitiveScopes, userStreamUpdate } from '../actions/user'
 import { localStorageInit } from '../actions/localStorage'
+import { setRedirectState } from '../actions/redirect'
 
 function stream (state = null, action) {
   switch (action.type) {
@@ -18,8 +19,35 @@ function sensitiveScopesGrantedOnce (state = false, action) {
   switch (action.type) {
     case localStorageInit.name:
       return action.current.sensitiveScopesGrantedOnce
-    case userStreamUpdate.name:
-      return action.userStream.sensitiveScopesGrantedOnce
+    case setRedirectState.name: {
+      if (action.redirectState.getSensitiveScopesGranted()) {
+        return true
+      } else {
+        return state
+      }
+    }
+    default:
+      return state
+  }
+}
+
+function sensitiveScopesGranted (state = false, action) {
+  switch (action.type) {
+    case setRedirectState.name: {
+      if (action.redirectState.getSensitiveScopesGranted()) {
+        return true
+      }
+      return state
+    }
+    default:
+      return state
+  }
+}
+
+function sensitiveScopesNeeded (state = false, action) {
+  switch (action.type) {
+    case needSensitiveScopes.name:
+      return true
     default:
       return state
   }
@@ -36,8 +64,20 @@ function loginHint (state = null, action) {
   }
 }
 
+function redirectStateReceived (state = false, action) {
+  switch (action.type) {
+    case setRedirectState.name:
+      return true
+    default:
+      return state
+  }
+}
+
 export default combineReducers({
   stream,
   sensitiveScopesGrantedOnce,
-  loginHint
+  sensitiveScopesNeeded,
+  sensitiveScopesGranted,
+  loginHint,
+  redirectStateReceived
 })
diff --git a/src/proto/dekart.pb.go b/src/proto/dekart.pb.go
index de782d4..caa2e0b 100644
--- a/src/proto/dekart.pb.go
+++ b/src/proto/dekart.pb.go
@@ -20,6 +20,55 @@ const (
 	_ = protoimpl.EnforceVersion(protoimpl.MaxVersion - 20)
 )
 
+type Connection_ConnectionType int32
+
+const (
+	Connection_CONNECTION_TYPE_UNSPECIFIED Connection_ConnectionType = 0
+	Connection_CONNECTION_TYPE_BIGQUERY    Connection_ConnectionType = 1
+	Connection_CONNECTION_TYPE_SNOWFLAKE   Connection_ConnectionType = 2
+)
+
+// Enum value maps for Connection_ConnectionType.
+var (
+	Connection_ConnectionType_name = map[int32]string{
+		0: "CONNECTION_TYPE_UNSPECIFIED",
+		1: "CONNECTION_TYPE_BIGQUERY",
+		2: "CONNECTION_TYPE_SNOWFLAKE",
+	}
+	Connection_ConnectionType_value = map[string]int32{
+		"CONNECTION_TYPE_UNSPECIFIED": 0,
+		"CONNECTION_TYPE_BIGQUERY":    1,
+		"CONNECTION_TYPE_SNOWFLAKE":   2,
+	}
+)
+
+func (x Connection_ConnectionType) Enum() *Connection_ConnectionType {
+	p := new(Connection_ConnectionType)
+	*p = x
+	return p
+}
+
+func (x Connection_ConnectionType) String() string {
+	return protoimpl.X.EnumStringOf(x.Descriptor(), protoreflect.EnumNumber(x))
+}
+
+func (Connection_ConnectionType) Descriptor() protoreflect.EnumDescriptor {
+	return file_proto_dekart_proto_enumTypes[0].Descriptor()
+}
+
+func (Connection_ConnectionType) Type() protoreflect.EnumType {
+	return &file_proto_dekart_proto_enumTypes[0]
+}
+
+func (x Connection_ConnectionType) Number() protoreflect.EnumNumber {
+	return protoreflect.EnumNumber(x)
+}
+
+// Deprecated: Use Connection_ConnectionType.Descriptor instead.
+func (Connection_ConnectionType) EnumDescriptor() ([]byte, []int) {
+	return file_proto_dekart_proto_rawDescGZIP(), []int{18, 0}
+}
+
 type GetEnvResponse_Variable_Type int32
 
 const (
@@ -39,6 +88,10 @@ const (
 	GetEnvResponse_Variable_TYPE_UX_ACCESS_ERROR_INFO_HTML    GetEnvResponse_Variable_Type = 13
 	GetEnvResponse_Variable_TYPE_UX_NOT_FOUND_ERROR_INFO_HTML GetEnvResponse_Variable_Type = 14
 	GetEnvResponse_Variable_TYPE_UX_SAMPLE_QUERY_SQL          GetEnvResponse_Variable_Type = 15
+	GetEnvResponse_Variable_TYPE_AES_KEY                      GetEnvResponse_Variable_Type = 16
+	GetEnvResponse_Variable_TYPE_AES_IV                       GetEnvResponse_Variable_Type = 17
+	GetEnvResponse_Variable_TYPE_AUTH_ENABLED                 GetEnvResponse_Variable_Type = 18
+	GetEnvResponse_Variable_TYPE_USER_DEFINED_CONNECTION      GetEnvResponse_Variable_Type = 19
 )
 
 // Enum value maps for GetEnvResponse_Variable_Type.
@@ -60,6 +113,10 @@ var (
 		13: "TYPE_UX_ACCESS_ERROR_INFO_HTML",
 		14: "TYPE_UX_NOT_FOUND_ERROR_INFO_HTML",
 		15: "TYPE_UX_SAMPLE_QUERY_SQL",
+		16: "TYPE_AES_KEY",
+		17: "TYPE_AES_IV",
+		18: "TYPE_AUTH_ENABLED",
+		19: "TYPE_USER_DEFINED_CONNECTION",
 	}
 	GetEnvResponse_Variable_Type_value = map[string]int32{
 		"TYPE_UNSPECIFIED":                  0,
@@ -78,6 +135,10 @@ var (
 		"TYPE_UX_ACCESS_ERROR_INFO_HTML":    13,
 		"TYPE_UX_NOT_FOUND_ERROR_INFO_HTML": 14,
 		"TYPE_UX_SAMPLE_QUERY_SQL":          15,
+		"TYPE_AES_KEY":                      16,
+		"TYPE_AES_IV":                       17,
+		"TYPE_AUTH_ENABLED":                 18,
+		"TYPE_USER_DEFINED_CONNECTION":      19,
 	}
 )
 
@@ -92,11 +153,11 @@ func (x GetEnvResponse_Variable_Type) String() string {
 }
 
 func (GetEnvResponse_Variable_Type) Descriptor() protoreflect.EnumDescriptor {
-	return file_proto_dekart_proto_enumTypes[0].Descriptor()
+	return file_proto_dekart_proto_enumTypes[1].Descriptor()
 }
 
 func (GetEnvResponse_Variable_Type) Type() protoreflect.EnumType {
-	return &file_proto_dekart_proto_enumTypes[0]
+	return &file_proto_dekart_proto_enumTypes[1]
 }
 
 func (x GetEnvResponse_Variable_Type) Number() protoreflect.EnumNumber {
@@ -105,7 +166,7 @@ func (x GetEnvResponse_Variable_Type) Number() protoreflect.EnumNumber {
 
 // Deprecated: Use GetEnvResponse_Variable_Type.Descriptor instead.
 func (GetEnvResponse_Variable_Type) EnumDescriptor() ([]byte, []int) {
-	return file_proto_dekart_proto_rawDescGZIP(), []int{27, 0, 0}
+	return file_proto_dekart_proto_rawDescGZIP(), []int{28, 0, 0}
 }
 
 type AuthState_Action int32
@@ -144,11 +205,11 @@ func (x AuthState_Action) String() string {
 }
 
 func (AuthState_Action) Descriptor() protoreflect.EnumDescriptor {
-	return file_proto_dekart_proto_enumTypes[1].Descriptor()
+	return file_proto_dekart_proto_enumTypes[2].Descriptor()
 }
 
 func (AuthState_Action) Type() protoreflect.EnumType {
-	return &file_proto_dekart_proto_enumTypes[1]
+	return &file_proto_dekart_proto_enumTypes[2]
 }
 
 func (x AuthState_Action) Number() protoreflect.EnumNumber {
@@ -157,7 +218,7 @@ func (x AuthState_Action) Number() protoreflect.EnumNumber {
 
 // Deprecated: Use AuthState_Action.Descriptor instead.
 func (AuthState_Action) EnumDescriptor() ([]byte, []int) {
-	return file_proto_dekart_proto_rawDescGZIP(), []int{29, 0}
+	return file_proto_dekart_proto_rawDescGZIP(), []int{30, 0}
 }
 
 type Query_JobStatus int32
@@ -167,7 +228,7 @@ const (
 	Query_JOB_STATUS_PENDING         Query_JobStatus = 1
 	Query_JOB_STATUS_RUNNING         Query_JobStatus = 2
 	Query_JOB_STATUS_DONE_LEGACY     Query_JobStatus = 3 // legacy for backwards compatibility
-	Query_JOB_STATUS_READING_RESULTS Query_JobStatus = 4 // job is done proccessing results
+	Query_JOB_STATUS_READING_RESULTS Query_JobStatus = 4 // job is done processing results
 	Query_JOB_STATUS_DONE            Query_JobStatus = 5
 )
 
@@ -202,11 +263,11 @@ func (x Query_JobStatus) String() string {
 }
 
 func (Query_JobStatus) Descriptor() protoreflect.EnumDescriptor {
-	return file_proto_dekart_proto_enumTypes[2].Descriptor()
+	return file_proto_dekart_proto_enumTypes[3].Descriptor()
 }
 
 func (Query_JobStatus) Type() protoreflect.EnumType {
-	return &file_proto_dekart_proto_enumTypes[2]
+	return &file_proto_dekart_proto_enumTypes[3]
 }
 
 func (x Query_JobStatus) Number() protoreflect.EnumNumber {
@@ -215,7 +276,7 @@ func (x Query_JobStatus) Number() protoreflect.EnumNumber {
 
 // Deprecated: Use Query_JobStatus.Descriptor instead.
 func (Query_JobStatus) EnumDescriptor() ([]byte, []int) {
-	return file_proto_dekart_proto_rawDescGZIP(), []int{36, 0}
+	return file_proto_dekart_proto_rawDescGZIP(), []int{37, 0}
 }
 
 type Query_QuerySource int32
@@ -251,11 +312,11 @@ func (x Query_QuerySource) String() string {
 }
 
 func (Query_QuerySource) Descriptor() protoreflect.EnumDescriptor {
-	return file_proto_dekart_proto_enumTypes[3].Descriptor()
+	return file_proto_dekart_proto_enumTypes[4].Descriptor()
 }
 
 func (Query_QuerySource) Type() protoreflect.EnumType {
-	return &file_proto_dekart_proto_enumTypes[3]
+	return &file_proto_dekart_proto_enumTypes[4]
 }
 
 func (x Query_QuerySource) Number() protoreflect.EnumNumber {
@@ -264,7 +325,7 @@ func (x Query_QuerySource) Number() protoreflect.EnumNumber {
 
 // Deprecated: Use Query_QuerySource.Descriptor instead.
 func (Query_QuerySource) EnumDescriptor() ([]byte, []int) {
-	return file_proto_dekart_proto_rawDescGZIP(), []int{36, 1}
+	return file_proto_dekart_proto_rawDescGZIP(), []int{37, 1}
 }
 
 type File_Status int32
@@ -303,11 +364,11 @@ func (x File_Status) String() string {
 }
 
 func (File_Status) Descriptor() protoreflect.EnumDescriptor {
-	return file_proto_dekart_proto_enumTypes[4].Descriptor()
+	return file_proto_dekart_proto_enumTypes[5].Descriptor()
 }
 
 func (File_Status) Type() protoreflect.EnumType {
-	return &file_proto_dekart_proto_enumTypes[4]
+	return &file_proto_dekart_proto_enumTypes[5]
 }
 
 func (x File_Status) Number() protoreflect.EnumNumber {
@@ -316,7 +377,7 @@ func (x File_Status) Number() protoreflect.EnumNumber {
 
 // Deprecated: Use File_Status.Descriptor instead.
 func (File_Status) EnumDescriptor() ([]byte, []int) {
-	return file_proto_dekart_proto_rawDescGZIP(), []int{37, 0}
+	return file_proto_dekart_proto_rawDescGZIP(), []int{38, 0}
 }
 
 type GetGcpProjectListRequest struct {
@@ -711,11 +772,9 @@ type GetUserStreamResponse struct {
 	sizeCache     protoimpl.SizeCache
 	unknownFields protoimpl.UnknownFields
 
-	StreamOptions              *StreamOptions `protobuf:"bytes,1,opt,name=stream_options,json=streamOptions,proto3" json:"stream_options,omitempty"`
-	ConnectionUpdate           int64          `protobuf:"varint,2,opt,name=connection_update,json=connectionUpdate,proto3" json:"connection_update,omitempty"`
-	Email                      string         `protobuf:"bytes,3,opt,name=email,proto3" json:"email,omitempty"`                                                                                  // user email used to show user icon in UI
-	SensitiveScopesGranted     bool           `protobuf:"varint,4,opt,name=sensitive_scopes_granted,json=sensitiveScopesGranted,proto3" json:"sensitive_scopes_granted,omitempty"`               // user has granted sensitive scopes
-	SensitiveScopesGrantedOnce bool           `protobuf:"varint,5,opt,name=sensitive_scopes_granted_once,json=sensitiveScopesGrantedOnce,proto3" json:"sensitive_scopes_granted_once,omitempty"` // user has granted sensitive scopes at least once, now we request all scopes at once
+	StreamOptions    *StreamOptions `protobuf:"bytes,1,opt,name=stream_options,json=streamOptions,proto3" json:"stream_options,omitempty"`
+	ConnectionUpdate int64          `protobuf:"varint,2,opt,name=connection_update,json=connectionUpdate,proto3" json:"connection_update,omitempty"`
+	Email            string         `protobuf:"bytes,3,opt,name=email,proto3" json:"email,omitempty"` // user email used to show user icon in UI
 }
 
 func (x *GetUserStreamResponse) Reset() {
@@ -771,20 +830,6 @@ func (x *GetUserStreamResponse) GetEmail() string {
 	return ""
 }
 
-func (x *GetUserStreamResponse) GetSensitiveScopesGranted() bool {
-	if x != nil {
-		return x.SensitiveScopesGranted
-	}
-	return false
-}
-
-func (x *GetUserStreamResponse) GetSensitiveScopesGrantedOnce() bool {
-	if x != nil {
-		return x.SensitiveScopesGrantedOnce
-	}
-	return false
-}
-
 type TestConnectionRequest struct {
 	state         protoimpl.MessageState
 	sizeCache     protoimpl.SizeCache
@@ -1165,16 +1210,21 @@ type Connection struct {
 	sizeCache     protoimpl.SizeCache
 	unknownFields protoimpl.UnknownFields
 
-	Id                 string `protobuf:"bytes,1,opt,name=id,proto3" json:"id,omitempty"`
-	ConnectionName     string `protobuf:"bytes,2,opt,name=connection_name,json=connectionName,proto3" json:"connection_name,omitempty"`
-	BigqueryProjectId  string `protobuf:"bytes,3,opt,name=bigquery_project_id,json=bigqueryProjectId,proto3" json:"bigquery_project_id,omitempty"`
-	CloudStorageBucket string `protobuf:"bytes,4,opt,name=cloud_storage_bucket,json=cloudStorageBucket,proto3" json:"cloud_storage_bucket,omitempty"`
-	IsDefault          bool   `protobuf:"varint,5,opt,name=is_default,json=isDefault,proto3" json:"is_default,omitempty"`
-	AuthorEmail        string `protobuf:"bytes,6,opt,name=author_email,json=authorEmail,proto3" json:"author_email,omitempty"`
-	CreatedAt          int64  `protobuf:"varint,7,opt,name=created_at,json=createdAt,proto3" json:"created_at,omitempty"`
-	UpdatedAt          int64  `protobuf:"varint,8,opt,name=updated_at,json=updatedAt,proto3" json:"updated_at,omitempty"`
-	DatasetCount       int64  `protobuf:"varint,9,opt,name=dataset_count,json=datasetCount,proto3" json:"dataset_count,omitempty"`
-	CanStoreFiles      bool   `protobuf:"varint,10,opt,name=can_store_files,json=canStoreFiles,proto3" json:"can_store_files,omitempty"`
+	Id                 string                    `protobuf:"bytes,1,opt,name=id,proto3" json:"id,omitempty"`
+	ConnectionName     string                    `protobuf:"bytes,2,opt,name=connection_name,json=connectionName,proto3" json:"connection_name,omitempty"`
+	BigqueryProjectId  string                    `protobuf:"bytes,3,opt,name=bigquery_project_id,json=bigqueryProjectId,proto3" json:"bigquery_project_id,omitempty"`
+	CloudStorageBucket string                    `protobuf:"bytes,4,opt,name=cloud_storage_bucket,json=cloudStorageBucket,proto3" json:"cloud_storage_bucket,omitempty"`
+	IsDefault          bool                      `protobuf:"varint,5,opt,name=is_default,json=isDefault,proto3" json:"is_default,omitempty"`
+	AuthorEmail        string                    `protobuf:"bytes,6,opt,name=author_email,json=authorEmail,proto3" json:"author_email,omitempty"`
+	CreatedAt          int64                     `protobuf:"varint,7,opt,name=created_at,json=createdAt,proto3" json:"created_at,omitempty"`
+	UpdatedAt          int64                     `protobuf:"varint,8,opt,name=updated_at,json=updatedAt,proto3" json:"updated_at,omitempty"`
+	DatasetCount       int64                     `protobuf:"varint,9,opt,name=dataset_count,json=datasetCount,proto3" json:"dataset_count,omitempty"`
+	CanStoreFiles      bool                      `protobuf:"varint,10,opt,name=can_store_files,json=canStoreFiles,proto3" json:"can_store_files,omitempty"`
+	ConnectionType     Connection_ConnectionType `protobuf:"varint,11,opt,name=connection_type,json=connectionType,proto3,enum=Connection_ConnectionType" json:"connection_type,omitempty"`
+	SnowflakeAccountId string                    `protobuf:"bytes,12,opt,name=snowflake_account_id,json=snowflakeAccountId,proto3" json:"snowflake_account_id,omitempty"`
+	SnowflakeUsername  string                    `protobuf:"bytes,13,opt,name=snowflake_username,json=snowflakeUsername,proto3" json:"snowflake_username,omitempty"`
+	SnowflakePassword  *Secret                   `protobuf:"bytes,14,opt,name=snowflake_password,json=snowflakePassword,proto3" json:"snowflake_password,omitempty"`
+	SnowflakeWarehouse string                    `protobuf:"bytes,15,opt,name=snowflake_warehouse,json=snowflakeWarehouse,proto3" json:"snowflake_warehouse,omitempty"`
 }
 
 func (x *Connection) Reset() {
@@ -1279,6 +1329,104 @@ func (x *Connection) GetCanStoreFiles() bool {
 	return false
 }
 
+func (x *Connection) GetConnectionType() Connection_ConnectionType {
+	if x != nil {
+		return x.ConnectionType
+	}
+	return Connection_CONNECTION_TYPE_UNSPECIFIED
+}
+
+func (x *Connection) GetSnowflakeAccountId() string {
+	if x != nil {
+		return x.SnowflakeAccountId
+	}
+	return ""
+}
+
+func (x *Connection) GetSnowflakeUsername() string {
+	if x != nil {
+		return x.SnowflakeUsername
+	}
+	return ""
+}
+
+func (x *Connection) GetSnowflakePassword() *Secret {
+	if x != nil {
+		return x.SnowflakePassword
+	}
+	return nil
+}
+
+func (x *Connection) GetSnowflakeWarehouse() string {
+	if x != nil {
+		return x.SnowflakeWarehouse
+	}
+	return ""
+}
+
+type Secret struct {
+	state         protoimpl.MessageState
+	sizeCache     protoimpl.SizeCache
+	unknownFields protoimpl.UnknownFields
+
+	ClientEncrypted string `protobuf:"bytes,1,opt,name=client_encrypted,json=clientEncrypted,proto3" json:"client_encrypted,omitempty"` // encrypted with client key
+	ServerEncrypted string `protobuf:"bytes,2,opt,name=server_encrypted,json=serverEncrypted,proto3" json:"server_encrypted,omitempty"` // encrypted with server key
+	Length          int32  `protobuf:"varint,3,opt,name=length,proto3" json:"length,omitempty"`                                         // length of the password for placeholder
+}
+
+func (x *Secret) Reset() {
+	*x = Secret{}
+	if protoimpl.UnsafeEnabled {
+		mi := &file_proto_dekart_proto_msgTypes[19]
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		ms.StoreMessageInfo(mi)
+	}
+}
+
+func (x *Secret) String() string {
+	return protoimpl.X.MessageStringOf(x)
+}
+
+func (*Secret) ProtoMessage() {}
+
+func (x *Secret) ProtoReflect() protoreflect.Message {
+	mi := &file_proto_dekart_proto_msgTypes[19]
+	if protoimpl.UnsafeEnabled && x != nil {
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		if ms.LoadMessageInfo() == nil {
+			ms.StoreMessageInfo(mi)
+		}
+		return ms
+	}
+	return mi.MessageOf(x)
+}
+
+// Deprecated: Use Secret.ProtoReflect.Descriptor instead.
+func (*Secret) Descriptor() ([]byte, []int) {
+	return file_proto_dekart_proto_rawDescGZIP(), []int{19}
+}
+
+func (x *Secret) GetClientEncrypted() string {
+	if x != nil {
+		return x.ClientEncrypted
+	}
+	return ""
+}
+
+func (x *Secret) GetServerEncrypted() string {
+	if x != nil {
+		return x.ServerEncrypted
+	}
+	return ""
+}
+
+func (x *Secret) GetLength() int32 {
+	if x != nil {
+		return x.Length
+	}
+	return 0
+}
+
 type GetUsageRequest struct {
 	state         protoimpl.MessageState
 	sizeCache     protoimpl.SizeCache
@@ -1288,7 +1436,7 @@ type GetUsageRequest struct {
 func (x *GetUsageRequest) Reset() {
 	*x = GetUsageRequest{}
 	if protoimpl.UnsafeEnabled {
-		mi := &file_proto_dekart_proto_msgTypes[19]
+		mi := &file_proto_dekart_proto_msgTypes[20]
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		ms.StoreMessageInfo(mi)
 	}
@@ -1301,7 +1449,7 @@ func (x *GetUsageRequest) String() string {
 func (*GetUsageRequest) ProtoMessage() {}
 
 func (x *GetUsageRequest) ProtoReflect() protoreflect.Message {
-	mi := &file_proto_dekart_proto_msgTypes[19]
+	mi := &file_proto_dekart_proto_msgTypes[20]
 	if protoimpl.UnsafeEnabled && x != nil {
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		if ms.LoadMessageInfo() == nil {
@@ -1314,7 +1462,7 @@ func (x *GetUsageRequest) ProtoReflect() protoreflect.Message {
 
 // Deprecated: Use GetUsageRequest.ProtoReflect.Descriptor instead.
 func (*GetUsageRequest) Descriptor() ([]byte, []int) {
-	return file_proto_dekart_proto_rawDescGZIP(), []int{19}
+	return file_proto_dekart_proto_rawDescGZIP(), []int{20}
 }
 
 type GetUsageResponse struct {
@@ -1331,7 +1479,7 @@ type GetUsageResponse struct {
 func (x *GetUsageResponse) Reset() {
 	*x = GetUsageResponse{}
 	if protoimpl.UnsafeEnabled {
-		mi := &file_proto_dekart_proto_msgTypes[20]
+		mi := &file_proto_dekart_proto_msgTypes[21]
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		ms.StoreMessageInfo(mi)
 	}
@@ -1344,7 +1492,7 @@ func (x *GetUsageResponse) String() string {
 func (*GetUsageResponse) ProtoMessage() {}
 
 func (x *GetUsageResponse) ProtoReflect() protoreflect.Message {
-	mi := &file_proto_dekart_proto_msgTypes[20]
+	mi := &file_proto_dekart_proto_msgTypes[21]
 	if protoimpl.UnsafeEnabled && x != nil {
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		if ms.LoadMessageInfo() == nil {
@@ -1357,7 +1505,7 @@ func (x *GetUsageResponse) ProtoReflect() protoreflect.Message {
 
 // Deprecated: Use GetUsageResponse.ProtoReflect.Descriptor instead.
 func (*GetUsageResponse) Descriptor() ([]byte, []int) {
-	return file_proto_dekart_proto_rawDescGZIP(), []int{20}
+	return file_proto_dekart_proto_rawDescGZIP(), []int{21}
 }
 
 func (x *GetUsageResponse) GetTotalReports() int64 {
@@ -1401,7 +1549,7 @@ type SetDiscoverableRequest struct {
 func (x *SetDiscoverableRequest) Reset() {
 	*x = SetDiscoverableRequest{}
 	if protoimpl.UnsafeEnabled {
-		mi := &file_proto_dekart_proto_msgTypes[21]
+		mi := &file_proto_dekart_proto_msgTypes[22]
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		ms.StoreMessageInfo(mi)
 	}
@@ -1414,7 +1562,7 @@ func (x *SetDiscoverableRequest) String() string {
 func (*SetDiscoverableRequest) ProtoMessage() {}
 
 func (x *SetDiscoverableRequest) ProtoReflect() protoreflect.Message {
-	mi := &file_proto_dekart_proto_msgTypes[21]
+	mi := &file_proto_dekart_proto_msgTypes[22]
 	if protoimpl.UnsafeEnabled && x != nil {
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		if ms.LoadMessageInfo() == nil {
@@ -1427,7 +1575,7 @@ func (x *SetDiscoverableRequest) ProtoReflect() protoreflect.Message {
 
 // Deprecated: Use SetDiscoverableRequest.ProtoReflect.Descriptor instead.
 func (*SetDiscoverableRequest) Descriptor() ([]byte, []int) {
-	return file_proto_dekart_proto_rawDescGZIP(), []int{21}
+	return file_proto_dekart_proto_rawDescGZIP(), []int{22}
 }
 
 func (x *SetDiscoverableRequest) GetReportId() string {
@@ -1460,7 +1608,7 @@ type SetDiscoverableResponse struct {
 func (x *SetDiscoverableResponse) Reset() {
 	*x = SetDiscoverableResponse{}
 	if protoimpl.UnsafeEnabled {
-		mi := &file_proto_dekart_proto_msgTypes[22]
+		mi := &file_proto_dekart_proto_msgTypes[23]
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		ms.StoreMessageInfo(mi)
 	}
@@ -1473,7 +1621,7 @@ func (x *SetDiscoverableResponse) String() string {
 func (*SetDiscoverableResponse) ProtoMessage() {}
 
 func (x *SetDiscoverableResponse) ProtoReflect() protoreflect.Message {
-	mi := &file_proto_dekart_proto_msgTypes[22]
+	mi := &file_proto_dekart_proto_msgTypes[23]
 	if protoimpl.UnsafeEnabled && x != nil {
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		if ms.LoadMessageInfo() == nil {
@@ -1486,7 +1634,7 @@ func (x *SetDiscoverableResponse) ProtoReflect() protoreflect.Message {
 
 // Deprecated: Use SetDiscoverableResponse.ProtoReflect.Descriptor instead.
 func (*SetDiscoverableResponse) Descriptor() ([]byte, []int) {
-	return file_proto_dekart_proto_rawDescGZIP(), []int{22}
+	return file_proto_dekart_proto_rawDescGZIP(), []int{23}
 }
 
 type RemoveDatasetRequest struct {
@@ -1500,7 +1648,7 @@ type RemoveDatasetRequest struct {
 func (x *RemoveDatasetRequest) Reset() {
 	*x = RemoveDatasetRequest{}
 	if protoimpl.UnsafeEnabled {
-		mi := &file_proto_dekart_proto_msgTypes[23]
+		mi := &file_proto_dekart_proto_msgTypes[24]
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		ms.StoreMessageInfo(mi)
 	}
@@ -1513,7 +1661,7 @@ func (x *RemoveDatasetRequest) String() string {
 func (*RemoveDatasetRequest) ProtoMessage() {}
 
 func (x *RemoveDatasetRequest) ProtoReflect() protoreflect.Message {
-	mi := &file_proto_dekart_proto_msgTypes[23]
+	mi := &file_proto_dekart_proto_msgTypes[24]
 	if protoimpl.UnsafeEnabled && x != nil {
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		if ms.LoadMessageInfo() == nil {
@@ -1526,7 +1674,7 @@ func (x *RemoveDatasetRequest) ProtoReflect() protoreflect.Message {
 
 // Deprecated: Use RemoveDatasetRequest.ProtoReflect.Descriptor instead.
 func (*RemoveDatasetRequest) Descriptor() ([]byte, []int) {
-	return file_proto_dekart_proto_rawDescGZIP(), []int{23}
+	return file_proto_dekart_proto_rawDescGZIP(), []int{24}
 }
 
 func (x *RemoveDatasetRequest) GetDatasetId() string {
@@ -1547,7 +1695,7 @@ type RemoveDatasetResponse struct {
 func (x *RemoveDatasetResponse) Reset() {
 	*x = RemoveDatasetResponse{}
 	if protoimpl.UnsafeEnabled {
-		mi := &file_proto_dekart_proto_msgTypes[24]
+		mi := &file_proto_dekart_proto_msgTypes[25]
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		ms.StoreMessageInfo(mi)
 	}
@@ -1560,7 +1708,7 @@ func (x *RemoveDatasetResponse) String() string {
 func (*RemoveDatasetResponse) ProtoMessage() {}
 
 func (x *RemoveDatasetResponse) ProtoReflect() protoreflect.Message {
-	mi := &file_proto_dekart_proto_msgTypes[24]
+	mi := &file_proto_dekart_proto_msgTypes[25]
 	if protoimpl.UnsafeEnabled && x != nil {
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		if ms.LoadMessageInfo() == nil {
@@ -1573,7 +1721,7 @@ func (x *RemoveDatasetResponse) ProtoReflect() protoreflect.Message {
 
 // Deprecated: Use RemoveDatasetResponse.ProtoReflect.Descriptor instead.
 func (*RemoveDatasetResponse) Descriptor() ([]byte, []int) {
-	return file_proto_dekart_proto_rawDescGZIP(), []int{24}
+	return file_proto_dekart_proto_rawDescGZIP(), []int{25}
 }
 
 func (x *RemoveDatasetResponse) GetDatasetId() string {
@@ -1594,7 +1742,7 @@ type StreamOptions struct {
 func (x *StreamOptions) Reset() {
 	*x = StreamOptions{}
 	if protoimpl.UnsafeEnabled {
-		mi := &file_proto_dekart_proto_msgTypes[25]
+		mi := &file_proto_dekart_proto_msgTypes[26]
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		ms.StoreMessageInfo(mi)
 	}
@@ -1607,7 +1755,7 @@ func (x *StreamOptions) String() string {
 func (*StreamOptions) ProtoMessage() {}
 
 func (x *StreamOptions) ProtoReflect() protoreflect.Message {
-	mi := &file_proto_dekart_proto_msgTypes[25]
+	mi := &file_proto_dekart_proto_msgTypes[26]
 	if protoimpl.UnsafeEnabled && x != nil {
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		if ms.LoadMessageInfo() == nil {
@@ -1620,7 +1768,7 @@ func (x *StreamOptions) ProtoReflect() protoreflect.Message {
 
 // Deprecated: Use StreamOptions.ProtoReflect.Descriptor instead.
 func (*StreamOptions) Descriptor() ([]byte, []int) {
-	return file_proto_dekart_proto_rawDescGZIP(), []int{25}
+	return file_proto_dekart_proto_rawDescGZIP(), []int{26}
 }
 
 func (x *StreamOptions) GetSequence() int64 {
@@ -1639,7 +1787,7 @@ type GetEnvRequest struct {
 func (x *GetEnvRequest) Reset() {
 	*x = GetEnvRequest{}
 	if protoimpl.UnsafeEnabled {
-		mi := &file_proto_dekart_proto_msgTypes[26]
+		mi := &file_proto_dekart_proto_msgTypes[27]
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		ms.StoreMessageInfo(mi)
 	}
@@ -1652,7 +1800,7 @@ func (x *GetEnvRequest) String() string {
 func (*GetEnvRequest) ProtoMessage() {}
 
 func (x *GetEnvRequest) ProtoReflect() protoreflect.Message {
-	mi := &file_proto_dekart_proto_msgTypes[26]
+	mi := &file_proto_dekart_proto_msgTypes[27]
 	if protoimpl.UnsafeEnabled && x != nil {
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		if ms.LoadMessageInfo() == nil {
@@ -1665,7 +1813,7 @@ func (x *GetEnvRequest) ProtoReflect() protoreflect.Message {
 
 // Deprecated: Use GetEnvRequest.ProtoReflect.Descriptor instead.
 func (*GetEnvRequest) Descriptor() ([]byte, []int) {
-	return file_proto_dekart_proto_rawDescGZIP(), []int{26}
+	return file_proto_dekart_proto_rawDescGZIP(), []int{27}
 }
 
 type GetEnvResponse struct {
@@ -1679,7 +1827,7 @@ type GetEnvResponse struct {
 func (x *GetEnvResponse) Reset() {
 	*x = GetEnvResponse{}
 	if protoimpl.UnsafeEnabled {
-		mi := &file_proto_dekart_proto_msgTypes[27]
+		mi := &file_proto_dekart_proto_msgTypes[28]
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		ms.StoreMessageInfo(mi)
 	}
@@ -1692,7 +1840,7 @@ func (x *GetEnvResponse) String() string {
 func (*GetEnvResponse) ProtoMessage() {}
 
 func (x *GetEnvResponse) ProtoReflect() protoreflect.Message {
-	mi := &file_proto_dekart_proto_msgTypes[27]
+	mi := &file_proto_dekart_proto_msgTypes[28]
 	if protoimpl.UnsafeEnabled && x != nil {
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		if ms.LoadMessageInfo() == nil {
@@ -1705,7 +1853,7 @@ func (x *GetEnvResponse) ProtoReflect() protoreflect.Message {
 
 // Deprecated: Use GetEnvResponse.ProtoReflect.Descriptor instead.
 func (*GetEnvResponse) Descriptor() ([]byte, []int) {
-	return file_proto_dekart_proto_rawDescGZIP(), []int{27}
+	return file_proto_dekart_proto_rawDescGZIP(), []int{28}
 }
 
 func (x *GetEnvResponse) GetVariables() []*GetEnvResponse_Variable {
@@ -1721,14 +1869,15 @@ type RedirectState struct {
 	sizeCache     protoimpl.SizeCache
 	unknownFields protoimpl.UnknownFields
 
-	TokenJson string `protobuf:"bytes,1,opt,name=token_json,json=tokenJson,proto3" json:"token_json,omitempty"`
-	Error     string `protobuf:"bytes,2,opt,name=error,proto3" json:"error,omitempty"`
+	TokenJson              string `protobuf:"bytes,1,opt,name=token_json,json=tokenJson,proto3" json:"token_json,omitempty"`
+	Error                  string `protobuf:"bytes,2,opt,name=error,proto3" json:"error,omitempty"`
+	SensitiveScopesGranted bool   `protobuf:"varint,3,opt,name=sensitive_scopes_granted,json=sensitiveScopesGranted,proto3" json:"sensitive_scopes_granted,omitempty"` // if true, sensitive scope are granted
 }
 
 func (x *RedirectState) Reset() {
 	*x = RedirectState{}
 	if protoimpl.UnsafeEnabled {
-		mi := &file_proto_dekart_proto_msgTypes[28]
+		mi := &file_proto_dekart_proto_msgTypes[29]
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		ms.StoreMessageInfo(mi)
 	}
@@ -1741,7 +1890,7 @@ func (x *RedirectState) String() string {
 func (*RedirectState) ProtoMessage() {}
 
 func (x *RedirectState) ProtoReflect() protoreflect.Message {
-	mi := &file_proto_dekart_proto_msgTypes[28]
+	mi := &file_proto_dekart_proto_msgTypes[29]
 	if protoimpl.UnsafeEnabled && x != nil {
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		if ms.LoadMessageInfo() == nil {
@@ -1754,7 +1903,7 @@ func (x *RedirectState) ProtoReflect() protoreflect.Message {
 
 // Deprecated: Use RedirectState.ProtoReflect.Descriptor instead.
 func (*RedirectState) Descriptor() ([]byte, []int) {
-	return file_proto_dekart_proto_rawDescGZIP(), []int{28}
+	return file_proto_dekart_proto_rawDescGZIP(), []int{29}
 }
 
 func (x *RedirectState) GetTokenJson() string {
@@ -1771,6 +1920,13 @@ func (x *RedirectState) GetError() string {
 	return ""
 }
 
+func (x *RedirectState) GetSensitiveScopesGranted() bool {
+	if x != nil {
+		return x.SensitiveScopesGranted
+	}
+	return false
+}
+
 // AuthState is used to pass state between UI, auth endpoint and Google OAuth via redirect
 type AuthState struct {
 	state         protoimpl.MessageState
@@ -1789,7 +1945,7 @@ type AuthState struct {
 func (x *AuthState) Reset() {
 	*x = AuthState{}
 	if protoimpl.UnsafeEnabled {
-		mi := &file_proto_dekart_proto_msgTypes[29]
+		mi := &file_proto_dekart_proto_msgTypes[30]
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		ms.StoreMessageInfo(mi)
 	}
@@ -1802,7 +1958,7 @@ func (x *AuthState) String() string {
 func (*AuthState) ProtoMessage() {}
 
 func (x *AuthState) ProtoReflect() protoreflect.Message {
-	mi := &file_proto_dekart_proto_msgTypes[29]
+	mi := &file_proto_dekart_proto_msgTypes[30]
 	if protoimpl.UnsafeEnabled && x != nil {
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		if ms.LoadMessageInfo() == nil {
@@ -1815,7 +1971,7 @@ func (x *AuthState) ProtoReflect() protoreflect.Message {
 
 // Deprecated: Use AuthState.ProtoReflect.Descriptor instead.
 func (*AuthState) Descriptor() ([]byte, []int) {
-	return file_proto_dekart_proto_rawDescGZIP(), []int{29}
+	return file_proto_dekart_proto_rawDescGZIP(), []int{30}
 }
 
 func (x *AuthState) GetAction() AuthState_Action {
@@ -1879,7 +2035,7 @@ type ArchiveReportRequest struct {
 func (x *ArchiveReportRequest) Reset() {
 	*x = ArchiveReportRequest{}
 	if protoimpl.UnsafeEnabled {
-		mi := &file_proto_dekart_proto_msgTypes[30]
+		mi := &file_proto_dekart_proto_msgTypes[31]
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		ms.StoreMessageInfo(mi)
 	}
@@ -1892,7 +2048,7 @@ func (x *ArchiveReportRequest) String() string {
 func (*ArchiveReportRequest) ProtoMessage() {}
 
 func (x *ArchiveReportRequest) ProtoReflect() protoreflect.Message {
-	mi := &file_proto_dekart_proto_msgTypes[30]
+	mi := &file_proto_dekart_proto_msgTypes[31]
 	if protoimpl.UnsafeEnabled && x != nil {
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		if ms.LoadMessageInfo() == nil {
@@ -1905,7 +2061,7 @@ func (x *ArchiveReportRequest) ProtoReflect() protoreflect.Message {
 
 // Deprecated: Use ArchiveReportRequest.ProtoReflect.Descriptor instead.
 func (*ArchiveReportRequest) Descriptor() ([]byte, []int) {
-	return file_proto_dekart_proto_rawDescGZIP(), []int{30}
+	return file_proto_dekart_proto_rawDescGZIP(), []int{31}
 }
 
 func (x *ArchiveReportRequest) GetReportId() string {
@@ -1931,7 +2087,7 @@ type ArchiveReportResponse struct {
 func (x *ArchiveReportResponse) Reset() {
 	*x = ArchiveReportResponse{}
 	if protoimpl.UnsafeEnabled {
-		mi := &file_proto_dekart_proto_msgTypes[31]
+		mi := &file_proto_dekart_proto_msgTypes[32]
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		ms.StoreMessageInfo(mi)
 	}
@@ -1944,7 +2100,7 @@ func (x *ArchiveReportResponse) String() string {
 func (*ArchiveReportResponse) ProtoMessage() {}
 
 func (x *ArchiveReportResponse) ProtoReflect() protoreflect.Message {
-	mi := &file_proto_dekart_proto_msgTypes[31]
+	mi := &file_proto_dekart_proto_msgTypes[32]
 	if protoimpl.UnsafeEnabled && x != nil {
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		if ms.LoadMessageInfo() == nil {
@@ -1957,7 +2113,7 @@ func (x *ArchiveReportResponse) ProtoReflect() protoreflect.Message {
 
 // Deprecated: Use ArchiveReportResponse.ProtoReflect.Descriptor instead.
 func (*ArchiveReportResponse) Descriptor() ([]byte, []int) {
-	return file_proto_dekart_proto_rawDescGZIP(), []int{31}
+	return file_proto_dekart_proto_rawDescGZIP(), []int{32}
 }
 
 type ReportListRequest struct {
@@ -1971,7 +2127,7 @@ type ReportListRequest struct {
 func (x *ReportListRequest) Reset() {
 	*x = ReportListRequest{}
 	if protoimpl.UnsafeEnabled {
-		mi := &file_proto_dekart_proto_msgTypes[32]
+		mi := &file_proto_dekart_proto_msgTypes[33]
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		ms.StoreMessageInfo(mi)
 	}
@@ -1984,7 +2140,7 @@ func (x *ReportListRequest) String() string {
 func (*ReportListRequest) ProtoMessage() {}
 
 func (x *ReportListRequest) ProtoReflect() protoreflect.Message {
-	mi := &file_proto_dekart_proto_msgTypes[32]
+	mi := &file_proto_dekart_proto_msgTypes[33]
 	if protoimpl.UnsafeEnabled && x != nil {
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		if ms.LoadMessageInfo() == nil {
@@ -1997,7 +2153,7 @@ func (x *ReportListRequest) ProtoReflect() protoreflect.Message {
 
 // Deprecated: Use ReportListRequest.ProtoReflect.Descriptor instead.
 func (*ReportListRequest) Descriptor() ([]byte, []int) {
-	return file_proto_dekart_proto_rawDescGZIP(), []int{32}
+	return file_proto_dekart_proto_rawDescGZIP(), []int{33}
 }
 
 func (x *ReportListRequest) GetStreamOptions() *StreamOptions {
@@ -2019,7 +2175,7 @@ type ReportListResponse struct {
 func (x *ReportListResponse) Reset() {
 	*x = ReportListResponse{}
 	if protoimpl.UnsafeEnabled {
-		mi := &file_proto_dekart_proto_msgTypes[33]
+		mi := &file_proto_dekart_proto_msgTypes[34]
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		ms.StoreMessageInfo(mi)
 	}
@@ -2032,7 +2188,7 @@ func (x *ReportListResponse) String() string {
 func (*ReportListResponse) ProtoMessage() {}
 
 func (x *ReportListResponse) ProtoReflect() protoreflect.Message {
-	mi := &file_proto_dekart_proto_msgTypes[33]
+	mi := &file_proto_dekart_proto_msgTypes[34]
 	if protoimpl.UnsafeEnabled && x != nil {
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		if ms.LoadMessageInfo() == nil {
@@ -2045,7 +2201,7 @@ func (x *ReportListResponse) ProtoReflect() protoreflect.Message {
 
 // Deprecated: Use ReportListResponse.ProtoReflect.Descriptor instead.
 func (*ReportListResponse) Descriptor() ([]byte, []int) {
-	return file_proto_dekart_proto_rawDescGZIP(), []int{33}
+	return file_proto_dekart_proto_rawDescGZIP(), []int{34}
 }
 
 func (x *ReportListResponse) GetReports() []*Report {
@@ -2067,23 +2223,25 @@ type Report struct {
 	sizeCache     protoimpl.SizeCache
 	unknownFields protoimpl.UnknownFields
 
-	Id           string `protobuf:"bytes,1,opt,name=id,proto3" json:"id,omitempty"`
-	MapConfig    string `protobuf:"bytes,2,opt,name=map_config,json=mapConfig,proto3" json:"map_config,omitempty"`
-	Title        string `protobuf:"bytes,3,opt,name=title,proto3" json:"title,omitempty"`
-	Archived     bool   `protobuf:"varint,4,opt,name=archived,proto3" json:"archived,omitempty"`
-	CanWrite     bool   `protobuf:"varint,5,opt,name=can_write,json=canWrite,proto3" json:"can_write,omitempty"`
-	AuthorEmail  string `protobuf:"bytes,6,opt,name=author_email,json=authorEmail,proto3" json:"author_email,omitempty"`
-	Discoverable bool   `protobuf:"varint,7,opt,name=discoverable,proto3" json:"discoverable,omitempty"`            // report is discoverable by other users of the same instance
-	AllowEdit    bool   `protobuf:"varint,8,opt,name=allow_edit,json=allowEdit,proto3" json:"allow_edit,omitempty"` // allow other users to edit the report
-	IsAuthor     bool   `protobuf:"varint,9,opt,name=is_author,json=isAuthor,proto3" json:"is_author,omitempty"`    // user is the author of the report
-	CreatedAt    int64  `protobuf:"varint,10,opt,name=created_at,json=createdAt,proto3" json:"created_at,omitempty"`
-	UpdatedAt    int64  `protobuf:"varint,11,opt,name=updated_at,json=updatedAt,proto3" json:"updated_at,omitempty"`
+	Id                 string `protobuf:"bytes,1,opt,name=id,proto3" json:"id,omitempty"`
+	MapConfig          string `protobuf:"bytes,2,opt,name=map_config,json=mapConfig,proto3" json:"map_config,omitempty"`
+	Title              string `protobuf:"bytes,3,opt,name=title,proto3" json:"title,omitempty"`
+	Archived           bool   `protobuf:"varint,4,opt,name=archived,proto3" json:"archived,omitempty"`
+	CanWrite           bool   `protobuf:"varint,5,opt,name=can_write,json=canWrite,proto3" json:"can_write,omitempty"`
+	AuthorEmail        string `protobuf:"bytes,6,opt,name=author_email,json=authorEmail,proto3" json:"author_email,omitempty"`
+	Discoverable       bool   `protobuf:"varint,7,opt,name=discoverable,proto3" json:"discoverable,omitempty"`            // report is discoverable by other users of the same instance
+	AllowEdit          bool   `protobuf:"varint,8,opt,name=allow_edit,json=allowEdit,proto3" json:"allow_edit,omitempty"` // allow other users to edit the report
+	IsAuthor           bool   `protobuf:"varint,9,opt,name=is_author,json=isAuthor,proto3" json:"is_author,omitempty"`    // user is the author of the report
+	CreatedAt          int64  `protobuf:"varint,10,opt,name=created_at,json=createdAt,proto3" json:"created_at,omitempty"`
+	UpdatedAt          int64  `protobuf:"varint,11,opt,name=updated_at,json=updatedAt,proto3" json:"updated_at,omitempty"`
+	IsSharable         bool   `protobuf:"varint,12,opt,name=is_sharable,json=isSharable,proto3" json:"is_sharable,omitempty"`                           // can be shared with other users (depends where result is stored)
+	NeedSensitiveScope bool   `protobuf:"varint,13,opt,name=need_sensitive_scope,json=needSensitiveScope,proto3" json:"need_sensitive_scope,omitempty"` // need sensitive scope to run queries and read results
 }
 
 func (x *Report) Reset() {
 	*x = Report{}
 	if protoimpl.UnsafeEnabled {
-		mi := &file_proto_dekart_proto_msgTypes[34]
+		mi := &file_proto_dekart_proto_msgTypes[35]
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		ms.StoreMessageInfo(mi)
 	}
@@ -2096,7 +2254,7 @@ func (x *Report) String() string {
 func (*Report) ProtoMessage() {}
 
 func (x *Report) ProtoReflect() protoreflect.Message {
-	mi := &file_proto_dekart_proto_msgTypes[34]
+	mi := &file_proto_dekart_proto_msgTypes[35]
 	if protoimpl.UnsafeEnabled && x != nil {
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		if ms.LoadMessageInfo() == nil {
@@ -2109,7 +2267,7 @@ func (x *Report) ProtoReflect() protoreflect.Message {
 
 // Deprecated: Use Report.ProtoReflect.Descriptor instead.
 func (*Report) Descriptor() ([]byte, []int) {
-	return file_proto_dekart_proto_rawDescGZIP(), []int{34}
+	return file_proto_dekart_proto_rawDescGZIP(), []int{35}
 }
 
 func (x *Report) GetId() string {
@@ -2189,6 +2347,20 @@ func (x *Report) GetUpdatedAt() int64 {
 	return 0
 }
 
+func (x *Report) GetIsSharable() bool {
+	if x != nil {
+		return x.IsSharable
+	}
+	return false
+}
+
+func (x *Report) GetNeedSensitiveScope() bool {
+	if x != nil {
+		return x.NeedSensitiveScope
+	}
+	return false
+}
+
 type Dataset struct {
 	state         protoimpl.MessageState
 	sizeCache     protoimpl.SizeCache
@@ -2207,7 +2379,7 @@ type Dataset struct {
 func (x *Dataset) Reset() {
 	*x = Dataset{}
 	if protoimpl.UnsafeEnabled {
-		mi := &file_proto_dekart_proto_msgTypes[35]
+		mi := &file_proto_dekart_proto_msgTypes[36]
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		ms.StoreMessageInfo(mi)
 	}
@@ -2220,7 +2392,7 @@ func (x *Dataset) String() string {
 func (*Dataset) ProtoMessage() {}
 
 func (x *Dataset) ProtoReflect() protoreflect.Message {
-	mi := &file_proto_dekart_proto_msgTypes[35]
+	mi := &file_proto_dekart_proto_msgTypes[36]
 	if protoimpl.UnsafeEnabled && x != nil {
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		if ms.LoadMessageInfo() == nil {
@@ -2233,7 +2405,7 @@ func (x *Dataset) ProtoReflect() protoreflect.Message {
 
 // Deprecated: Use Dataset.ProtoReflect.Descriptor instead.
 func (*Dataset) Descriptor() ([]byte, []int) {
-	return file_proto_dekart_proto_rawDescGZIP(), []int{35}
+	return file_proto_dekart_proto_rawDescGZIP(), []int{36}
 }
 
 func (x *Dataset) GetId() string {
@@ -2316,7 +2488,7 @@ type Query struct {
 func (x *Query) Reset() {
 	*x = Query{}
 	if protoimpl.UnsafeEnabled {
-		mi := &file_proto_dekart_proto_msgTypes[36]
+		mi := &file_proto_dekart_proto_msgTypes[37]
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		ms.StoreMessageInfo(mi)
 	}
@@ -2329,7 +2501,7 @@ func (x *Query) String() string {
 func (*Query) ProtoMessage() {}
 
 func (x *Query) ProtoReflect() protoreflect.Message {
-	mi := &file_proto_dekart_proto_msgTypes[36]
+	mi := &file_proto_dekart_proto_msgTypes[37]
 	if protoimpl.UnsafeEnabled && x != nil {
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		if ms.LoadMessageInfo() == nil {
@@ -2342,7 +2514,7 @@ func (x *Query) ProtoReflect() protoreflect.Message {
 
 // Deprecated: Use Query.ProtoReflect.Descriptor instead.
 func (*Query) Descriptor() ([]byte, []int) {
-	return file_proto_dekart_proto_rawDescGZIP(), []int{36}
+	return file_proto_dekart_proto_rawDescGZIP(), []int{37}
 }
 
 func (x *Query) GetId() string {
@@ -2455,7 +2627,7 @@ type File struct {
 func (x *File) Reset() {
 	*x = File{}
 	if protoimpl.UnsafeEnabled {
-		mi := &file_proto_dekart_proto_msgTypes[37]
+		mi := &file_proto_dekart_proto_msgTypes[38]
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		ms.StoreMessageInfo(mi)
 	}
@@ -2468,7 +2640,7 @@ func (x *File) String() string {
 func (*File) ProtoMessage() {}
 
 func (x *File) ProtoReflect() protoreflect.Message {
-	mi := &file_proto_dekart_proto_msgTypes[37]
+	mi := &file_proto_dekart_proto_msgTypes[38]
 	if protoimpl.UnsafeEnabled && x != nil {
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		if ms.LoadMessageInfo() == nil {
@@ -2481,7 +2653,7 @@ func (x *File) ProtoReflect() protoreflect.Message {
 
 // Deprecated: Use File.ProtoReflect.Descriptor instead.
 func (*File) Descriptor() ([]byte, []int) {
-	return file_proto_dekart_proto_rawDescGZIP(), []int{37}
+	return file_proto_dekart_proto_rawDescGZIP(), []int{38}
 }
 
 func (x *File) GetId() string {
@@ -2559,7 +2731,7 @@ type UpdateReportRequest struct {
 func (x *UpdateReportRequest) Reset() {
 	*x = UpdateReportRequest{}
 	if protoimpl.UnsafeEnabled {
-		mi := &file_proto_dekart_proto_msgTypes[38]
+		mi := &file_proto_dekart_proto_msgTypes[39]
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		ms.StoreMessageInfo(mi)
 	}
@@ -2572,7 +2744,7 @@ func (x *UpdateReportRequest) String() string {
 func (*UpdateReportRequest) ProtoMessage() {}
 
 func (x *UpdateReportRequest) ProtoReflect() protoreflect.Message {
-	mi := &file_proto_dekart_proto_msgTypes[38]
+	mi := &file_proto_dekart_proto_msgTypes[39]
 	if protoimpl.UnsafeEnabled && x != nil {
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		if ms.LoadMessageInfo() == nil {
@@ -2585,7 +2757,7 @@ func (x *UpdateReportRequest) ProtoReflect() protoreflect.Message {
 
 // Deprecated: Use UpdateReportRequest.ProtoReflect.Descriptor instead.
 func (*UpdateReportRequest) Descriptor() ([]byte, []int) {
-	return file_proto_dekart_proto_rawDescGZIP(), []int{38}
+	return file_proto_dekart_proto_rawDescGZIP(), []int{39}
 }
 
 func (x *UpdateReportRequest) GetReport() *Report {
@@ -2611,7 +2783,7 @@ type UpdateReportResponse struct {
 func (x *UpdateReportResponse) Reset() {
 	*x = UpdateReportResponse{}
 	if protoimpl.UnsafeEnabled {
-		mi := &file_proto_dekart_proto_msgTypes[39]
+		mi := &file_proto_dekart_proto_msgTypes[40]
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		ms.StoreMessageInfo(mi)
 	}
@@ -2624,7 +2796,7 @@ func (x *UpdateReportResponse) String() string {
 func (*UpdateReportResponse) ProtoMessage() {}
 
 func (x *UpdateReportResponse) ProtoReflect() protoreflect.Message {
-	mi := &file_proto_dekart_proto_msgTypes[39]
+	mi := &file_proto_dekart_proto_msgTypes[40]
 	if protoimpl.UnsafeEnabled && x != nil {
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		if ms.LoadMessageInfo() == nil {
@@ -2637,7 +2809,7 @@ func (x *UpdateReportResponse) ProtoReflect() protoreflect.Message {
 
 // Deprecated: Use UpdateReportResponse.ProtoReflect.Descriptor instead.
 func (*UpdateReportResponse) Descriptor() ([]byte, []int) {
-	return file_proto_dekart_proto_rawDescGZIP(), []int{39}
+	return file_proto_dekart_proto_rawDescGZIP(), []int{40}
 }
 
 type RunQueryRequest struct {
@@ -2652,7 +2824,7 @@ type RunQueryRequest struct {
 func (x *RunQueryRequest) Reset() {
 	*x = RunQueryRequest{}
 	if protoimpl.UnsafeEnabled {
-		mi := &file_proto_dekart_proto_msgTypes[40]
+		mi := &file_proto_dekart_proto_msgTypes[41]
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		ms.StoreMessageInfo(mi)
 	}
@@ -2665,7 +2837,7 @@ func (x *RunQueryRequest) String() string {
 func (*RunQueryRequest) ProtoMessage() {}
 
 func (x *RunQueryRequest) ProtoReflect() protoreflect.Message {
-	mi := &file_proto_dekart_proto_msgTypes[40]
+	mi := &file_proto_dekart_proto_msgTypes[41]
 	if protoimpl.UnsafeEnabled && x != nil {
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		if ms.LoadMessageInfo() == nil {
@@ -2678,7 +2850,7 @@ func (x *RunQueryRequest) ProtoReflect() protoreflect.Message {
 
 // Deprecated: Use RunQueryRequest.ProtoReflect.Descriptor instead.
 func (*RunQueryRequest) Descriptor() ([]byte, []int) {
-	return file_proto_dekart_proto_rawDescGZIP(), []int{40}
+	return file_proto_dekart_proto_rawDescGZIP(), []int{41}
 }
 
 func (x *RunQueryRequest) GetQueryId() string {
@@ -2704,7 +2876,7 @@ type RunQueryResponse struct {
 func (x *RunQueryResponse) Reset() {
 	*x = RunQueryResponse{}
 	if protoimpl.UnsafeEnabled {
-		mi := &file_proto_dekart_proto_msgTypes[41]
+		mi := &file_proto_dekart_proto_msgTypes[42]
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		ms.StoreMessageInfo(mi)
 	}
@@ -2717,7 +2889,7 @@ func (x *RunQueryResponse) String() string {
 func (*RunQueryResponse) ProtoMessage() {}
 
 func (x *RunQueryResponse) ProtoReflect() protoreflect.Message {
-	mi := &file_proto_dekart_proto_msgTypes[41]
+	mi := &file_proto_dekart_proto_msgTypes[42]
 	if protoimpl.UnsafeEnabled && x != nil {
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		if ms.LoadMessageInfo() == nil {
@@ -2730,7 +2902,7 @@ func (x *RunQueryResponse) ProtoReflect() protoreflect.Message {
 
 // Deprecated: Use RunQueryResponse.ProtoReflect.Descriptor instead.
 func (*RunQueryResponse) Descriptor() ([]byte, []int) {
-	return file_proto_dekart_proto_rawDescGZIP(), []int{41}
+	return file_proto_dekart_proto_rawDescGZIP(), []int{42}
 }
 
 type CancelQueryRequest struct {
@@ -2744,7 +2916,7 @@ type CancelQueryRequest struct {
 func (x *CancelQueryRequest) Reset() {
 	*x = CancelQueryRequest{}
 	if protoimpl.UnsafeEnabled {
-		mi := &file_proto_dekart_proto_msgTypes[42]
+		mi := &file_proto_dekart_proto_msgTypes[43]
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		ms.StoreMessageInfo(mi)
 	}
@@ -2757,7 +2929,7 @@ func (x *CancelQueryRequest) String() string {
 func (*CancelQueryRequest) ProtoMessage() {}
 
 func (x *CancelQueryRequest) ProtoReflect() protoreflect.Message {
-	mi := &file_proto_dekart_proto_msgTypes[42]
+	mi := &file_proto_dekart_proto_msgTypes[43]
 	if protoimpl.UnsafeEnabled && x != nil {
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		if ms.LoadMessageInfo() == nil {
@@ -2770,7 +2942,7 @@ func (x *CancelQueryRequest) ProtoReflect() protoreflect.Message {
 
 // Deprecated: Use CancelQueryRequest.ProtoReflect.Descriptor instead.
 func (*CancelQueryRequest) Descriptor() ([]byte, []int) {
-	return file_proto_dekart_proto_rawDescGZIP(), []int{42}
+	return file_proto_dekart_proto_rawDescGZIP(), []int{43}
 }
 
 func (x *CancelQueryRequest) GetQueryId() string {
@@ -2789,7 +2961,7 @@ type CancelQueryResponse struct {
 func (x *CancelQueryResponse) Reset() {
 	*x = CancelQueryResponse{}
 	if protoimpl.UnsafeEnabled {
-		mi := &file_proto_dekart_proto_msgTypes[43]
+		mi := &file_proto_dekart_proto_msgTypes[44]
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		ms.StoreMessageInfo(mi)
 	}
@@ -2802,7 +2974,7 @@ func (x *CancelQueryResponse) String() string {
 func (*CancelQueryResponse) ProtoMessage() {}
 
 func (x *CancelQueryResponse) ProtoReflect() protoreflect.Message {
-	mi := &file_proto_dekart_proto_msgTypes[43]
+	mi := &file_proto_dekart_proto_msgTypes[44]
 	if protoimpl.UnsafeEnabled && x != nil {
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		if ms.LoadMessageInfo() == nil {
@@ -2815,7 +2987,7 @@ func (x *CancelQueryResponse) ProtoReflect() protoreflect.Message {
 
 // Deprecated: Use CancelQueryResponse.ProtoReflect.Descriptor instead.
 func (*CancelQueryResponse) Descriptor() ([]byte, []int) {
-	return file_proto_dekart_proto_rawDescGZIP(), []int{43}
+	return file_proto_dekart_proto_rawDescGZIP(), []int{44}
 }
 
 type UpdateDatasetNameRequest struct {
@@ -2830,7 +3002,7 @@ type UpdateDatasetNameRequest struct {
 func (x *UpdateDatasetNameRequest) Reset() {
 	*x = UpdateDatasetNameRequest{}
 	if protoimpl.UnsafeEnabled {
-		mi := &file_proto_dekart_proto_msgTypes[44]
+		mi := &file_proto_dekart_proto_msgTypes[45]
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		ms.StoreMessageInfo(mi)
 	}
@@ -2843,7 +3015,7 @@ func (x *UpdateDatasetNameRequest) String() string {
 func (*UpdateDatasetNameRequest) ProtoMessage() {}
 
 func (x *UpdateDatasetNameRequest) ProtoReflect() protoreflect.Message {
-	mi := &file_proto_dekart_proto_msgTypes[44]
+	mi := &file_proto_dekart_proto_msgTypes[45]
 	if protoimpl.UnsafeEnabled && x != nil {
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		if ms.LoadMessageInfo() == nil {
@@ -2856,7 +3028,7 @@ func (x *UpdateDatasetNameRequest) ProtoReflect() protoreflect.Message {
 
 // Deprecated: Use UpdateDatasetNameRequest.ProtoReflect.Descriptor instead.
 func (*UpdateDatasetNameRequest) Descriptor() ([]byte, []int) {
-	return file_proto_dekart_proto_rawDescGZIP(), []int{44}
+	return file_proto_dekart_proto_rawDescGZIP(), []int{45}
 }
 
 func (x *UpdateDatasetNameRequest) GetDatasetId() string {
@@ -2882,7 +3054,7 @@ type UpdateDatasetNameResponse struct {
 func (x *UpdateDatasetNameResponse) Reset() {
 	*x = UpdateDatasetNameResponse{}
 	if protoimpl.UnsafeEnabled {
-		mi := &file_proto_dekart_proto_msgTypes[45]
+		mi := &file_proto_dekart_proto_msgTypes[46]
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		ms.StoreMessageInfo(mi)
 	}
@@ -2895,7 +3067,7 @@ func (x *UpdateDatasetNameResponse) String() string {
 func (*UpdateDatasetNameResponse) ProtoMessage() {}
 
 func (x *UpdateDatasetNameResponse) ProtoReflect() protoreflect.Message {
-	mi := &file_proto_dekart_proto_msgTypes[45]
+	mi := &file_proto_dekart_proto_msgTypes[46]
 	if protoimpl.UnsafeEnabled && x != nil {
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		if ms.LoadMessageInfo() == nil {
@@ -2908,7 +3080,7 @@ func (x *UpdateDatasetNameResponse) ProtoReflect() protoreflect.Message {
 
 // Deprecated: Use UpdateDatasetNameResponse.ProtoReflect.Descriptor instead.
 func (*UpdateDatasetNameResponse) Descriptor() ([]byte, []int) {
-	return file_proto_dekart_proto_rawDescGZIP(), []int{45}
+	return file_proto_dekart_proto_rawDescGZIP(), []int{46}
 }
 
 type UpdateDatasetConnectionRequest struct {
@@ -2923,7 +3095,7 @@ type UpdateDatasetConnectionRequest struct {
 func (x *UpdateDatasetConnectionRequest) Reset() {
 	*x = UpdateDatasetConnectionRequest{}
 	if protoimpl.UnsafeEnabled {
-		mi := &file_proto_dekart_proto_msgTypes[46]
+		mi := &file_proto_dekart_proto_msgTypes[47]
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		ms.StoreMessageInfo(mi)
 	}
@@ -2936,7 +3108,7 @@ func (x *UpdateDatasetConnectionRequest) String() string {
 func (*UpdateDatasetConnectionRequest) ProtoMessage() {}
 
 func (x *UpdateDatasetConnectionRequest) ProtoReflect() protoreflect.Message {
-	mi := &file_proto_dekart_proto_msgTypes[46]
+	mi := &file_proto_dekart_proto_msgTypes[47]
 	if protoimpl.UnsafeEnabled && x != nil {
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		if ms.LoadMessageInfo() == nil {
@@ -2949,7 +3121,7 @@ func (x *UpdateDatasetConnectionRequest) ProtoReflect() protoreflect.Message {
 
 // Deprecated: Use UpdateDatasetConnectionRequest.ProtoReflect.Descriptor instead.
 func (*UpdateDatasetConnectionRequest) Descriptor() ([]byte, []int) {
-	return file_proto_dekart_proto_rawDescGZIP(), []int{46}
+	return file_proto_dekart_proto_rawDescGZIP(), []int{47}
 }
 
 func (x *UpdateDatasetConnectionRequest) GetDatasetId() string {
@@ -2975,7 +3147,7 @@ type UpdateDatasetConnectionResponse struct {
 func (x *UpdateDatasetConnectionResponse) Reset() {
 	*x = UpdateDatasetConnectionResponse{}
 	if protoimpl.UnsafeEnabled {
-		mi := &file_proto_dekart_proto_msgTypes[47]
+		mi := &file_proto_dekart_proto_msgTypes[48]
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		ms.StoreMessageInfo(mi)
 	}
@@ -2988,7 +3160,7 @@ func (x *UpdateDatasetConnectionResponse) String() string {
 func (*UpdateDatasetConnectionResponse) ProtoMessage() {}
 
 func (x *UpdateDatasetConnectionResponse) ProtoReflect() protoreflect.Message {
-	mi := &file_proto_dekart_proto_msgTypes[47]
+	mi := &file_proto_dekart_proto_msgTypes[48]
 	if protoimpl.UnsafeEnabled && x != nil {
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		if ms.LoadMessageInfo() == nil {
@@ -3001,7 +3173,7 @@ func (x *UpdateDatasetConnectionResponse) ProtoReflect() protoreflect.Message {
 
 // Deprecated: Use UpdateDatasetConnectionResponse.ProtoReflect.Descriptor instead.
 func (*UpdateDatasetConnectionResponse) Descriptor() ([]byte, []int) {
-	return file_proto_dekart_proto_rawDescGZIP(), []int{47}
+	return file_proto_dekart_proto_rawDescGZIP(), []int{48}
 }
 
 type CreateDatasetRequest struct {
@@ -3015,7 +3187,7 @@ type CreateDatasetRequest struct {
 func (x *CreateDatasetRequest) Reset() {
 	*x = CreateDatasetRequest{}
 	if protoimpl.UnsafeEnabled {
-		mi := &file_proto_dekart_proto_msgTypes[48]
+		mi := &file_proto_dekart_proto_msgTypes[49]
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		ms.StoreMessageInfo(mi)
 	}
@@ -3028,7 +3200,7 @@ func (x *CreateDatasetRequest) String() string {
 func (*CreateDatasetRequest) ProtoMessage() {}
 
 func (x *CreateDatasetRequest) ProtoReflect() protoreflect.Message {
-	mi := &file_proto_dekart_proto_msgTypes[48]
+	mi := &file_proto_dekart_proto_msgTypes[49]
 	if protoimpl.UnsafeEnabled && x != nil {
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		if ms.LoadMessageInfo() == nil {
@@ -3041,7 +3213,7 @@ func (x *CreateDatasetRequest) ProtoReflect() protoreflect.Message {
 
 // Deprecated: Use CreateDatasetRequest.ProtoReflect.Descriptor instead.
 func (*CreateDatasetRequest) Descriptor() ([]byte, []int) {
-	return file_proto_dekart_proto_rawDescGZIP(), []int{48}
+	return file_proto_dekart_proto_rawDescGZIP(), []int{49}
 }
 
 func (x *CreateDatasetRequest) GetReportId() string {
@@ -3060,7 +3232,7 @@ type CreateDatasetResponse struct {
 func (x *CreateDatasetResponse) Reset() {
 	*x = CreateDatasetResponse{}
 	if protoimpl.UnsafeEnabled {
-		mi := &file_proto_dekart_proto_msgTypes[49]
+		mi := &file_proto_dekart_proto_msgTypes[50]
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		ms.StoreMessageInfo(mi)
 	}
@@ -3073,7 +3245,7 @@ func (x *CreateDatasetResponse) String() string {
 func (*CreateDatasetResponse) ProtoMessage() {}
 
 func (x *CreateDatasetResponse) ProtoReflect() protoreflect.Message {
-	mi := &file_proto_dekart_proto_msgTypes[49]
+	mi := &file_proto_dekart_proto_msgTypes[50]
 	if protoimpl.UnsafeEnabled && x != nil {
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		if ms.LoadMessageInfo() == nil {
@@ -3086,7 +3258,7 @@ func (x *CreateDatasetResponse) ProtoReflect() protoreflect.Message {
 
 // Deprecated: Use CreateDatasetResponse.ProtoReflect.Descriptor instead.
 func (*CreateDatasetResponse) Descriptor() ([]byte, []int) {
-	return file_proto_dekart_proto_rawDescGZIP(), []int{49}
+	return file_proto_dekart_proto_rawDescGZIP(), []int{50}
 }
 
 type CreateFileRequest struct {
@@ -3100,7 +3272,7 @@ type CreateFileRequest struct {
 func (x *CreateFileRequest) Reset() {
 	*x = CreateFileRequest{}
 	if protoimpl.UnsafeEnabled {
-		mi := &file_proto_dekart_proto_msgTypes[50]
+		mi := &file_proto_dekart_proto_msgTypes[51]
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		ms.StoreMessageInfo(mi)
 	}
@@ -3113,7 +3285,7 @@ func (x *CreateFileRequest) String() string {
 func (*CreateFileRequest) ProtoMessage() {}
 
 func (x *CreateFileRequest) ProtoReflect() protoreflect.Message {
-	mi := &file_proto_dekart_proto_msgTypes[50]
+	mi := &file_proto_dekart_proto_msgTypes[51]
 	if protoimpl.UnsafeEnabled && x != nil {
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		if ms.LoadMessageInfo() == nil {
@@ -3126,7 +3298,7 @@ func (x *CreateFileRequest) ProtoReflect() protoreflect.Message {
 
 // Deprecated: Use CreateFileRequest.ProtoReflect.Descriptor instead.
 func (*CreateFileRequest) Descriptor() ([]byte, []int) {
-	return file_proto_dekart_proto_rawDescGZIP(), []int{50}
+	return file_proto_dekart_proto_rawDescGZIP(), []int{51}
 }
 
 func (x *CreateFileRequest) GetDatasetId() string {
@@ -3147,7 +3319,7 @@ type CreateFileResponse struct {
 func (x *CreateFileResponse) Reset() {
 	*x = CreateFileResponse{}
 	if protoimpl.UnsafeEnabled {
-		mi := &file_proto_dekart_proto_msgTypes[51]
+		mi := &file_proto_dekart_proto_msgTypes[52]
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		ms.StoreMessageInfo(mi)
 	}
@@ -3160,7 +3332,7 @@ func (x *CreateFileResponse) String() string {
 func (*CreateFileResponse) ProtoMessage() {}
 
 func (x *CreateFileResponse) ProtoReflect() protoreflect.Message {
-	mi := &file_proto_dekart_proto_msgTypes[51]
+	mi := &file_proto_dekart_proto_msgTypes[52]
 	if protoimpl.UnsafeEnabled && x != nil {
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		if ms.LoadMessageInfo() == nil {
@@ -3173,7 +3345,7 @@ func (x *CreateFileResponse) ProtoReflect() protoreflect.Message {
 
 // Deprecated: Use CreateFileResponse.ProtoReflect.Descriptor instead.
 func (*CreateFileResponse) Descriptor() ([]byte, []int) {
-	return file_proto_dekart_proto_rawDescGZIP(), []int{51}
+	return file_proto_dekart_proto_rawDescGZIP(), []int{52}
 }
 
 func (x *CreateFileResponse) GetFileId() string {
@@ -3194,7 +3366,7 @@ type CreateQueryRequest struct {
 func (x *CreateQueryRequest) Reset() {
 	*x = CreateQueryRequest{}
 	if protoimpl.UnsafeEnabled {
-		mi := &file_proto_dekart_proto_msgTypes[52]
+		mi := &file_proto_dekart_proto_msgTypes[53]
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		ms.StoreMessageInfo(mi)
 	}
@@ -3207,7 +3379,7 @@ func (x *CreateQueryRequest) String() string {
 func (*CreateQueryRequest) ProtoMessage() {}
 
 func (x *CreateQueryRequest) ProtoReflect() protoreflect.Message {
-	mi := &file_proto_dekart_proto_msgTypes[52]
+	mi := &file_proto_dekart_proto_msgTypes[53]
 	if protoimpl.UnsafeEnabled && x != nil {
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		if ms.LoadMessageInfo() == nil {
@@ -3220,7 +3392,7 @@ func (x *CreateQueryRequest) ProtoReflect() protoreflect.Message {
 
 // Deprecated: Use CreateQueryRequest.ProtoReflect.Descriptor instead.
 func (*CreateQueryRequest) Descriptor() ([]byte, []int) {
-	return file_proto_dekart_proto_rawDescGZIP(), []int{52}
+	return file_proto_dekart_proto_rawDescGZIP(), []int{53}
 }
 
 func (x *CreateQueryRequest) GetDatasetId() string {
@@ -3241,7 +3413,7 @@ type CreateQueryResponse struct {
 func (x *CreateQueryResponse) Reset() {
 	*x = CreateQueryResponse{}
 	if protoimpl.UnsafeEnabled {
-		mi := &file_proto_dekart_proto_msgTypes[53]
+		mi := &file_proto_dekart_proto_msgTypes[54]
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		ms.StoreMessageInfo(mi)
 	}
@@ -3254,7 +3426,7 @@ func (x *CreateQueryResponse) String() string {
 func (*CreateQueryResponse) ProtoMessage() {}
 
 func (x *CreateQueryResponse) ProtoReflect() protoreflect.Message {
-	mi := &file_proto_dekart_proto_msgTypes[53]
+	mi := &file_proto_dekart_proto_msgTypes[54]
 	if protoimpl.UnsafeEnabled && x != nil {
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		if ms.LoadMessageInfo() == nil {
@@ -3267,7 +3439,7 @@ func (x *CreateQueryResponse) ProtoReflect() protoreflect.Message {
 
 // Deprecated: Use CreateQueryResponse.ProtoReflect.Descriptor instead.
 func (*CreateQueryResponse) Descriptor() ([]byte, []int) {
-	return file_proto_dekart_proto_rawDescGZIP(), []int{53}
+	return file_proto_dekart_proto_rawDescGZIP(), []int{54}
 }
 
 func (x *CreateQueryResponse) GetQuery() *Query {
@@ -3289,7 +3461,7 @@ type ReportStreamRequest struct {
 func (x *ReportStreamRequest) Reset() {
 	*x = ReportStreamRequest{}
 	if protoimpl.UnsafeEnabled {
-		mi := &file_proto_dekart_proto_msgTypes[54]
+		mi := &file_proto_dekart_proto_msgTypes[55]
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		ms.StoreMessageInfo(mi)
 	}
@@ -3302,7 +3474,7 @@ func (x *ReportStreamRequest) String() string {
 func (*ReportStreamRequest) ProtoMessage() {}
 
 func (x *ReportStreamRequest) ProtoReflect() protoreflect.Message {
-	mi := &file_proto_dekart_proto_msgTypes[54]
+	mi := &file_proto_dekart_proto_msgTypes[55]
 	if protoimpl.UnsafeEnabled && x != nil {
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		if ms.LoadMessageInfo() == nil {
@@ -3315,7 +3487,7 @@ func (x *ReportStreamRequest) ProtoReflect() protoreflect.Message {
 
 // Deprecated: Use ReportStreamRequest.ProtoReflect.Descriptor instead.
 func (*ReportStreamRequest) Descriptor() ([]byte, []int) {
-	return file_proto_dekart_proto_rawDescGZIP(), []int{54}
+	return file_proto_dekart_proto_rawDescGZIP(), []int{55}
 }
 
 func (x *ReportStreamRequest) GetReport() *Report {
@@ -3348,7 +3520,7 @@ type ReportStreamResponse struct {
 func (x *ReportStreamResponse) Reset() {
 	*x = ReportStreamResponse{}
 	if protoimpl.UnsafeEnabled {
-		mi := &file_proto_dekart_proto_msgTypes[55]
+		mi := &file_proto_dekart_proto_msgTypes[56]
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		ms.StoreMessageInfo(mi)
 	}
@@ -3361,7 +3533,7 @@ func (x *ReportStreamResponse) String() string {
 func (*ReportStreamResponse) ProtoMessage() {}
 
 func (x *ReportStreamResponse) ProtoReflect() protoreflect.Message {
-	mi := &file_proto_dekart_proto_msgTypes[55]
+	mi := &file_proto_dekart_proto_msgTypes[56]
 	if protoimpl.UnsafeEnabled && x != nil {
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		if ms.LoadMessageInfo() == nil {
@@ -3374,7 +3546,7 @@ func (x *ReportStreamResponse) ProtoReflect() protoreflect.Message {
 
 // Deprecated: Use ReportStreamResponse.ProtoReflect.Descriptor instead.
 func (*ReportStreamResponse) Descriptor() ([]byte, []int) {
-	return file_proto_dekart_proto_rawDescGZIP(), []int{55}
+	return file_proto_dekart_proto_rawDescGZIP(), []int{56}
 }
 
 func (x *ReportStreamResponse) GetReport() *Report {
@@ -3430,7 +3602,7 @@ type ForkReportRequest struct {
 func (x *ForkReportRequest) Reset() {
 	*x = ForkReportRequest{}
 	if protoimpl.UnsafeEnabled {
-		mi := &file_proto_dekart_proto_msgTypes[56]
+		mi := &file_proto_dekart_proto_msgTypes[57]
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		ms.StoreMessageInfo(mi)
 	}
@@ -3443,7 +3615,7 @@ func (x *ForkReportRequest) String() string {
 func (*ForkReportRequest) ProtoMessage() {}
 
 func (x *ForkReportRequest) ProtoReflect() protoreflect.Message {
-	mi := &file_proto_dekart_proto_msgTypes[56]
+	mi := &file_proto_dekart_proto_msgTypes[57]
 	if protoimpl.UnsafeEnabled && x != nil {
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		if ms.LoadMessageInfo() == nil {
@@ -3456,7 +3628,7 @@ func (x *ForkReportRequest) ProtoReflect() protoreflect.Message {
 
 // Deprecated: Use ForkReportRequest.ProtoReflect.Descriptor instead.
 func (*ForkReportRequest) Descriptor() ([]byte, []int) {
-	return file_proto_dekart_proto_rawDescGZIP(), []int{56}
+	return file_proto_dekart_proto_rawDescGZIP(), []int{57}
 }
 
 func (x *ForkReportRequest) GetReportId() string {
@@ -3477,7 +3649,7 @@ type ForkReportResponse struct {
 func (x *ForkReportResponse) Reset() {
 	*x = ForkReportResponse{}
 	if protoimpl.UnsafeEnabled {
-		mi := &file_proto_dekart_proto_msgTypes[57]
+		mi := &file_proto_dekart_proto_msgTypes[58]
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		ms.StoreMessageInfo(mi)
 	}
@@ -3490,7 +3662,7 @@ func (x *ForkReportResponse) String() string {
 func (*ForkReportResponse) ProtoMessage() {}
 
 func (x *ForkReportResponse) ProtoReflect() protoreflect.Message {
-	mi := &file_proto_dekart_proto_msgTypes[57]
+	mi := &file_proto_dekart_proto_msgTypes[58]
 	if protoimpl.UnsafeEnabled && x != nil {
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		if ms.LoadMessageInfo() == nil {
@@ -3503,7 +3675,7 @@ func (x *ForkReportResponse) ProtoReflect() protoreflect.Message {
 
 // Deprecated: Use ForkReportResponse.ProtoReflect.Descriptor instead.
 func (*ForkReportResponse) Descriptor() ([]byte, []int) {
-	return file_proto_dekart_proto_rawDescGZIP(), []int{57}
+	return file_proto_dekart_proto_rawDescGZIP(), []int{58}
 }
 
 func (x *ForkReportResponse) GetReportId() string {
@@ -3522,7 +3694,7 @@ type CreateReportRequest struct {
 func (x *CreateReportRequest) Reset() {
 	*x = CreateReportRequest{}
 	if protoimpl.UnsafeEnabled {
-		mi := &file_proto_dekart_proto_msgTypes[58]
+		mi := &file_proto_dekart_proto_msgTypes[59]
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		ms.StoreMessageInfo(mi)
 	}
@@ -3535,7 +3707,7 @@ func (x *CreateReportRequest) String() string {
 func (*CreateReportRequest) ProtoMessage() {}
 
 func (x *CreateReportRequest) ProtoReflect() protoreflect.Message {
-	mi := &file_proto_dekart_proto_msgTypes[58]
+	mi := &file_proto_dekart_proto_msgTypes[59]
 	if protoimpl.UnsafeEnabled && x != nil {
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		if ms.LoadMessageInfo() == nil {
@@ -3548,7 +3720,7 @@ func (x *CreateReportRequest) ProtoReflect() protoreflect.Message {
 
 // Deprecated: Use CreateReportRequest.ProtoReflect.Descriptor instead.
 func (*CreateReportRequest) Descriptor() ([]byte, []int) {
-	return file_proto_dekart_proto_rawDescGZIP(), []int{58}
+	return file_proto_dekart_proto_rawDescGZIP(), []int{59}
 }
 
 type CreateReportResponse struct {
@@ -3562,7 +3734,7 @@ type CreateReportResponse struct {
 func (x *CreateReportResponse) Reset() {
 	*x = CreateReportResponse{}
 	if protoimpl.UnsafeEnabled {
-		mi := &file_proto_dekart_proto_msgTypes[59]
+		mi := &file_proto_dekart_proto_msgTypes[60]
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		ms.StoreMessageInfo(mi)
 	}
@@ -3575,7 +3747,7 @@ func (x *CreateReportResponse) String() string {
 func (*CreateReportResponse) ProtoMessage() {}
 
 func (x *CreateReportResponse) ProtoReflect() protoreflect.Message {
-	mi := &file_proto_dekart_proto_msgTypes[59]
+	mi := &file_proto_dekart_proto_msgTypes[60]
 	if protoimpl.UnsafeEnabled && x != nil {
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		if ms.LoadMessageInfo() == nil {
@@ -3588,7 +3760,7 @@ func (x *CreateReportResponse) ProtoReflect() protoreflect.Message {
 
 // Deprecated: Use CreateReportResponse.ProtoReflect.Descriptor instead.
 func (*CreateReportResponse) Descriptor() ([]byte, []int) {
-	return file_proto_dekart_proto_rawDescGZIP(), []int{59}
+	return file_proto_dekart_proto_rawDescGZIP(), []int{60}
 }
 
 func (x *CreateReportResponse) GetReport() *Report {
@@ -3610,7 +3782,7 @@ type GetEnvResponse_Variable struct {
 func (x *GetEnvResponse_Variable) Reset() {
 	*x = GetEnvResponse_Variable{}
 	if protoimpl.UnsafeEnabled {
-		mi := &file_proto_dekart_proto_msgTypes[60]
+		mi := &file_proto_dekart_proto_msgTypes[61]
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		ms.StoreMessageInfo(mi)
 	}
@@ -3623,7 +3795,7 @@ func (x *GetEnvResponse_Variable) String() string {
 func (*GetEnvResponse_Variable) ProtoMessage() {}
 
 func (x *GetEnvResponse_Variable) ProtoReflect() protoreflect.Message {
-	mi := &file_proto_dekart_proto_msgTypes[60]
+	mi := &file_proto_dekart_proto_msgTypes[61]
 	if protoimpl.UnsafeEnabled && x != nil {
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		if ms.LoadMessageInfo() == nil {
@@ -3636,7 +3808,7 @@ func (x *GetEnvResponse_Variable) ProtoReflect() protoreflect.Message {
 
 // Deprecated: Use GetEnvResponse_Variable.ProtoReflect.Descriptor instead.
 func (*GetEnvResponse_Variable) Descriptor() ([]byte, []int) {
-	return file_proto_dekart_proto_rawDescGZIP(), []int{27, 0}
+	return file_proto_dekart_proto_rawDescGZIP(), []int{28, 0}
 }
 
 func (x *GetEnvResponse_Variable) GetType() GetEnvResponse_Variable_Type {
@@ -3685,7 +3857,7 @@ var file_proto_dekart_proto_rawDesc = []byte{
 	0x74, 0x72, 0x65, 0x61, 0x6d, 0x5f, 0x6f, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x18, 0x01, 0x20,
 	0x01, 0x28, 0x0b, 0x32, 0x0e, 0x2e, 0x53, 0x74, 0x72, 0x65, 0x61, 0x6d, 0x4f, 0x70, 0x74, 0x69,
 	0x6f, 0x6e, 0x73, 0x52, 0x0d, 0x73, 0x74, 0x72, 0x65, 0x61, 0x6d, 0x4f, 0x70, 0x74, 0x69, 0x6f,
-	0x6e, 0x73, 0x22, 0x8e, 0x02, 0x0a, 0x15, 0x47, 0x65, 0x74, 0x55, 0x73, 0x65, 0x72, 0x53, 0x74,
+	0x6e, 0x73, 0x22, 0x91, 0x01, 0x0a, 0x15, 0x47, 0x65, 0x74, 0x55, 0x73, 0x65, 0x72, 0x53, 0x74,
 	0x72, 0x65, 0x61, 0x6d, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x12, 0x35, 0x0a, 0x0e,
 	0x73, 0x74, 0x72, 0x65, 0x61, 0x6d, 0x5f, 0x6f, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x18, 0x01,
 	0x20, 0x01, 0x28, 0x0b, 0x32, 0x0e, 0x2e, 0x53, 0x74, 0x72, 0x65, 0x61, 0x6d, 0x4f, 0x70, 0x74,
@@ -3694,146 +3866,179 @@ var file_proto_dekart_proto_rawDesc = []byte{
 	0x6e, 0x5f, 0x75, 0x70, 0x64, 0x61, 0x74, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x03, 0x52, 0x10,
 	0x63, 0x6f, 0x6e, 0x6e, 0x65, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x55, 0x70, 0x64, 0x61, 0x74, 0x65,
 	0x12, 0x14, 0x0a, 0x05, 0x65, 0x6d, 0x61, 0x69, 0x6c, 0x18, 0x03, 0x20, 0x01, 0x28, 0x09, 0x52,
-	0x05, 0x65, 0x6d, 0x61, 0x69, 0x6c, 0x12, 0x38, 0x0a, 0x18, 0x73, 0x65, 0x6e, 0x73, 0x69, 0x74,
-	0x69, 0x76, 0x65, 0x5f, 0x73, 0x63, 0x6f, 0x70, 0x65, 0x73, 0x5f, 0x67, 0x72, 0x61, 0x6e, 0x74,
-	0x65, 0x64, 0x18, 0x04, 0x20, 0x01, 0x28, 0x08, 0x52, 0x16, 0x73, 0x65, 0x6e, 0x73, 0x69, 0x74,
-	0x69, 0x76, 0x65, 0x53, 0x63, 0x6f, 0x70, 0x65, 0x73, 0x47, 0x72, 0x61, 0x6e, 0x74, 0x65, 0x64,
-	0x12, 0x41, 0x0a, 0x1d, 0x73, 0x65, 0x6e, 0x73, 0x69, 0x74, 0x69, 0x76, 0x65, 0x5f, 0x73, 0x63,
-	0x6f, 0x70, 0x65, 0x73, 0x5f, 0x67, 0x72, 0x61, 0x6e, 0x74, 0x65, 0x64, 0x5f, 0x6f, 0x6e, 0x63,
-	0x65, 0x18, 0x05, 0x20, 0x01, 0x28, 0x08, 0x52, 0x1a, 0x73, 0x65, 0x6e, 0x73, 0x69, 0x74, 0x69,
-	0x76, 0x65, 0x53, 0x63, 0x6f, 0x70, 0x65, 0x73, 0x47, 0x72, 0x61, 0x6e, 0x74, 0x65, 0x64, 0x4f,
-	0x6e, 0x63, 0x65, 0x22, 0x44, 0x0a, 0x15, 0x54, 0x65, 0x73, 0x74, 0x43, 0x6f, 0x6e, 0x6e, 0x65,
-	0x63, 0x74, 0x69, 0x6f, 0x6e, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x12, 0x2b, 0x0a, 0x0a,
-	0x63, 0x6f, 0x6e, 0x6e, 0x65, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0b,
-	0x32, 0x0b, 0x2e, 0x43, 0x6f, 0x6e, 0x6e, 0x65, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x52, 0x0a, 0x63,
-	0x6f, 0x6e, 0x6e, 0x65, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x22, 0x48, 0x0a, 0x16, 0x54, 0x65, 0x73,
-	0x74, 0x43, 0x6f, 0x6e, 0x6e, 0x65, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x52, 0x65, 0x73, 0x70, 0x6f,
-	0x6e, 0x73, 0x65, 0x12, 0x18, 0x0a, 0x07, 0x73, 0x75, 0x63, 0x63, 0x65, 0x73, 0x73, 0x18, 0x01,
-	0x20, 0x01, 0x28, 0x08, 0x52, 0x07, 0x73, 0x75, 0x63, 0x63, 0x65, 0x73, 0x73, 0x12, 0x14, 0x0a,
-	0x05, 0x65, 0x72, 0x72, 0x6f, 0x72, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x05, 0x65, 0x72,
-	0x72, 0x6f, 0x72, 0x22, 0x3f, 0x0a, 0x18, 0x41, 0x72, 0x63, 0x68, 0x69, 0x76, 0x65, 0x43, 0x6f,
+	0x05, 0x65, 0x6d, 0x61, 0x69, 0x6c, 0x22, 0x44, 0x0a, 0x15, 0x54, 0x65, 0x73, 0x74, 0x43, 0x6f,
 	0x6e, 0x6e, 0x65, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x12,
-	0x23, 0x0a, 0x0d, 0x63, 0x6f, 0x6e, 0x6e, 0x65, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x5f, 0x69, 0x64,
-	0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0c, 0x63, 0x6f, 0x6e, 0x6e, 0x65, 0x63, 0x74, 0x69,
-	0x6f, 0x6e, 0x49, 0x64, 0x22, 0x1b, 0x0a, 0x19, 0x41, 0x72, 0x63, 0x68, 0x69, 0x76, 0x65, 0x43,
-	0x6f, 0x6e, 0x6e, 0x65, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73,
-	0x65, 0x22, 0x46, 0x0a, 0x17, 0x55, 0x70, 0x64, 0x61, 0x74, 0x65, 0x43, 0x6f, 0x6e, 0x6e, 0x65,
-	0x63, 0x74, 0x69, 0x6f, 0x6e, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x12, 0x2b, 0x0a, 0x0a,
-	0x63, 0x6f, 0x6e, 0x6e, 0x65, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0b,
-	0x32, 0x0b, 0x2e, 0x43, 0x6f, 0x6e, 0x6e, 0x65, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x52, 0x0a, 0x63,
-	0x6f, 0x6e, 0x6e, 0x65, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x22, 0x47, 0x0a, 0x18, 0x55, 0x70, 0x64,
-	0x61, 0x74, 0x65, 0x43, 0x6f, 0x6e, 0x6e, 0x65, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x52, 0x65, 0x73,
-	0x70, 0x6f, 0x6e, 0x73, 0x65, 0x12, 0x2b, 0x0a, 0x0a, 0x63, 0x6f, 0x6e, 0x6e, 0x65, 0x63, 0x74,
-	0x69, 0x6f, 0x6e, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x0b, 0x2e, 0x43, 0x6f, 0x6e, 0x6e,
-	0x65, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x52, 0x0a, 0x63, 0x6f, 0x6e, 0x6e, 0x65, 0x63, 0x74, 0x69,
-	0x6f, 0x6e, 0x22, 0x46, 0x0a, 0x17, 0x43, 0x72, 0x65, 0x61, 0x74, 0x65, 0x43, 0x6f, 0x6e, 0x6e,
-	0x65, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x12, 0x2b, 0x0a,
-	0x0a, 0x63, 0x6f, 0x6e, 0x6e, 0x65, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x18, 0x01, 0x20, 0x01, 0x28,
-	0x0b, 0x32, 0x0b, 0x2e, 0x43, 0x6f, 0x6e, 0x6e, 0x65, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x52, 0x0a,
-	0x63, 0x6f, 0x6e, 0x6e, 0x65, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x22, 0x47, 0x0a, 0x18, 0x43, 0x72,
-	0x65, 0x61, 0x74, 0x65, 0x43, 0x6f, 0x6e, 0x6e, 0x65, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x52, 0x65,
-	0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x12, 0x2b, 0x0a, 0x0a, 0x63, 0x6f, 0x6e, 0x6e, 0x65, 0x63,
-	0x74, 0x69, 0x6f, 0x6e, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x0b, 0x2e, 0x43, 0x6f, 0x6e,
-	0x6e, 0x65, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x52, 0x0a, 0x63, 0x6f, 0x6e, 0x6e, 0x65, 0x63, 0x74,
-	0x69, 0x6f, 0x6e, 0x22, 0xf4, 0x02, 0x0a, 0x0a, 0x43, 0x6f, 0x6e, 0x6e, 0x65, 0x63, 0x74, 0x69,
-	0x6f, 0x6e, 0x12, 0x0e, 0x0a, 0x02, 0x69, 0x64, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x02,
-	0x69, 0x64, 0x12, 0x27, 0x0a, 0x0f, 0x63, 0x6f, 0x6e, 0x6e, 0x65, 0x63, 0x74, 0x69, 0x6f, 0x6e,
-	0x5f, 0x6e, 0x61, 0x6d, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0e, 0x63, 0x6f, 0x6e,
-	0x6e, 0x65, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x4e, 0x61, 0x6d, 0x65, 0x12, 0x2e, 0x0a, 0x13, 0x62,
-	0x69, 0x67, 0x71, 0x75, 0x65, 0x72, 0x79, 0x5f, 0x70, 0x72, 0x6f, 0x6a, 0x65, 0x63, 0x74, 0x5f,
-	0x69, 0x64, 0x18, 0x03, 0x20, 0x01, 0x28, 0x09, 0x52, 0x11, 0x62, 0x69, 0x67, 0x71, 0x75, 0x65,
-	0x72, 0x79, 0x50, 0x72, 0x6f, 0x6a, 0x65, 0x63, 0x74, 0x49, 0x64, 0x12, 0x30, 0x0a, 0x14, 0x63,
-	0x6c, 0x6f, 0x75, 0x64, 0x5f, 0x73, 0x74, 0x6f, 0x72, 0x61, 0x67, 0x65, 0x5f, 0x62, 0x75, 0x63,
-	0x6b, 0x65, 0x74, 0x18, 0x04, 0x20, 0x01, 0x28, 0x09, 0x52, 0x12, 0x63, 0x6c, 0x6f, 0x75, 0x64,
-	0x53, 0x74, 0x6f, 0x72, 0x61, 0x67, 0x65, 0x42, 0x75, 0x63, 0x6b, 0x65, 0x74, 0x12, 0x1d, 0x0a,
-	0x0a, 0x69, 0x73, 0x5f, 0x64, 0x65, 0x66, 0x61, 0x75, 0x6c, 0x74, 0x18, 0x05, 0x20, 0x01, 0x28,
-	0x08, 0x52, 0x09, 0x69, 0x73, 0x44, 0x65, 0x66, 0x61, 0x75, 0x6c, 0x74, 0x12, 0x21, 0x0a, 0x0c,
-	0x61, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x5f, 0x65, 0x6d, 0x61, 0x69, 0x6c, 0x18, 0x06, 0x20, 0x01,
-	0x28, 0x09, 0x52, 0x0b, 0x61, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x45, 0x6d, 0x61, 0x69, 0x6c, 0x12,
-	0x1d, 0x0a, 0x0a, 0x63, 0x72, 0x65, 0x61, 0x74, 0x65, 0x64, 0x5f, 0x61, 0x74, 0x18, 0x07, 0x20,
-	0x01, 0x28, 0x03, 0x52, 0x09, 0x63, 0x72, 0x65, 0x61, 0x74, 0x65, 0x64, 0x41, 0x74, 0x12, 0x1d,
-	0x0a, 0x0a, 0x75, 0x70, 0x64, 0x61, 0x74, 0x65, 0x64, 0x5f, 0x61, 0x74, 0x18, 0x08, 0x20, 0x01,
-	0x28, 0x03, 0x52, 0x09, 0x75, 0x70, 0x64, 0x61, 0x74, 0x65, 0x64, 0x41, 0x74, 0x12, 0x23, 0x0a,
-	0x0d, 0x64, 0x61, 0x74, 0x61, 0x73, 0x65, 0x74, 0x5f, 0x63, 0x6f, 0x75, 0x6e, 0x74, 0x18, 0x09,
-	0x20, 0x01, 0x28, 0x03, 0x52, 0x0c, 0x64, 0x61, 0x74, 0x61, 0x73, 0x65, 0x74, 0x43, 0x6f, 0x75,
-	0x6e, 0x74, 0x12, 0x26, 0x0a, 0x0f, 0x63, 0x61, 0x6e, 0x5f, 0x73, 0x74, 0x6f, 0x72, 0x65, 0x5f,
-	0x66, 0x69, 0x6c, 0x65, 0x73, 0x18, 0x0a, 0x20, 0x01, 0x28, 0x08, 0x52, 0x0d, 0x63, 0x61, 0x6e,
-	0x53, 0x74, 0x6f, 0x72, 0x65, 0x46, 0x69, 0x6c, 0x65, 0x73, 0x22, 0x11, 0x0a, 0x0f, 0x47, 0x65,
-	0x74, 0x55, 0x73, 0x61, 0x67, 0x65, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x22, 0xa2, 0x01,
-	0x0a, 0x10, 0x47, 0x65, 0x74, 0x55, 0x73, 0x61, 0x67, 0x65, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e,
-	0x73, 0x65, 0x12, 0x23, 0x0a, 0x0d, 0x74, 0x6f, 0x74, 0x61, 0x6c, 0x5f, 0x72, 0x65, 0x70, 0x6f,
-	0x72, 0x74, 0x73, 0x18, 0x01, 0x20, 0x01, 0x28, 0x03, 0x52, 0x0c, 0x74, 0x6f, 0x74, 0x61, 0x6c,
-	0x52, 0x65, 0x70, 0x6f, 0x72, 0x74, 0x73, 0x12, 0x23, 0x0a, 0x0d, 0x74, 0x6f, 0x74, 0x61, 0x6c,
-	0x5f, 0x71, 0x75, 0x65, 0x72, 0x69, 0x65, 0x73, 0x18, 0x02, 0x20, 0x01, 0x28, 0x03, 0x52, 0x0c,
-	0x74, 0x6f, 0x74, 0x61, 0x6c, 0x51, 0x75, 0x65, 0x72, 0x69, 0x65, 0x73, 0x12, 0x1f, 0x0a, 0x0b,
-	0x74, 0x6f, 0x74, 0x61, 0x6c, 0x5f, 0x66, 0x69, 0x6c, 0x65, 0x73, 0x18, 0x03, 0x20, 0x01, 0x28,
-	0x03, 0x52, 0x0a, 0x74, 0x6f, 0x74, 0x61, 0x6c, 0x46, 0x69, 0x6c, 0x65, 0x73, 0x12, 0x23, 0x0a,
-	0x0d, 0x74, 0x6f, 0x74, 0x61, 0x6c, 0x5f, 0x61, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x73, 0x18, 0x04,
-	0x20, 0x01, 0x28, 0x03, 0x52, 0x0c, 0x74, 0x6f, 0x74, 0x61, 0x6c, 0x41, 0x75, 0x74, 0x68, 0x6f,
-	0x72, 0x73, 0x22, 0x78, 0x0a, 0x16, 0x53, 0x65, 0x74, 0x44, 0x69, 0x73, 0x63, 0x6f, 0x76, 0x65,
-	0x72, 0x61, 0x62, 0x6c, 0x65, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x12, 0x1b, 0x0a, 0x09,
-	0x72, 0x65, 0x70, 0x6f, 0x72, 0x74, 0x5f, 0x69, 0x64, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52,
-	0x08, 0x72, 0x65, 0x70, 0x6f, 0x72, 0x74, 0x49, 0x64, 0x12, 0x22, 0x0a, 0x0c, 0x64, 0x69, 0x73,
-	0x63, 0x6f, 0x76, 0x65, 0x72, 0x61, 0x62, 0x6c, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x08, 0x52,
-	0x0c, 0x64, 0x69, 0x73, 0x63, 0x6f, 0x76, 0x65, 0x72, 0x61, 0x62, 0x6c, 0x65, 0x12, 0x1d, 0x0a,
-	0x0a, 0x61, 0x6c, 0x6c, 0x6f, 0x77, 0x5f, 0x65, 0x64, 0x69, 0x74, 0x18, 0x03, 0x20, 0x01, 0x28,
-	0x08, 0x52, 0x09, 0x61, 0x6c, 0x6c, 0x6f, 0x77, 0x45, 0x64, 0x69, 0x74, 0x22, 0x19, 0x0a, 0x17,
+	0x2b, 0x0a, 0x0a, 0x63, 0x6f, 0x6e, 0x6e, 0x65, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x18, 0x01, 0x20,
+	0x01, 0x28, 0x0b, 0x32, 0x0b, 0x2e, 0x43, 0x6f, 0x6e, 0x6e, 0x65, 0x63, 0x74, 0x69, 0x6f, 0x6e,
+	0x52, 0x0a, 0x63, 0x6f, 0x6e, 0x6e, 0x65, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x22, 0x48, 0x0a, 0x16,
+	0x54, 0x65, 0x73, 0x74, 0x43, 0x6f, 0x6e, 0x6e, 0x65, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x52, 0x65,
+	0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x12, 0x18, 0x0a, 0x07, 0x73, 0x75, 0x63, 0x63, 0x65, 0x73,
+	0x73, 0x18, 0x01, 0x20, 0x01, 0x28, 0x08, 0x52, 0x07, 0x73, 0x75, 0x63, 0x63, 0x65, 0x73, 0x73,
+	0x12, 0x14, 0x0a, 0x05, 0x65, 0x72, 0x72, 0x6f, 0x72, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52,
+	0x05, 0x65, 0x72, 0x72, 0x6f, 0x72, 0x22, 0x3f, 0x0a, 0x18, 0x41, 0x72, 0x63, 0x68, 0x69, 0x76,
+	0x65, 0x43, 0x6f, 0x6e, 0x6e, 0x65, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x52, 0x65, 0x71, 0x75, 0x65,
+	0x73, 0x74, 0x12, 0x23, 0x0a, 0x0d, 0x63, 0x6f, 0x6e, 0x6e, 0x65, 0x63, 0x74, 0x69, 0x6f, 0x6e,
+	0x5f, 0x69, 0x64, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0c, 0x63, 0x6f, 0x6e, 0x6e, 0x65,
+	0x63, 0x74, 0x69, 0x6f, 0x6e, 0x49, 0x64, 0x22, 0x1b, 0x0a, 0x19, 0x41, 0x72, 0x63, 0x68, 0x69,
+	0x76, 0x65, 0x43, 0x6f, 0x6e, 0x6e, 0x65, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x52, 0x65, 0x73, 0x70,
+	0x6f, 0x6e, 0x73, 0x65, 0x22, 0x46, 0x0a, 0x17, 0x55, 0x70, 0x64, 0x61, 0x74, 0x65, 0x43, 0x6f,
+	0x6e, 0x6e, 0x65, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x12,
+	0x2b, 0x0a, 0x0a, 0x63, 0x6f, 0x6e, 0x6e, 0x65, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x18, 0x01, 0x20,
+	0x01, 0x28, 0x0b, 0x32, 0x0b, 0x2e, 0x43, 0x6f, 0x6e, 0x6e, 0x65, 0x63, 0x74, 0x69, 0x6f, 0x6e,
+	0x52, 0x0a, 0x63, 0x6f, 0x6e, 0x6e, 0x65, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x22, 0x47, 0x0a, 0x18,
+	0x55, 0x70, 0x64, 0x61, 0x74, 0x65, 0x43, 0x6f, 0x6e, 0x6e, 0x65, 0x63, 0x74, 0x69, 0x6f, 0x6e,
+	0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x12, 0x2b, 0x0a, 0x0a, 0x63, 0x6f, 0x6e, 0x6e,
+	0x65, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x0b, 0x2e, 0x43,
+	0x6f, 0x6e, 0x6e, 0x65, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x52, 0x0a, 0x63, 0x6f, 0x6e, 0x6e, 0x65,
+	0x63, 0x74, 0x69, 0x6f, 0x6e, 0x22, 0x46, 0x0a, 0x17, 0x43, 0x72, 0x65, 0x61, 0x74, 0x65, 0x43,
+	0x6f, 0x6e, 0x6e, 0x65, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74,
+	0x12, 0x2b, 0x0a, 0x0a, 0x63, 0x6f, 0x6e, 0x6e, 0x65, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x18, 0x01,
+	0x20, 0x01, 0x28, 0x0b, 0x32, 0x0b, 0x2e, 0x43, 0x6f, 0x6e, 0x6e, 0x65, 0x63, 0x74, 0x69, 0x6f,
+	0x6e, 0x52, 0x0a, 0x63, 0x6f, 0x6e, 0x6e, 0x65, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x22, 0x47, 0x0a,
+	0x18, 0x43, 0x72, 0x65, 0x61, 0x74, 0x65, 0x43, 0x6f, 0x6e, 0x6e, 0x65, 0x63, 0x74, 0x69, 0x6f,
+	0x6e, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x12, 0x2b, 0x0a, 0x0a, 0x63, 0x6f, 0x6e,
+	0x6e, 0x65, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x0b, 0x2e,
+	0x43, 0x6f, 0x6e, 0x6e, 0x65, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x52, 0x0a, 0x63, 0x6f, 0x6e, 0x6e,
+	0x65, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x22, 0xf3, 0x05, 0x0a, 0x0a, 0x43, 0x6f, 0x6e, 0x6e, 0x65,
+	0x63, 0x74, 0x69, 0x6f, 0x6e, 0x12, 0x0e, 0x0a, 0x02, 0x69, 0x64, 0x18, 0x01, 0x20, 0x01, 0x28,
+	0x09, 0x52, 0x02, 0x69, 0x64, 0x12, 0x27, 0x0a, 0x0f, 0x63, 0x6f, 0x6e, 0x6e, 0x65, 0x63, 0x74,
+	0x69, 0x6f, 0x6e, 0x5f, 0x6e, 0x61, 0x6d, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0e,
+	0x63, 0x6f, 0x6e, 0x6e, 0x65, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x4e, 0x61, 0x6d, 0x65, 0x12, 0x2e,
+	0x0a, 0x13, 0x62, 0x69, 0x67, 0x71, 0x75, 0x65, 0x72, 0x79, 0x5f, 0x70, 0x72, 0x6f, 0x6a, 0x65,
+	0x63, 0x74, 0x5f, 0x69, 0x64, 0x18, 0x03, 0x20, 0x01, 0x28, 0x09, 0x52, 0x11, 0x62, 0x69, 0x67,
+	0x71, 0x75, 0x65, 0x72, 0x79, 0x50, 0x72, 0x6f, 0x6a, 0x65, 0x63, 0x74, 0x49, 0x64, 0x12, 0x30,
+	0x0a, 0x14, 0x63, 0x6c, 0x6f, 0x75, 0x64, 0x5f, 0x73, 0x74, 0x6f, 0x72, 0x61, 0x67, 0x65, 0x5f,
+	0x62, 0x75, 0x63, 0x6b, 0x65, 0x74, 0x18, 0x04, 0x20, 0x01, 0x28, 0x09, 0x52, 0x12, 0x63, 0x6c,
+	0x6f, 0x75, 0x64, 0x53, 0x74, 0x6f, 0x72, 0x61, 0x67, 0x65, 0x42, 0x75, 0x63, 0x6b, 0x65, 0x74,
+	0x12, 0x1d, 0x0a, 0x0a, 0x69, 0x73, 0x5f, 0x64, 0x65, 0x66, 0x61, 0x75, 0x6c, 0x74, 0x18, 0x05,
+	0x20, 0x01, 0x28, 0x08, 0x52, 0x09, 0x69, 0x73, 0x44, 0x65, 0x66, 0x61, 0x75, 0x6c, 0x74, 0x12,
+	0x21, 0x0a, 0x0c, 0x61, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x5f, 0x65, 0x6d, 0x61, 0x69, 0x6c, 0x18,
+	0x06, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0b, 0x61, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x45, 0x6d, 0x61,
+	0x69, 0x6c, 0x12, 0x1d, 0x0a, 0x0a, 0x63, 0x72, 0x65, 0x61, 0x74, 0x65, 0x64, 0x5f, 0x61, 0x74,
+	0x18, 0x07, 0x20, 0x01, 0x28, 0x03, 0x52, 0x09, 0x63, 0x72, 0x65, 0x61, 0x74, 0x65, 0x64, 0x41,
+	0x74, 0x12, 0x1d, 0x0a, 0x0a, 0x75, 0x70, 0x64, 0x61, 0x74, 0x65, 0x64, 0x5f, 0x61, 0x74, 0x18,
+	0x08, 0x20, 0x01, 0x28, 0x03, 0x52, 0x09, 0x75, 0x70, 0x64, 0x61, 0x74, 0x65, 0x64, 0x41, 0x74,
+	0x12, 0x23, 0x0a, 0x0d, 0x64, 0x61, 0x74, 0x61, 0x73, 0x65, 0x74, 0x5f, 0x63, 0x6f, 0x75, 0x6e,
+	0x74, 0x18, 0x09, 0x20, 0x01, 0x28, 0x03, 0x52, 0x0c, 0x64, 0x61, 0x74, 0x61, 0x73, 0x65, 0x74,
+	0x43, 0x6f, 0x75, 0x6e, 0x74, 0x12, 0x26, 0x0a, 0x0f, 0x63, 0x61, 0x6e, 0x5f, 0x73, 0x74, 0x6f,
+	0x72, 0x65, 0x5f, 0x66, 0x69, 0x6c, 0x65, 0x73, 0x18, 0x0a, 0x20, 0x01, 0x28, 0x08, 0x52, 0x0d,
+	0x63, 0x61, 0x6e, 0x53, 0x74, 0x6f, 0x72, 0x65, 0x46, 0x69, 0x6c, 0x65, 0x73, 0x12, 0x43, 0x0a,
+	0x0f, 0x63, 0x6f, 0x6e, 0x6e, 0x65, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x5f, 0x74, 0x79, 0x70, 0x65,
+	0x18, 0x0b, 0x20, 0x01, 0x28, 0x0e, 0x32, 0x1a, 0x2e, 0x43, 0x6f, 0x6e, 0x6e, 0x65, 0x63, 0x74,
+	0x69, 0x6f, 0x6e, 0x2e, 0x43, 0x6f, 0x6e, 0x6e, 0x65, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x54, 0x79,
+	0x70, 0x65, 0x52, 0x0e, 0x63, 0x6f, 0x6e, 0x6e, 0x65, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x54, 0x79,
+	0x70, 0x65, 0x12, 0x30, 0x0a, 0x14, 0x73, 0x6e, 0x6f, 0x77, 0x66, 0x6c, 0x61, 0x6b, 0x65, 0x5f,
+	0x61, 0x63, 0x63, 0x6f, 0x75, 0x6e, 0x74, 0x5f, 0x69, 0x64, 0x18, 0x0c, 0x20, 0x01, 0x28, 0x09,
+	0x52, 0x12, 0x73, 0x6e, 0x6f, 0x77, 0x66, 0x6c, 0x61, 0x6b, 0x65, 0x41, 0x63, 0x63, 0x6f, 0x75,
+	0x6e, 0x74, 0x49, 0x64, 0x12, 0x2d, 0x0a, 0x12, 0x73, 0x6e, 0x6f, 0x77, 0x66, 0x6c, 0x61, 0x6b,
+	0x65, 0x5f, 0x75, 0x73, 0x65, 0x72, 0x6e, 0x61, 0x6d, 0x65, 0x18, 0x0d, 0x20, 0x01, 0x28, 0x09,
+	0x52, 0x11, 0x73, 0x6e, 0x6f, 0x77, 0x66, 0x6c, 0x61, 0x6b, 0x65, 0x55, 0x73, 0x65, 0x72, 0x6e,
+	0x61, 0x6d, 0x65, 0x12, 0x36, 0x0a, 0x12, 0x73, 0x6e, 0x6f, 0x77, 0x66, 0x6c, 0x61, 0x6b, 0x65,
+	0x5f, 0x70, 0x61, 0x73, 0x73, 0x77, 0x6f, 0x72, 0x64, 0x18, 0x0e, 0x20, 0x01, 0x28, 0x0b, 0x32,
+	0x07, 0x2e, 0x53, 0x65, 0x63, 0x72, 0x65, 0x74, 0x52, 0x11, 0x73, 0x6e, 0x6f, 0x77, 0x66, 0x6c,
+	0x61, 0x6b, 0x65, 0x50, 0x61, 0x73, 0x73, 0x77, 0x6f, 0x72, 0x64, 0x12, 0x2f, 0x0a, 0x13, 0x73,
+	0x6e, 0x6f, 0x77, 0x66, 0x6c, 0x61, 0x6b, 0x65, 0x5f, 0x77, 0x61, 0x72, 0x65, 0x68, 0x6f, 0x75,
+	0x73, 0x65, 0x18, 0x0f, 0x20, 0x01, 0x28, 0x09, 0x52, 0x12, 0x73, 0x6e, 0x6f, 0x77, 0x66, 0x6c,
+	0x61, 0x6b, 0x65, 0x57, 0x61, 0x72, 0x65, 0x68, 0x6f, 0x75, 0x73, 0x65, 0x22, 0x6e, 0x0a, 0x0e,
+	0x43, 0x6f, 0x6e, 0x6e, 0x65, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x54, 0x79, 0x70, 0x65, 0x12, 0x1f,
+	0x0a, 0x1b, 0x43, 0x4f, 0x4e, 0x4e, 0x45, 0x43, 0x54, 0x49, 0x4f, 0x4e, 0x5f, 0x54, 0x59, 0x50,
+	0x45, 0x5f, 0x55, 0x4e, 0x53, 0x50, 0x45, 0x43, 0x49, 0x46, 0x49, 0x45, 0x44, 0x10, 0x00, 0x12,
+	0x1c, 0x0a, 0x18, 0x43, 0x4f, 0x4e, 0x4e, 0x45, 0x43, 0x54, 0x49, 0x4f, 0x4e, 0x5f, 0x54, 0x59,
+	0x50, 0x45, 0x5f, 0x42, 0x49, 0x47, 0x51, 0x55, 0x45, 0x52, 0x59, 0x10, 0x01, 0x12, 0x1d, 0x0a,
+	0x19, 0x43, 0x4f, 0x4e, 0x4e, 0x45, 0x43, 0x54, 0x49, 0x4f, 0x4e, 0x5f, 0x54, 0x59, 0x50, 0x45,
+	0x5f, 0x53, 0x4e, 0x4f, 0x57, 0x46, 0x4c, 0x41, 0x4b, 0x45, 0x10, 0x02, 0x22, 0x76, 0x0a, 0x06,
+	0x53, 0x65, 0x63, 0x72, 0x65, 0x74, 0x12, 0x29, 0x0a, 0x10, 0x63, 0x6c, 0x69, 0x65, 0x6e, 0x74,
+	0x5f, 0x65, 0x6e, 0x63, 0x72, 0x79, 0x70, 0x74, 0x65, 0x64, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09,
+	0x52, 0x0f, 0x63, 0x6c, 0x69, 0x65, 0x6e, 0x74, 0x45, 0x6e, 0x63, 0x72, 0x79, 0x70, 0x74, 0x65,
+	0x64, 0x12, 0x29, 0x0a, 0x10, 0x73, 0x65, 0x72, 0x76, 0x65, 0x72, 0x5f, 0x65, 0x6e, 0x63, 0x72,
+	0x79, 0x70, 0x74, 0x65, 0x64, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0f, 0x73, 0x65, 0x72,
+	0x76, 0x65, 0x72, 0x45, 0x6e, 0x63, 0x72, 0x79, 0x70, 0x74, 0x65, 0x64, 0x12, 0x16, 0x0a, 0x06,
+	0x6c, 0x65, 0x6e, 0x67, 0x74, 0x68, 0x18, 0x03, 0x20, 0x01, 0x28, 0x05, 0x52, 0x06, 0x6c, 0x65,
+	0x6e, 0x67, 0x74, 0x68, 0x22, 0x11, 0x0a, 0x0f, 0x47, 0x65, 0x74, 0x55, 0x73, 0x61, 0x67, 0x65,
+	0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x22, 0xa2, 0x01, 0x0a, 0x10, 0x47, 0x65, 0x74, 0x55,
+	0x73, 0x61, 0x67, 0x65, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x12, 0x23, 0x0a, 0x0d,
+	0x74, 0x6f, 0x74, 0x61, 0x6c, 0x5f, 0x72, 0x65, 0x70, 0x6f, 0x72, 0x74, 0x73, 0x18, 0x01, 0x20,
+	0x01, 0x28, 0x03, 0x52, 0x0c, 0x74, 0x6f, 0x74, 0x61, 0x6c, 0x52, 0x65, 0x70, 0x6f, 0x72, 0x74,
+	0x73, 0x12, 0x23, 0x0a, 0x0d, 0x74, 0x6f, 0x74, 0x61, 0x6c, 0x5f, 0x71, 0x75, 0x65, 0x72, 0x69,
+	0x65, 0x73, 0x18, 0x02, 0x20, 0x01, 0x28, 0x03, 0x52, 0x0c, 0x74, 0x6f, 0x74, 0x61, 0x6c, 0x51,
+	0x75, 0x65, 0x72, 0x69, 0x65, 0x73, 0x12, 0x1f, 0x0a, 0x0b, 0x74, 0x6f, 0x74, 0x61, 0x6c, 0x5f,
+	0x66, 0x69, 0x6c, 0x65, 0x73, 0x18, 0x03, 0x20, 0x01, 0x28, 0x03, 0x52, 0x0a, 0x74, 0x6f, 0x74,
+	0x61, 0x6c, 0x46, 0x69, 0x6c, 0x65, 0x73, 0x12, 0x23, 0x0a, 0x0d, 0x74, 0x6f, 0x74, 0x61, 0x6c,
+	0x5f, 0x61, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x73, 0x18, 0x04, 0x20, 0x01, 0x28, 0x03, 0x52, 0x0c,
+	0x74, 0x6f, 0x74, 0x61, 0x6c, 0x41, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x73, 0x22, 0x78, 0x0a, 0x16,
 	0x53, 0x65, 0x74, 0x44, 0x69, 0x73, 0x63, 0x6f, 0x76, 0x65, 0x72, 0x61, 0x62, 0x6c, 0x65, 0x52,
-	0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x22, 0x35, 0x0a, 0x14, 0x52, 0x65, 0x6d, 0x6f, 0x76,
-	0x65, 0x44, 0x61, 0x74, 0x61, 0x73, 0x65, 0x74, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x12,
-	0x1d, 0x0a, 0x0a, 0x64, 0x61, 0x74, 0x61, 0x73, 0x65, 0x74, 0x5f, 0x69, 0x64, 0x18, 0x01, 0x20,
-	0x01, 0x28, 0x09, 0x52, 0x09, 0x64, 0x61, 0x74, 0x61, 0x73, 0x65, 0x74, 0x49, 0x64, 0x22, 0x36,
-	0x0a, 0x15, 0x52, 0x65, 0x6d, 0x6f, 0x76, 0x65, 0x44, 0x61, 0x74, 0x61, 0x73, 0x65, 0x74, 0x52,
-	0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x12, 0x1d, 0x0a, 0x0a, 0x64, 0x61, 0x74, 0x61, 0x73,
-	0x65, 0x74, 0x5f, 0x69, 0x64, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x09, 0x64, 0x61, 0x74,
-	0x61, 0x73, 0x65, 0x74, 0x49, 0x64, 0x22, 0x2b, 0x0a, 0x0d, 0x53, 0x74, 0x72, 0x65, 0x61, 0x6d,
-	0x4f, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x12, 0x1a, 0x0a, 0x08, 0x73, 0x65, 0x71, 0x75, 0x65,
-	0x6e, 0x63, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x03, 0x52, 0x08, 0x73, 0x65, 0x71, 0x75, 0x65,
-	0x6e, 0x63, 0x65, 0x22, 0x0f, 0x0a, 0x0d, 0x47, 0x65, 0x74, 0x45, 0x6e, 0x76, 0x52, 0x65, 0x71,
-	0x75, 0x65, 0x73, 0x74, 0x22, 0xe4, 0x04, 0x0a, 0x0e, 0x47, 0x65, 0x74, 0x45, 0x6e, 0x76, 0x52,
-	0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x12, 0x36, 0x0a, 0x09, 0x76, 0x61, 0x72, 0x69, 0x61,
-	0x62, 0x6c, 0x65, 0x73, 0x18, 0x01, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x18, 0x2e, 0x47, 0x65, 0x74,
-	0x45, 0x6e, 0x76, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x2e, 0x56, 0x61, 0x72, 0x69,
-	0x61, 0x62, 0x6c, 0x65, 0x52, 0x09, 0x76, 0x61, 0x72, 0x69, 0x61, 0x62, 0x6c, 0x65, 0x73, 0x1a,
-	0x99, 0x04, 0x0a, 0x08, 0x56, 0x61, 0x72, 0x69, 0x61, 0x62, 0x6c, 0x65, 0x12, 0x31, 0x0a, 0x04,
-	0x74, 0x79, 0x70, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0e, 0x32, 0x1d, 0x2e, 0x47, 0x65, 0x74,
-	0x45, 0x6e, 0x76, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x2e, 0x56, 0x61, 0x72, 0x69,
-	0x61, 0x62, 0x6c, 0x65, 0x2e, 0x54, 0x79, 0x70, 0x65, 0x52, 0x04, 0x74, 0x79, 0x70, 0x65, 0x12,
-	0x14, 0x0a, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x05,
-	0x76, 0x61, 0x6c, 0x75, 0x65, 0x22, 0xc3, 0x03, 0x0a, 0x04, 0x54, 0x79, 0x70, 0x65, 0x12, 0x14,
-	0x0a, 0x10, 0x54, 0x59, 0x50, 0x45, 0x5f, 0x55, 0x4e, 0x53, 0x50, 0x45, 0x43, 0x49, 0x46, 0x49,
-	0x45, 0x44, 0x10, 0x00, 0x12, 0x15, 0x0a, 0x11, 0x54, 0x59, 0x50, 0x45, 0x5f, 0x4d, 0x41, 0x50,
-	0x42, 0x4f, 0x58, 0x5f, 0x54, 0x4f, 0x4b, 0x45, 0x4e, 0x10, 0x01, 0x12, 0x1e, 0x0a, 0x1a, 0x54,
-	0x59, 0x50, 0x45, 0x5f, 0x55, 0x58, 0x5f, 0x44, 0x41, 0x54, 0x41, 0x5f, 0x44, 0x4f, 0x43, 0x55,
-	0x4d, 0x45, 0x4e, 0x54, 0x41, 0x54, 0x49, 0x4f, 0x4e, 0x10, 0x02, 0x12, 0x14, 0x0a, 0x10, 0x54,
-	0x59, 0x50, 0x45, 0x5f, 0x55, 0x58, 0x5f, 0x48, 0x4f, 0x4d, 0x45, 0x50, 0x41, 0x47, 0x45, 0x10,
-	0x03, 0x12, 0x1a, 0x0a, 0x16, 0x54, 0x59, 0x50, 0x45, 0x5f, 0x41, 0x4c, 0x4c, 0x4f, 0x57, 0x5f,
-	0x46, 0x49, 0x4c, 0x45, 0x5f, 0x55, 0x50, 0x4c, 0x4f, 0x41, 0x44, 0x10, 0x04, 0x12, 0x13, 0x0a,
-	0x0f, 0x54, 0x59, 0x50, 0x45, 0x5f, 0x44, 0x41, 0x54, 0x41, 0x53, 0x4f, 0x55, 0x52, 0x43, 0x45,
-	0x10, 0x05, 0x12, 0x10, 0x0a, 0x0c, 0x54, 0x59, 0x50, 0x45, 0x5f, 0x53, 0x54, 0x4f, 0x52, 0x41,
-	0x47, 0x45, 0x10, 0x06, 0x12, 0x1c, 0x0a, 0x18, 0x54, 0x59, 0x50, 0x45, 0x5f, 0x52, 0x45, 0x51,
-	0x55, 0x49, 0x52, 0x45, 0x5f, 0x41, 0x4d, 0x41, 0x5a, 0x4f, 0x4e, 0x5f, 0x4f, 0x49, 0x44, 0x43,
-	0x10, 0x07, 0x12, 0x14, 0x0a, 0x10, 0x54, 0x59, 0x50, 0x45, 0x5f, 0x52, 0x45, 0x51, 0x55, 0x49,
-	0x52, 0x45, 0x5f, 0x49, 0x41, 0x50, 0x10, 0x08, 0x12, 0x1c, 0x0a, 0x18, 0x54, 0x59, 0x50, 0x45,
-	0x5f, 0x44, 0x49, 0x53, 0x41, 0x42, 0x4c, 0x45, 0x5f, 0x55, 0x53, 0x41, 0x47, 0x45, 0x5f, 0x53,
-	0x54, 0x41, 0x54, 0x53, 0x10, 0x09, 0x12, 0x1d, 0x0a, 0x19, 0x54, 0x59, 0x50, 0x45, 0x5f, 0x52,
-	0x45, 0x51, 0x55, 0x49, 0x52, 0x45, 0x5f, 0x47, 0x4f, 0x4f, 0x47, 0x4c, 0x45, 0x5f, 0x4f, 0x41,
-	0x55, 0x54, 0x48, 0x10, 0x0a, 0x12, 0x1c, 0x0a, 0x18, 0x54, 0x59, 0x50, 0x45, 0x5f, 0x42, 0x49,
-	0x47, 0x51, 0x55, 0x45, 0x52, 0x59, 0x5f, 0x50, 0x52, 0x4f, 0x4a, 0x45, 0x43, 0x54, 0x5f, 0x49,
-	0x44, 0x10, 0x0b, 0x12, 0x1d, 0x0a, 0x19, 0x54, 0x59, 0x50, 0x45, 0x5f, 0x43, 0x4c, 0x4f, 0x55,
-	0x44, 0x5f, 0x53, 0x54, 0x4f, 0x52, 0x41, 0x47, 0x45, 0x5f, 0x42, 0x55, 0x43, 0x4b, 0x45, 0x54,
-	0x10, 0x0c, 0x12, 0x22, 0x0a, 0x1e, 0x54, 0x59, 0x50, 0x45, 0x5f, 0x55, 0x58, 0x5f, 0x41, 0x43,
-	0x43, 0x45, 0x53, 0x53, 0x5f, 0x45, 0x52, 0x52, 0x4f, 0x52, 0x5f, 0x49, 0x4e, 0x46, 0x4f, 0x5f,
-	0x48, 0x54, 0x4d, 0x4c, 0x10, 0x0d, 0x12, 0x25, 0x0a, 0x21, 0x54, 0x59, 0x50, 0x45, 0x5f, 0x55,
-	0x58, 0x5f, 0x4e, 0x4f, 0x54, 0x5f, 0x46, 0x4f, 0x55, 0x4e, 0x44, 0x5f, 0x45, 0x52, 0x52, 0x4f,
-	0x52, 0x5f, 0x49, 0x4e, 0x46, 0x4f, 0x5f, 0x48, 0x54, 0x4d, 0x4c, 0x10, 0x0e, 0x12, 0x1c, 0x0a,
-	0x18, 0x54, 0x59, 0x50, 0x45, 0x5f, 0x55, 0x58, 0x5f, 0x53, 0x41, 0x4d, 0x50, 0x4c, 0x45, 0x5f,
-	0x51, 0x55, 0x45, 0x52, 0x59, 0x5f, 0x53, 0x51, 0x4c, 0x10, 0x0f, 0x22, 0x44, 0x0a, 0x0d, 0x52,
-	0x65, 0x64, 0x69, 0x72, 0x65, 0x63, 0x74, 0x53, 0x74, 0x61, 0x74, 0x65, 0x12, 0x1d, 0x0a, 0x0a,
-	0x74, 0x6f, 0x6b, 0x65, 0x6e, 0x5f, 0x6a, 0x73, 0x6f, 0x6e, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09,
-	0x52, 0x09, 0x74, 0x6f, 0x6b, 0x65, 0x6e, 0x4a, 0x73, 0x6f, 0x6e, 0x12, 0x14, 0x0a, 0x05, 0x65,
-	0x72, 0x72, 0x6f, 0x72, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x05, 0x65, 0x72, 0x72, 0x6f,
-	0x72, 0x22, 0xf4, 0x02, 0x0a, 0x09, 0x41, 0x75, 0x74, 0x68, 0x53, 0x74, 0x61, 0x74, 0x65, 0x12,
+	0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x12, 0x1b, 0x0a, 0x09, 0x72, 0x65, 0x70, 0x6f, 0x72, 0x74,
+	0x5f, 0x69, 0x64, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x08, 0x72, 0x65, 0x70, 0x6f, 0x72,
+	0x74, 0x49, 0x64, 0x12, 0x22, 0x0a, 0x0c, 0x64, 0x69, 0x73, 0x63, 0x6f, 0x76, 0x65, 0x72, 0x61,
+	0x62, 0x6c, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x08, 0x52, 0x0c, 0x64, 0x69, 0x73, 0x63, 0x6f,
+	0x76, 0x65, 0x72, 0x61, 0x62, 0x6c, 0x65, 0x12, 0x1d, 0x0a, 0x0a, 0x61, 0x6c, 0x6c, 0x6f, 0x77,
+	0x5f, 0x65, 0x64, 0x69, 0x74, 0x18, 0x03, 0x20, 0x01, 0x28, 0x08, 0x52, 0x09, 0x61, 0x6c, 0x6c,
+	0x6f, 0x77, 0x45, 0x64, 0x69, 0x74, 0x22, 0x19, 0x0a, 0x17, 0x53, 0x65, 0x74, 0x44, 0x69, 0x73,
+	0x63, 0x6f, 0x76, 0x65, 0x72, 0x61, 0x62, 0x6c, 0x65, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73,
+	0x65, 0x22, 0x35, 0x0a, 0x14, 0x52, 0x65, 0x6d, 0x6f, 0x76, 0x65, 0x44, 0x61, 0x74, 0x61, 0x73,
+	0x65, 0x74, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x12, 0x1d, 0x0a, 0x0a, 0x64, 0x61, 0x74,
+	0x61, 0x73, 0x65, 0x74, 0x5f, 0x69, 0x64, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x09, 0x64,
+	0x61, 0x74, 0x61, 0x73, 0x65, 0x74, 0x49, 0x64, 0x22, 0x36, 0x0a, 0x15, 0x52, 0x65, 0x6d, 0x6f,
+	0x76, 0x65, 0x44, 0x61, 0x74, 0x61, 0x73, 0x65, 0x74, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73,
+	0x65, 0x12, 0x1d, 0x0a, 0x0a, 0x64, 0x61, 0x74, 0x61, 0x73, 0x65, 0x74, 0x5f, 0x69, 0x64, 0x18,
+	0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x09, 0x64, 0x61, 0x74, 0x61, 0x73, 0x65, 0x74, 0x49, 0x64,
+	0x22, 0x2b, 0x0a, 0x0d, 0x53, 0x74, 0x72, 0x65, 0x61, 0x6d, 0x4f, 0x70, 0x74, 0x69, 0x6f, 0x6e,
+	0x73, 0x12, 0x1a, 0x0a, 0x08, 0x73, 0x65, 0x71, 0x75, 0x65, 0x6e, 0x63, 0x65, 0x18, 0x01, 0x20,
+	0x01, 0x28, 0x03, 0x52, 0x08, 0x73, 0x65, 0x71, 0x75, 0x65, 0x6e, 0x63, 0x65, 0x22, 0x0f, 0x0a,
+	0x0d, 0x47, 0x65, 0x74, 0x45, 0x6e, 0x76, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x22, 0xc0,
+	0x05, 0x0a, 0x0e, 0x47, 0x65, 0x74, 0x45, 0x6e, 0x76, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73,
+	0x65, 0x12, 0x36, 0x0a, 0x09, 0x76, 0x61, 0x72, 0x69, 0x61, 0x62, 0x6c, 0x65, 0x73, 0x18, 0x01,
+	0x20, 0x03, 0x28, 0x0b, 0x32, 0x18, 0x2e, 0x47, 0x65, 0x74, 0x45, 0x6e, 0x76, 0x52, 0x65, 0x73,
+	0x70, 0x6f, 0x6e, 0x73, 0x65, 0x2e, 0x56, 0x61, 0x72, 0x69, 0x61, 0x62, 0x6c, 0x65, 0x52, 0x09,
+	0x76, 0x61, 0x72, 0x69, 0x61, 0x62, 0x6c, 0x65, 0x73, 0x1a, 0xf5, 0x04, 0x0a, 0x08, 0x56, 0x61,
+	0x72, 0x69, 0x61, 0x62, 0x6c, 0x65, 0x12, 0x31, 0x0a, 0x04, 0x74, 0x79, 0x70, 0x65, 0x18, 0x01,
+	0x20, 0x01, 0x28, 0x0e, 0x32, 0x1d, 0x2e, 0x47, 0x65, 0x74, 0x45, 0x6e, 0x76, 0x52, 0x65, 0x73,
+	0x70, 0x6f, 0x6e, 0x73, 0x65, 0x2e, 0x56, 0x61, 0x72, 0x69, 0x61, 0x62, 0x6c, 0x65, 0x2e, 0x54,
+	0x79, 0x70, 0x65, 0x52, 0x04, 0x74, 0x79, 0x70, 0x65, 0x12, 0x14, 0x0a, 0x05, 0x76, 0x61, 0x6c,
+	0x75, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x22,
+	0x9f, 0x04, 0x0a, 0x04, 0x54, 0x79, 0x70, 0x65, 0x12, 0x14, 0x0a, 0x10, 0x54, 0x59, 0x50, 0x45,
+	0x5f, 0x55, 0x4e, 0x53, 0x50, 0x45, 0x43, 0x49, 0x46, 0x49, 0x45, 0x44, 0x10, 0x00, 0x12, 0x15,
+	0x0a, 0x11, 0x54, 0x59, 0x50, 0x45, 0x5f, 0x4d, 0x41, 0x50, 0x42, 0x4f, 0x58, 0x5f, 0x54, 0x4f,
+	0x4b, 0x45, 0x4e, 0x10, 0x01, 0x12, 0x1e, 0x0a, 0x1a, 0x54, 0x59, 0x50, 0x45, 0x5f, 0x55, 0x58,
+	0x5f, 0x44, 0x41, 0x54, 0x41, 0x5f, 0x44, 0x4f, 0x43, 0x55, 0x4d, 0x45, 0x4e, 0x54, 0x41, 0x54,
+	0x49, 0x4f, 0x4e, 0x10, 0x02, 0x12, 0x14, 0x0a, 0x10, 0x54, 0x59, 0x50, 0x45, 0x5f, 0x55, 0x58,
+	0x5f, 0x48, 0x4f, 0x4d, 0x45, 0x50, 0x41, 0x47, 0x45, 0x10, 0x03, 0x12, 0x1a, 0x0a, 0x16, 0x54,
+	0x59, 0x50, 0x45, 0x5f, 0x41, 0x4c, 0x4c, 0x4f, 0x57, 0x5f, 0x46, 0x49, 0x4c, 0x45, 0x5f, 0x55,
+	0x50, 0x4c, 0x4f, 0x41, 0x44, 0x10, 0x04, 0x12, 0x13, 0x0a, 0x0f, 0x54, 0x59, 0x50, 0x45, 0x5f,
+	0x44, 0x41, 0x54, 0x41, 0x53, 0x4f, 0x55, 0x52, 0x43, 0x45, 0x10, 0x05, 0x12, 0x10, 0x0a, 0x0c,
+	0x54, 0x59, 0x50, 0x45, 0x5f, 0x53, 0x54, 0x4f, 0x52, 0x41, 0x47, 0x45, 0x10, 0x06, 0x12, 0x1c,
+	0x0a, 0x18, 0x54, 0x59, 0x50, 0x45, 0x5f, 0x52, 0x45, 0x51, 0x55, 0x49, 0x52, 0x45, 0x5f, 0x41,
+	0x4d, 0x41, 0x5a, 0x4f, 0x4e, 0x5f, 0x4f, 0x49, 0x44, 0x43, 0x10, 0x07, 0x12, 0x14, 0x0a, 0x10,
+	0x54, 0x59, 0x50, 0x45, 0x5f, 0x52, 0x45, 0x51, 0x55, 0x49, 0x52, 0x45, 0x5f, 0x49, 0x41, 0x50,
+	0x10, 0x08, 0x12, 0x1c, 0x0a, 0x18, 0x54, 0x59, 0x50, 0x45, 0x5f, 0x44, 0x49, 0x53, 0x41, 0x42,
+	0x4c, 0x45, 0x5f, 0x55, 0x53, 0x41, 0x47, 0x45, 0x5f, 0x53, 0x54, 0x41, 0x54, 0x53, 0x10, 0x09,
+	0x12, 0x1d, 0x0a, 0x19, 0x54, 0x59, 0x50, 0x45, 0x5f, 0x52, 0x45, 0x51, 0x55, 0x49, 0x52, 0x45,
+	0x5f, 0x47, 0x4f, 0x4f, 0x47, 0x4c, 0x45, 0x5f, 0x4f, 0x41, 0x55, 0x54, 0x48, 0x10, 0x0a, 0x12,
+	0x1c, 0x0a, 0x18, 0x54, 0x59, 0x50, 0x45, 0x5f, 0x42, 0x49, 0x47, 0x51, 0x55, 0x45, 0x52, 0x59,
+	0x5f, 0x50, 0x52, 0x4f, 0x4a, 0x45, 0x43, 0x54, 0x5f, 0x49, 0x44, 0x10, 0x0b, 0x12, 0x1d, 0x0a,
+	0x19, 0x54, 0x59, 0x50, 0x45, 0x5f, 0x43, 0x4c, 0x4f, 0x55, 0x44, 0x5f, 0x53, 0x54, 0x4f, 0x52,
+	0x41, 0x47, 0x45, 0x5f, 0x42, 0x55, 0x43, 0x4b, 0x45, 0x54, 0x10, 0x0c, 0x12, 0x22, 0x0a, 0x1e,
+	0x54, 0x59, 0x50, 0x45, 0x5f, 0x55, 0x58, 0x5f, 0x41, 0x43, 0x43, 0x45, 0x53, 0x53, 0x5f, 0x45,
+	0x52, 0x52, 0x4f, 0x52, 0x5f, 0x49, 0x4e, 0x46, 0x4f, 0x5f, 0x48, 0x54, 0x4d, 0x4c, 0x10, 0x0d,
+	0x12, 0x25, 0x0a, 0x21, 0x54, 0x59, 0x50, 0x45, 0x5f, 0x55, 0x58, 0x5f, 0x4e, 0x4f, 0x54, 0x5f,
+	0x46, 0x4f, 0x55, 0x4e, 0x44, 0x5f, 0x45, 0x52, 0x52, 0x4f, 0x52, 0x5f, 0x49, 0x4e, 0x46, 0x4f,
+	0x5f, 0x48, 0x54, 0x4d, 0x4c, 0x10, 0x0e, 0x12, 0x1c, 0x0a, 0x18, 0x54, 0x59, 0x50, 0x45, 0x5f,
+	0x55, 0x58, 0x5f, 0x53, 0x41, 0x4d, 0x50, 0x4c, 0x45, 0x5f, 0x51, 0x55, 0x45, 0x52, 0x59, 0x5f,
+	0x53, 0x51, 0x4c, 0x10, 0x0f, 0x12, 0x10, 0x0a, 0x0c, 0x54, 0x59, 0x50, 0x45, 0x5f, 0x41, 0x45,
+	0x53, 0x5f, 0x4b, 0x45, 0x59, 0x10, 0x10, 0x12, 0x0f, 0x0a, 0x0b, 0x54, 0x59, 0x50, 0x45, 0x5f,
+	0x41, 0x45, 0x53, 0x5f, 0x49, 0x56, 0x10, 0x11, 0x12, 0x15, 0x0a, 0x11, 0x54, 0x59, 0x50, 0x45,
+	0x5f, 0x41, 0x55, 0x54, 0x48, 0x5f, 0x45, 0x4e, 0x41, 0x42, 0x4c, 0x45, 0x44, 0x10, 0x12, 0x12,
+	0x20, 0x0a, 0x1c, 0x54, 0x59, 0x50, 0x45, 0x5f, 0x55, 0x53, 0x45, 0x52, 0x5f, 0x44, 0x45, 0x46,
+	0x49, 0x4e, 0x45, 0x44, 0x5f, 0x43, 0x4f, 0x4e, 0x4e, 0x45, 0x43, 0x54, 0x49, 0x4f, 0x4e, 0x10,
+	0x13, 0x22, 0x7e, 0x0a, 0x0d, 0x52, 0x65, 0x64, 0x69, 0x72, 0x65, 0x63, 0x74, 0x53, 0x74, 0x61,
+	0x74, 0x65, 0x12, 0x1d, 0x0a, 0x0a, 0x74, 0x6f, 0x6b, 0x65, 0x6e, 0x5f, 0x6a, 0x73, 0x6f, 0x6e,
+	0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x09, 0x74, 0x6f, 0x6b, 0x65, 0x6e, 0x4a, 0x73, 0x6f,
+	0x6e, 0x12, 0x14, 0x0a, 0x05, 0x65, 0x72, 0x72, 0x6f, 0x72, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09,
+	0x52, 0x05, 0x65, 0x72, 0x72, 0x6f, 0x72, 0x12, 0x38, 0x0a, 0x18, 0x73, 0x65, 0x6e, 0x73, 0x69,
+	0x74, 0x69, 0x76, 0x65, 0x5f, 0x73, 0x63, 0x6f, 0x70, 0x65, 0x73, 0x5f, 0x67, 0x72, 0x61, 0x6e,
+	0x74, 0x65, 0x64, 0x18, 0x03, 0x20, 0x01, 0x28, 0x08, 0x52, 0x16, 0x73, 0x65, 0x6e, 0x73, 0x69,
+	0x74, 0x69, 0x76, 0x65, 0x53, 0x63, 0x6f, 0x70, 0x65, 0x73, 0x47, 0x72, 0x61, 0x6e, 0x74, 0x65,
+	0x64, 0x22, 0xf4, 0x02, 0x0a, 0x09, 0x41, 0x75, 0x74, 0x68, 0x53, 0x74, 0x61, 0x74, 0x65, 0x12,
 	0x29, 0x0a, 0x06, 0x61, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0e, 0x32,
 	0x11, 0x2e, 0x41, 0x75, 0x74, 0x68, 0x53, 0x74, 0x61, 0x74, 0x65, 0x2e, 0x41, 0x63, 0x74, 0x69,
 	0x6f, 0x6e, 0x52, 0x06, 0x61, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x12, 0x19, 0x0a, 0x08, 0x61, 0x75,
@@ -3874,7 +4079,7 @@ var file_proto_dekart_proto_rawDesc = []byte{
 	0x70, 0x6f, 0x72, 0x74, 0x73, 0x12, 0x35, 0x0a, 0x0e, 0x73, 0x74, 0x72, 0x65, 0x61, 0x6d, 0x5f,
 	0x6f, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x0e, 0x2e,
 	0x53, 0x74, 0x72, 0x65, 0x61, 0x6d, 0x4f, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x52, 0x0d, 0x73,
-	0x74, 0x72, 0x65, 0x61, 0x6d, 0x4f, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x22, 0xc7, 0x02, 0x0a,
+	0x74, 0x72, 0x65, 0x61, 0x6d, 0x4f, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x22, 0x9a, 0x03, 0x0a,
 	0x06, 0x52, 0x65, 0x70, 0x6f, 0x72, 0x74, 0x12, 0x0e, 0x0a, 0x02, 0x69, 0x64, 0x18, 0x01, 0x20,
 	0x01, 0x28, 0x09, 0x52, 0x02, 0x69, 0x64, 0x12, 0x1d, 0x0a, 0x0a, 0x6d, 0x61, 0x70, 0x5f, 0x63,
 	0x6f, 0x6e, 0x66, 0x69, 0x67, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x09, 0x6d, 0x61, 0x70,
@@ -3895,286 +4100,291 @@ var file_proto_dekart_proto_rawDesc = []byte{
 	0x74, 0x65, 0x64, 0x5f, 0x61, 0x74, 0x18, 0x0a, 0x20, 0x01, 0x28, 0x03, 0x52, 0x09, 0x63, 0x72,
 	0x65, 0x61, 0x74, 0x65, 0x64, 0x41, 0x74, 0x12, 0x1d, 0x0a, 0x0a, 0x75, 0x70, 0x64, 0x61, 0x74,
 	0x65, 0x64, 0x5f, 0x61, 0x74, 0x18, 0x0b, 0x20, 0x01, 0x28, 0x03, 0x52, 0x09, 0x75, 0x70, 0x64,
-	0x61, 0x74, 0x65, 0x64, 0x41, 0x74, 0x22, 0xe1, 0x01, 0x0a, 0x07, 0x44, 0x61, 0x74, 0x61, 0x73,
-	0x65, 0x74, 0x12, 0x0e, 0x0a, 0x02, 0x69, 0x64, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x02,
-	0x69, 0x64, 0x12, 0x1b, 0x0a, 0x09, 0x72, 0x65, 0x70, 0x6f, 0x72, 0x74, 0x5f, 0x69, 0x64, 0x18,
-	0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x08, 0x72, 0x65, 0x70, 0x6f, 0x72, 0x74, 0x49, 0x64, 0x12,
-	0x19, 0x0a, 0x08, 0x71, 0x75, 0x65, 0x72, 0x79, 0x5f, 0x69, 0x64, 0x18, 0x03, 0x20, 0x01, 0x28,
-	0x09, 0x52, 0x07, 0x71, 0x75, 0x65, 0x72, 0x79, 0x49, 0x64, 0x12, 0x1d, 0x0a, 0x0a, 0x63, 0x72,
-	0x65, 0x61, 0x74, 0x65, 0x64, 0x5f, 0x61, 0x74, 0x18, 0x04, 0x20, 0x01, 0x28, 0x03, 0x52, 0x09,
-	0x63, 0x72, 0x65, 0x61, 0x74, 0x65, 0x64, 0x41, 0x74, 0x12, 0x1d, 0x0a, 0x0a, 0x75, 0x70, 0x64,
-	0x61, 0x74, 0x65, 0x64, 0x5f, 0x61, 0x74, 0x18, 0x05, 0x20, 0x01, 0x28, 0x03, 0x52, 0x09, 0x75,
-	0x70, 0x64, 0x61, 0x74, 0x65, 0x64, 0x41, 0x74, 0x12, 0x17, 0x0a, 0x07, 0x66, 0x69, 0x6c, 0x65,
-	0x5f, 0x69, 0x64, 0x18, 0x06, 0x20, 0x01, 0x28, 0x09, 0x52, 0x06, 0x66, 0x69, 0x6c, 0x65, 0x49,
-	0x64, 0x12, 0x12, 0x0a, 0x04, 0x6e, 0x61, 0x6d, 0x65, 0x18, 0x07, 0x20, 0x01, 0x28, 0x09, 0x52,
-	0x04, 0x6e, 0x61, 0x6d, 0x65, 0x12, 0x23, 0x0a, 0x0d, 0x63, 0x6f, 0x6e, 0x6e, 0x65, 0x63, 0x74,
-	0x69, 0x6f, 0x6e, 0x5f, 0x69, 0x64, 0x18, 0x08, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0c, 0x63, 0x6f,
-	0x6e, 0x6e, 0x65, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x49, 0x64, 0x22, 0xdc, 0x05, 0x0a, 0x05, 0x51,
-	0x75, 0x65, 0x72, 0x79, 0x12, 0x0e, 0x0a, 0x02, 0x69, 0x64, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09,
-	0x52, 0x02, 0x69, 0x64, 0x12, 0x1d, 0x0a, 0x0a, 0x71, 0x75, 0x65, 0x72, 0x79, 0x5f, 0x74, 0x65,
-	0x78, 0x74, 0x18, 0x03, 0x20, 0x01, 0x28, 0x09, 0x52, 0x09, 0x71, 0x75, 0x65, 0x72, 0x79, 0x54,
-	0x65, 0x78, 0x74, 0x12, 0x2f, 0x0a, 0x0a, 0x6a, 0x6f, 0x62, 0x5f, 0x73, 0x74, 0x61, 0x74, 0x75,
-	0x73, 0x18, 0x04, 0x20, 0x01, 0x28, 0x0e, 0x32, 0x10, 0x2e, 0x51, 0x75, 0x65, 0x72, 0x79, 0x2e,
-	0x4a, 0x6f, 0x62, 0x53, 0x74, 0x61, 0x74, 0x75, 0x73, 0x52, 0x09, 0x6a, 0x6f, 0x62, 0x53, 0x74,
-	0x61, 0x74, 0x75, 0x73, 0x12, 0x22, 0x0a, 0x0d, 0x6a, 0x6f, 0x62, 0x5f, 0x72, 0x65, 0x73, 0x75,
-	0x6c, 0x74, 0x5f, 0x69, 0x64, 0x18, 0x05, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0b, 0x6a, 0x6f, 0x62,
-	0x52, 0x65, 0x73, 0x75, 0x6c, 0x74, 0x49, 0x64, 0x12, 0x1b, 0x0a, 0x09, 0x6a, 0x6f, 0x62, 0x5f,
-	0x65, 0x72, 0x72, 0x6f, 0x72, 0x18, 0x06, 0x20, 0x01, 0x28, 0x09, 0x52, 0x08, 0x6a, 0x6f, 0x62,
-	0x45, 0x72, 0x72, 0x6f, 0x72, 0x12, 0x21, 0x0a, 0x0c, 0x6a, 0x6f, 0x62, 0x5f, 0x64, 0x75, 0x72,
-	0x61, 0x74, 0x69, 0x6f, 0x6e, 0x18, 0x07, 0x20, 0x01, 0x28, 0x03, 0x52, 0x0b, 0x6a, 0x6f, 0x62,
-	0x44, 0x75, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x12, 0x1d, 0x0a, 0x0a, 0x74, 0x6f, 0x74, 0x61,
-	0x6c, 0x5f, 0x72, 0x6f, 0x77, 0x73, 0x18, 0x08, 0x20, 0x01, 0x28, 0x05, 0x52, 0x09, 0x74, 0x6f,
-	0x74, 0x61, 0x6c, 0x52, 0x6f, 0x77, 0x73, 0x12, 0x27, 0x0a, 0x0f, 0x62, 0x79, 0x74, 0x65, 0x73,
-	0x5f, 0x70, 0x72, 0x6f, 0x63, 0x65, 0x73, 0x73, 0x65, 0x64, 0x18, 0x09, 0x20, 0x01, 0x28, 0x03,
-	0x52, 0x0e, 0x62, 0x79, 0x74, 0x65, 0x73, 0x50, 0x72, 0x6f, 0x63, 0x65, 0x73, 0x73, 0x65, 0x64,
-	0x12, 0x1f, 0x0a, 0x0b, 0x72, 0x65, 0x73, 0x75, 0x6c, 0x74, 0x5f, 0x73, 0x69, 0x7a, 0x65, 0x18,
-	0x0a, 0x20, 0x01, 0x28, 0x03, 0x52, 0x0a, 0x72, 0x65, 0x73, 0x75, 0x6c, 0x74, 0x53, 0x69, 0x7a,
-	0x65, 0x12, 0x1d, 0x0a, 0x0a, 0x63, 0x72, 0x65, 0x61, 0x74, 0x65, 0x64, 0x5f, 0x61, 0x74, 0x18,
-	0x0b, 0x20, 0x01, 0x28, 0x03, 0x52, 0x09, 0x63, 0x72, 0x65, 0x61, 0x74, 0x65, 0x64, 0x41, 0x74,
-	0x12, 0x1d, 0x0a, 0x0a, 0x75, 0x70, 0x64, 0x61, 0x74, 0x65, 0x64, 0x5f, 0x61, 0x74, 0x18, 0x0c,
-	0x20, 0x01, 0x28, 0x03, 0x52, 0x09, 0x75, 0x70, 0x64, 0x61, 0x74, 0x65, 0x64, 0x41, 0x74, 0x12,
-	0x35, 0x0a, 0x0c, 0x71, 0x75, 0x65, 0x72, 0x79, 0x5f, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x18,
-	0x0d, 0x20, 0x01, 0x28, 0x0e, 0x32, 0x12, 0x2e, 0x51, 0x75, 0x65, 0x72, 0x79, 0x2e, 0x51, 0x75,
-	0x65, 0x72, 0x79, 0x53, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x52, 0x0b, 0x71, 0x75, 0x65, 0x72, 0x79,
-	0x53, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x12, 0x26, 0x0a, 0x0f, 0x71, 0x75, 0x65, 0x72, 0x79, 0x5f,
-	0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x5f, 0x69, 0x64, 0x18, 0x0e, 0x20, 0x01, 0x28, 0x09, 0x52,
-	0x0d, 0x71, 0x75, 0x65, 0x72, 0x79, 0x53, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x49, 0x64, 0x22, 0xa8,
-	0x01, 0x0a, 0x09, 0x4a, 0x6f, 0x62, 0x53, 0x74, 0x61, 0x74, 0x75, 0x73, 0x12, 0x1a, 0x0a, 0x16,
-	0x4a, 0x4f, 0x42, 0x5f, 0x53, 0x54, 0x41, 0x54, 0x55, 0x53, 0x5f, 0x55, 0x4e, 0x53, 0x50, 0x45,
-	0x43, 0x49, 0x46, 0x49, 0x45, 0x44, 0x10, 0x00, 0x12, 0x16, 0x0a, 0x12, 0x4a, 0x4f, 0x42, 0x5f,
-	0x53, 0x54, 0x41, 0x54, 0x55, 0x53, 0x5f, 0x50, 0x45, 0x4e, 0x44, 0x49, 0x4e, 0x47, 0x10, 0x01,
-	0x12, 0x16, 0x0a, 0x12, 0x4a, 0x4f, 0x42, 0x5f, 0x53, 0x54, 0x41, 0x54, 0x55, 0x53, 0x5f, 0x52,
-	0x55, 0x4e, 0x4e, 0x49, 0x4e, 0x47, 0x10, 0x02, 0x12, 0x1a, 0x0a, 0x16, 0x4a, 0x4f, 0x42, 0x5f,
-	0x53, 0x54, 0x41, 0x54, 0x55, 0x53, 0x5f, 0x44, 0x4f, 0x4e, 0x45, 0x5f, 0x4c, 0x45, 0x47, 0x41,
-	0x43, 0x59, 0x10, 0x03, 0x12, 0x1e, 0x0a, 0x1a, 0x4a, 0x4f, 0x42, 0x5f, 0x53, 0x54, 0x41, 0x54,
-	0x55, 0x53, 0x5f, 0x52, 0x45, 0x41, 0x44, 0x49, 0x4e, 0x47, 0x5f, 0x52, 0x45, 0x53, 0x55, 0x4c,
-	0x54, 0x53, 0x10, 0x04, 0x12, 0x13, 0x0a, 0x0f, 0x4a, 0x4f, 0x42, 0x5f, 0x53, 0x54, 0x41, 0x54,
-	0x55, 0x53, 0x5f, 0x44, 0x4f, 0x4e, 0x45, 0x10, 0x05, 0x22, 0x5e, 0x0a, 0x0b, 0x51, 0x75, 0x65,
-	0x72, 0x79, 0x53, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x12, 0x1c, 0x0a, 0x18, 0x51, 0x55, 0x45, 0x52,
-	0x59, 0x5f, 0x53, 0x4f, 0x55, 0x52, 0x43, 0x45, 0x5f, 0x55, 0x4e, 0x53, 0x50, 0x45, 0x43, 0x49,
-	0x46, 0x49, 0x45, 0x44, 0x10, 0x00, 0x12, 0x17, 0x0a, 0x13, 0x51, 0x55, 0x45, 0x52, 0x59, 0x5f,
-	0x53, 0x4f, 0x55, 0x52, 0x43, 0x45, 0x5f, 0x49, 0x4e, 0x4c, 0x49, 0x4e, 0x45, 0x10, 0x01, 0x12,
-	0x18, 0x0a, 0x14, 0x51, 0x55, 0x45, 0x52, 0x59, 0x5f, 0x53, 0x4f, 0x55, 0x52, 0x43, 0x45, 0x5f,
-	0x53, 0x54, 0x4f, 0x52, 0x41, 0x47, 0x45, 0x10, 0x02, 0x22, 0xe2, 0x02, 0x0a, 0x04, 0x46, 0x69,
-	0x6c, 0x65, 0x12, 0x0e, 0x0a, 0x02, 0x69, 0x64, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x02,
-	0x69, 0x64, 0x12, 0x12, 0x0a, 0x04, 0x6e, 0x61, 0x6d, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09,
-	0x52, 0x04, 0x6e, 0x61, 0x6d, 0x65, 0x12, 0x1b, 0x0a, 0x09, 0x6d, 0x69, 0x6d, 0x65, 0x5f, 0x74,
-	0x79, 0x70, 0x65, 0x18, 0x03, 0x20, 0x01, 0x28, 0x09, 0x52, 0x08, 0x6d, 0x69, 0x6d, 0x65, 0x54,
-	0x79, 0x70, 0x65, 0x12, 0x12, 0x0a, 0x04, 0x73, 0x69, 0x7a, 0x65, 0x18, 0x04, 0x20, 0x01, 0x28,
-	0x03, 0x52, 0x04, 0x73, 0x69, 0x7a, 0x65, 0x12, 0x1b, 0x0a, 0x09, 0x73, 0x6f, 0x75, 0x72, 0x63,
-	0x65, 0x5f, 0x69, 0x64, 0x18, 0x05, 0x20, 0x01, 0x28, 0x09, 0x52, 0x08, 0x73, 0x6f, 0x75, 0x72,
-	0x63, 0x65, 0x49, 0x64, 0x12, 0x1d, 0x0a, 0x0a, 0x63, 0x72, 0x65, 0x61, 0x74, 0x65, 0x64, 0x5f,
-	0x61, 0x74, 0x18, 0x06, 0x20, 0x01, 0x28, 0x03, 0x52, 0x09, 0x63, 0x72, 0x65, 0x61, 0x74, 0x65,
+	0x61, 0x74, 0x65, 0x64, 0x41, 0x74, 0x12, 0x1f, 0x0a, 0x0b, 0x69, 0x73, 0x5f, 0x73, 0x68, 0x61,
+	0x72, 0x61, 0x62, 0x6c, 0x65, 0x18, 0x0c, 0x20, 0x01, 0x28, 0x08, 0x52, 0x0a, 0x69, 0x73, 0x53,
+	0x68, 0x61, 0x72, 0x61, 0x62, 0x6c, 0x65, 0x12, 0x30, 0x0a, 0x14, 0x6e, 0x65, 0x65, 0x64, 0x5f,
+	0x73, 0x65, 0x6e, 0x73, 0x69, 0x74, 0x69, 0x76, 0x65, 0x5f, 0x73, 0x63, 0x6f, 0x70, 0x65, 0x18,
+	0x0d, 0x20, 0x01, 0x28, 0x08, 0x52, 0x12, 0x6e, 0x65, 0x65, 0x64, 0x53, 0x65, 0x6e, 0x73, 0x69,
+	0x74, 0x69, 0x76, 0x65, 0x53, 0x63, 0x6f, 0x70, 0x65, 0x22, 0xe1, 0x01, 0x0a, 0x07, 0x44, 0x61,
+	0x74, 0x61, 0x73, 0x65, 0x74, 0x12, 0x0e, 0x0a, 0x02, 0x69, 0x64, 0x18, 0x01, 0x20, 0x01, 0x28,
+	0x09, 0x52, 0x02, 0x69, 0x64, 0x12, 0x1b, 0x0a, 0x09, 0x72, 0x65, 0x70, 0x6f, 0x72, 0x74, 0x5f,
+	0x69, 0x64, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x08, 0x72, 0x65, 0x70, 0x6f, 0x72, 0x74,
+	0x49, 0x64, 0x12, 0x19, 0x0a, 0x08, 0x71, 0x75, 0x65, 0x72, 0x79, 0x5f, 0x69, 0x64, 0x18, 0x03,
+	0x20, 0x01, 0x28, 0x09, 0x52, 0x07, 0x71, 0x75, 0x65, 0x72, 0x79, 0x49, 0x64, 0x12, 0x1d, 0x0a,
+	0x0a, 0x63, 0x72, 0x65, 0x61, 0x74, 0x65, 0x64, 0x5f, 0x61, 0x74, 0x18, 0x04, 0x20, 0x01, 0x28,
+	0x03, 0x52, 0x09, 0x63, 0x72, 0x65, 0x61, 0x74, 0x65, 0x64, 0x41, 0x74, 0x12, 0x1d, 0x0a, 0x0a,
+	0x75, 0x70, 0x64, 0x61, 0x74, 0x65, 0x64, 0x5f, 0x61, 0x74, 0x18, 0x05, 0x20, 0x01, 0x28, 0x03,
+	0x52, 0x09, 0x75, 0x70, 0x64, 0x61, 0x74, 0x65, 0x64, 0x41, 0x74, 0x12, 0x17, 0x0a, 0x07, 0x66,
+	0x69, 0x6c, 0x65, 0x5f, 0x69, 0x64, 0x18, 0x06, 0x20, 0x01, 0x28, 0x09, 0x52, 0x06, 0x66, 0x69,
+	0x6c, 0x65, 0x49, 0x64, 0x12, 0x12, 0x0a, 0x04, 0x6e, 0x61, 0x6d, 0x65, 0x18, 0x07, 0x20, 0x01,
+	0x28, 0x09, 0x52, 0x04, 0x6e, 0x61, 0x6d, 0x65, 0x12, 0x23, 0x0a, 0x0d, 0x63, 0x6f, 0x6e, 0x6e,
+	0x65, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x5f, 0x69, 0x64, 0x18, 0x08, 0x20, 0x01, 0x28, 0x09, 0x52,
+	0x0c, 0x63, 0x6f, 0x6e, 0x6e, 0x65, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x49, 0x64, 0x22, 0xdc, 0x05,
+	0x0a, 0x05, 0x51, 0x75, 0x65, 0x72, 0x79, 0x12, 0x0e, 0x0a, 0x02, 0x69, 0x64, 0x18, 0x01, 0x20,
+	0x01, 0x28, 0x09, 0x52, 0x02, 0x69, 0x64, 0x12, 0x1d, 0x0a, 0x0a, 0x71, 0x75, 0x65, 0x72, 0x79,
+	0x5f, 0x74, 0x65, 0x78, 0x74, 0x18, 0x03, 0x20, 0x01, 0x28, 0x09, 0x52, 0x09, 0x71, 0x75, 0x65,
+	0x72, 0x79, 0x54, 0x65, 0x78, 0x74, 0x12, 0x2f, 0x0a, 0x0a, 0x6a, 0x6f, 0x62, 0x5f, 0x73, 0x74,
+	0x61, 0x74, 0x75, 0x73, 0x18, 0x04, 0x20, 0x01, 0x28, 0x0e, 0x32, 0x10, 0x2e, 0x51, 0x75, 0x65,
+	0x72, 0x79, 0x2e, 0x4a, 0x6f, 0x62, 0x53, 0x74, 0x61, 0x74, 0x75, 0x73, 0x52, 0x09, 0x6a, 0x6f,
+	0x62, 0x53, 0x74, 0x61, 0x74, 0x75, 0x73, 0x12, 0x22, 0x0a, 0x0d, 0x6a, 0x6f, 0x62, 0x5f, 0x72,
+	0x65, 0x73, 0x75, 0x6c, 0x74, 0x5f, 0x69, 0x64, 0x18, 0x05, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0b,
+	0x6a, 0x6f, 0x62, 0x52, 0x65, 0x73, 0x75, 0x6c, 0x74, 0x49, 0x64, 0x12, 0x1b, 0x0a, 0x09, 0x6a,
+	0x6f, 0x62, 0x5f, 0x65, 0x72, 0x72, 0x6f, 0x72, 0x18, 0x06, 0x20, 0x01, 0x28, 0x09, 0x52, 0x08,
+	0x6a, 0x6f, 0x62, 0x45, 0x72, 0x72, 0x6f, 0x72, 0x12, 0x21, 0x0a, 0x0c, 0x6a, 0x6f, 0x62, 0x5f,
+	0x64, 0x75, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x18, 0x07, 0x20, 0x01, 0x28, 0x03, 0x52, 0x0b,
+	0x6a, 0x6f, 0x62, 0x44, 0x75, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x12, 0x1d, 0x0a, 0x0a, 0x74,
+	0x6f, 0x74, 0x61, 0x6c, 0x5f, 0x72, 0x6f, 0x77, 0x73, 0x18, 0x08, 0x20, 0x01, 0x28, 0x05, 0x52,
+	0x09, 0x74, 0x6f, 0x74, 0x61, 0x6c, 0x52, 0x6f, 0x77, 0x73, 0x12, 0x27, 0x0a, 0x0f, 0x62, 0x79,
+	0x74, 0x65, 0x73, 0x5f, 0x70, 0x72, 0x6f, 0x63, 0x65, 0x73, 0x73, 0x65, 0x64, 0x18, 0x09, 0x20,
+	0x01, 0x28, 0x03, 0x52, 0x0e, 0x62, 0x79, 0x74, 0x65, 0x73, 0x50, 0x72, 0x6f, 0x63, 0x65, 0x73,
+	0x73, 0x65, 0x64, 0x12, 0x1f, 0x0a, 0x0b, 0x72, 0x65, 0x73, 0x75, 0x6c, 0x74, 0x5f, 0x73, 0x69,
+	0x7a, 0x65, 0x18, 0x0a, 0x20, 0x01, 0x28, 0x03, 0x52, 0x0a, 0x72, 0x65, 0x73, 0x75, 0x6c, 0x74,
+	0x53, 0x69, 0x7a, 0x65, 0x12, 0x1d, 0x0a, 0x0a, 0x63, 0x72, 0x65, 0x61, 0x74, 0x65, 0x64, 0x5f,
+	0x61, 0x74, 0x18, 0x0b, 0x20, 0x01, 0x28, 0x03, 0x52, 0x09, 0x63, 0x72, 0x65, 0x61, 0x74, 0x65,
 	0x64, 0x41, 0x74, 0x12, 0x1d, 0x0a, 0x0a, 0x75, 0x70, 0x64, 0x61, 0x74, 0x65, 0x64, 0x5f, 0x61,
-	0x74, 0x18, 0x07, 0x20, 0x01, 0x28, 0x03, 0x52, 0x09, 0x75, 0x70, 0x64, 0x61, 0x74, 0x65, 0x64,
-	0x41, 0x74, 0x12, 0x2d, 0x0a, 0x0b, 0x66, 0x69, 0x6c, 0x65, 0x5f, 0x73, 0x74, 0x61, 0x74, 0x75,
-	0x73, 0x18, 0x08, 0x20, 0x01, 0x28, 0x0e, 0x32, 0x0c, 0x2e, 0x46, 0x69, 0x6c, 0x65, 0x2e, 0x53,
-	0x74, 0x61, 0x74, 0x75, 0x73, 0x52, 0x0a, 0x66, 0x69, 0x6c, 0x65, 0x53, 0x74, 0x61, 0x74, 0x75,
-	0x73, 0x12, 0x21, 0x0a, 0x0c, 0x75, 0x70, 0x6c, 0x6f, 0x61, 0x64, 0x5f, 0x65, 0x72, 0x72, 0x6f,
-	0x72, 0x18, 0x09, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0b, 0x75, 0x70, 0x6c, 0x6f, 0x61, 0x64, 0x45,
-	0x72, 0x72, 0x6f, 0x72, 0x22, 0x58, 0x0a, 0x06, 0x53, 0x74, 0x61, 0x74, 0x75, 0x73, 0x12, 0x16,
-	0x0a, 0x12, 0x53, 0x54, 0x41, 0x54, 0x55, 0x53, 0x5f, 0x55, 0x4e, 0x53, 0x50, 0x45, 0x43, 0x49,
-	0x46, 0x49, 0x45, 0x44, 0x10, 0x00, 0x12, 0x0e, 0x0a, 0x0a, 0x53, 0x54, 0x41, 0x54, 0x55, 0x53,
-	0x5f, 0x4e, 0x45, 0x57, 0x10, 0x01, 0x12, 0x13, 0x0a, 0x0f, 0x53, 0x54, 0x41, 0x54, 0x55, 0x53,
-	0x5f, 0x52, 0x45, 0x43, 0x45, 0x49, 0x56, 0x45, 0x44, 0x10, 0x02, 0x12, 0x11, 0x0a, 0x0d, 0x53,
-	0x54, 0x41, 0x54, 0x55, 0x53, 0x5f, 0x53, 0x54, 0x4f, 0x52, 0x45, 0x44, 0x10, 0x03, 0x22, 0x54,
-	0x0a, 0x13, 0x55, 0x70, 0x64, 0x61, 0x74, 0x65, 0x52, 0x65, 0x70, 0x6f, 0x72, 0x74, 0x52, 0x65,
-	0x71, 0x75, 0x65, 0x73, 0x74, 0x12, 0x1f, 0x0a, 0x06, 0x72, 0x65, 0x70, 0x6f, 0x72, 0x74, 0x18,
-	0x01, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x07, 0x2e, 0x52, 0x65, 0x70, 0x6f, 0x72, 0x74, 0x52, 0x06,
-	0x72, 0x65, 0x70, 0x6f, 0x72, 0x74, 0x12, 0x1c, 0x0a, 0x05, 0x71, 0x75, 0x65, 0x72, 0x79, 0x18,
-	0x02, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x06, 0x2e, 0x51, 0x75, 0x65, 0x72, 0x79, 0x52, 0x05, 0x71,
-	0x75, 0x65, 0x72, 0x79, 0x22, 0x16, 0x0a, 0x14, 0x55, 0x70, 0x64, 0x61, 0x74, 0x65, 0x52, 0x65,
-	0x70, 0x6f, 0x72, 0x74, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x22, 0x4b, 0x0a, 0x0f,
-	0x52, 0x75, 0x6e, 0x51, 0x75, 0x65, 0x72, 0x79, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x12,
-	0x19, 0x0a, 0x08, 0x71, 0x75, 0x65, 0x72, 0x79, 0x5f, 0x69, 0x64, 0x18, 0x01, 0x20, 0x01, 0x28,
-	0x09, 0x52, 0x07, 0x71, 0x75, 0x65, 0x72, 0x79, 0x49, 0x64, 0x12, 0x1d, 0x0a, 0x0a, 0x71, 0x75,
-	0x65, 0x72, 0x79, 0x5f, 0x74, 0x65, 0x78, 0x74, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x09,
-	0x71, 0x75, 0x65, 0x72, 0x79, 0x54, 0x65, 0x78, 0x74, 0x22, 0x12, 0x0a, 0x10, 0x52, 0x75, 0x6e,
-	0x51, 0x75, 0x65, 0x72, 0x79, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x22, 0x2f, 0x0a,
-	0x12, 0x43, 0x61, 0x6e, 0x63, 0x65, 0x6c, 0x51, 0x75, 0x65, 0x72, 0x79, 0x52, 0x65, 0x71, 0x75,
-	0x65, 0x73, 0x74, 0x12, 0x19, 0x0a, 0x08, 0x71, 0x75, 0x65, 0x72, 0x79, 0x5f, 0x69, 0x64, 0x18,
-	0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x07, 0x71, 0x75, 0x65, 0x72, 0x79, 0x49, 0x64, 0x22, 0x15,
-	0x0a, 0x13, 0x43, 0x61, 0x6e, 0x63, 0x65, 0x6c, 0x51, 0x75, 0x65, 0x72, 0x79, 0x52, 0x65, 0x73,
-	0x70, 0x6f, 0x6e, 0x73, 0x65, 0x22, 0x4d, 0x0a, 0x18, 0x55, 0x70, 0x64, 0x61, 0x74, 0x65, 0x44,
-	0x61, 0x74, 0x61, 0x73, 0x65, 0x74, 0x4e, 0x61, 0x6d, 0x65, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73,
-	0x74, 0x12, 0x1d, 0x0a, 0x0a, 0x64, 0x61, 0x74, 0x61, 0x73, 0x65, 0x74, 0x5f, 0x69, 0x64, 0x18,
-	0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x09, 0x64, 0x61, 0x74, 0x61, 0x73, 0x65, 0x74, 0x49, 0x64,
-	0x12, 0x12, 0x0a, 0x04, 0x6e, 0x61, 0x6d, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x04,
-	0x6e, 0x61, 0x6d, 0x65, 0x22, 0x1b, 0x0a, 0x19, 0x55, 0x70, 0x64, 0x61, 0x74, 0x65, 0x44, 0x61,
-	0x74, 0x61, 0x73, 0x65, 0x74, 0x4e, 0x61, 0x6d, 0x65, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73,
-	0x65, 0x22, 0x64, 0x0a, 0x1e, 0x55, 0x70, 0x64, 0x61, 0x74, 0x65, 0x44, 0x61, 0x74, 0x61, 0x73,
-	0x65, 0x74, 0x43, 0x6f, 0x6e, 0x6e, 0x65, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x52, 0x65, 0x71, 0x75,
-	0x65, 0x73, 0x74, 0x12, 0x1d, 0x0a, 0x0a, 0x64, 0x61, 0x74, 0x61, 0x73, 0x65, 0x74, 0x5f, 0x69,
-	0x64, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x09, 0x64, 0x61, 0x74, 0x61, 0x73, 0x65, 0x74,
-	0x49, 0x64, 0x12, 0x23, 0x0a, 0x0d, 0x63, 0x6f, 0x6e, 0x6e, 0x65, 0x63, 0x74, 0x69, 0x6f, 0x6e,
-	0x5f, 0x69, 0x64, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0c, 0x63, 0x6f, 0x6e, 0x6e, 0x65,
-	0x63, 0x74, 0x69, 0x6f, 0x6e, 0x49, 0x64, 0x22, 0x21, 0x0a, 0x1f, 0x55, 0x70, 0x64, 0x61, 0x74,
-	0x65, 0x44, 0x61, 0x74, 0x61, 0x73, 0x65, 0x74, 0x43, 0x6f, 0x6e, 0x6e, 0x65, 0x63, 0x74, 0x69,
-	0x6f, 0x6e, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x22, 0x33, 0x0a, 0x14, 0x43, 0x72,
-	0x65, 0x61, 0x74, 0x65, 0x44, 0x61, 0x74, 0x61, 0x73, 0x65, 0x74, 0x52, 0x65, 0x71, 0x75, 0x65,
-	0x73, 0x74, 0x12, 0x1b, 0x0a, 0x09, 0x72, 0x65, 0x70, 0x6f, 0x72, 0x74, 0x5f, 0x69, 0x64, 0x18,
-	0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x08, 0x72, 0x65, 0x70, 0x6f, 0x72, 0x74, 0x49, 0x64, 0x22,
-	0x17, 0x0a, 0x15, 0x43, 0x72, 0x65, 0x61, 0x74, 0x65, 0x44, 0x61, 0x74, 0x61, 0x73, 0x65, 0x74,
-	0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x22, 0x32, 0x0a, 0x11, 0x43, 0x72, 0x65, 0x61,
-	0x74, 0x65, 0x46, 0x69, 0x6c, 0x65, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x12, 0x1d, 0x0a,
-	0x0a, 0x64, 0x61, 0x74, 0x61, 0x73, 0x65, 0x74, 0x5f, 0x69, 0x64, 0x18, 0x01, 0x20, 0x01, 0x28,
-	0x09, 0x52, 0x09, 0x64, 0x61, 0x74, 0x61, 0x73, 0x65, 0x74, 0x49, 0x64, 0x22, 0x2d, 0x0a, 0x12,
-	0x43, 0x72, 0x65, 0x61, 0x74, 0x65, 0x46, 0x69, 0x6c, 0x65, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e,
-	0x73, 0x65, 0x12, 0x17, 0x0a, 0x07, 0x66, 0x69, 0x6c, 0x65, 0x5f, 0x69, 0x64, 0x18, 0x01, 0x20,
-	0x01, 0x28, 0x09, 0x52, 0x06, 0x66, 0x69, 0x6c, 0x65, 0x49, 0x64, 0x22, 0x33, 0x0a, 0x12, 0x43,
-	0x72, 0x65, 0x61, 0x74, 0x65, 0x51, 0x75, 0x65, 0x72, 0x79, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73,
-	0x74, 0x12, 0x1d, 0x0a, 0x0a, 0x64, 0x61, 0x74, 0x61, 0x73, 0x65, 0x74, 0x5f, 0x69, 0x64, 0x18,
-	0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x09, 0x64, 0x61, 0x74, 0x61, 0x73, 0x65, 0x74, 0x49, 0x64,
-	0x22, 0x33, 0x0a, 0x13, 0x43, 0x72, 0x65, 0x61, 0x74, 0x65, 0x51, 0x75, 0x65, 0x72, 0x79, 0x52,
-	0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x12, 0x1c, 0x0a, 0x05, 0x71, 0x75, 0x65, 0x72, 0x79,
-	0x18, 0x01, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x06, 0x2e, 0x51, 0x75, 0x65, 0x72, 0x79, 0x52, 0x05,
-	0x71, 0x75, 0x65, 0x72, 0x79, 0x22, 0x6d, 0x0a, 0x13, 0x52, 0x65, 0x70, 0x6f, 0x72, 0x74, 0x53,
-	0x74, 0x72, 0x65, 0x61, 0x6d, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x12, 0x1f, 0x0a, 0x06,
-	0x72, 0x65, 0x70, 0x6f, 0x72, 0x74, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x07, 0x2e, 0x52,
-	0x65, 0x70, 0x6f, 0x72, 0x74, 0x52, 0x06, 0x72, 0x65, 0x70, 0x6f, 0x72, 0x74, 0x12, 0x35, 0x0a,
-	0x0e, 0x73, 0x74, 0x72, 0x65, 0x61, 0x6d, 0x5f, 0x6f, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x18,
-	0x02, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x0e, 0x2e, 0x53, 0x74, 0x72, 0x65, 0x61, 0x6d, 0x4f, 0x70,
-	0x74, 0x69, 0x6f, 0x6e, 0x73, 0x52, 0x0d, 0x73, 0x74, 0x72, 0x65, 0x61, 0x6d, 0x4f, 0x70, 0x74,
-	0x69, 0x6f, 0x6e, 0x73, 0x22, 0x82, 0x02, 0x0a, 0x14, 0x52, 0x65, 0x70, 0x6f, 0x72, 0x74, 0x53,
-	0x74, 0x72, 0x65, 0x61, 0x6d, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x12, 0x1f, 0x0a,
-	0x06, 0x72, 0x65, 0x70, 0x6f, 0x72, 0x74, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x07, 0x2e,
-	0x52, 0x65, 0x70, 0x6f, 0x72, 0x74, 0x52, 0x06, 0x72, 0x65, 0x70, 0x6f, 0x72, 0x74, 0x12, 0x20,
-	0x0a, 0x07, 0x71, 0x75, 0x65, 0x72, 0x69, 0x65, 0x73, 0x18, 0x02, 0x20, 0x03, 0x28, 0x0b, 0x32,
-	0x06, 0x2e, 0x51, 0x75, 0x65, 0x72, 0x79, 0x52, 0x07, 0x71, 0x75, 0x65, 0x72, 0x69, 0x65, 0x73,
+	0x74, 0x18, 0x0c, 0x20, 0x01, 0x28, 0x03, 0x52, 0x09, 0x75, 0x70, 0x64, 0x61, 0x74, 0x65, 0x64,
+	0x41, 0x74, 0x12, 0x35, 0x0a, 0x0c, 0x71, 0x75, 0x65, 0x72, 0x79, 0x5f, 0x73, 0x6f, 0x75, 0x72,
+	0x63, 0x65, 0x18, 0x0d, 0x20, 0x01, 0x28, 0x0e, 0x32, 0x12, 0x2e, 0x51, 0x75, 0x65, 0x72, 0x79,
+	0x2e, 0x51, 0x75, 0x65, 0x72, 0x79, 0x53, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x52, 0x0b, 0x71, 0x75,
+	0x65, 0x72, 0x79, 0x53, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x12, 0x26, 0x0a, 0x0f, 0x71, 0x75, 0x65,
+	0x72, 0x79, 0x5f, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x5f, 0x69, 0x64, 0x18, 0x0e, 0x20, 0x01,
+	0x28, 0x09, 0x52, 0x0d, 0x71, 0x75, 0x65, 0x72, 0x79, 0x53, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x49,
+	0x64, 0x22, 0xa8, 0x01, 0x0a, 0x09, 0x4a, 0x6f, 0x62, 0x53, 0x74, 0x61, 0x74, 0x75, 0x73, 0x12,
+	0x1a, 0x0a, 0x16, 0x4a, 0x4f, 0x42, 0x5f, 0x53, 0x54, 0x41, 0x54, 0x55, 0x53, 0x5f, 0x55, 0x4e,
+	0x53, 0x50, 0x45, 0x43, 0x49, 0x46, 0x49, 0x45, 0x44, 0x10, 0x00, 0x12, 0x16, 0x0a, 0x12, 0x4a,
+	0x4f, 0x42, 0x5f, 0x53, 0x54, 0x41, 0x54, 0x55, 0x53, 0x5f, 0x50, 0x45, 0x4e, 0x44, 0x49, 0x4e,
+	0x47, 0x10, 0x01, 0x12, 0x16, 0x0a, 0x12, 0x4a, 0x4f, 0x42, 0x5f, 0x53, 0x54, 0x41, 0x54, 0x55,
+	0x53, 0x5f, 0x52, 0x55, 0x4e, 0x4e, 0x49, 0x4e, 0x47, 0x10, 0x02, 0x12, 0x1a, 0x0a, 0x16, 0x4a,
+	0x4f, 0x42, 0x5f, 0x53, 0x54, 0x41, 0x54, 0x55, 0x53, 0x5f, 0x44, 0x4f, 0x4e, 0x45, 0x5f, 0x4c,
+	0x45, 0x47, 0x41, 0x43, 0x59, 0x10, 0x03, 0x12, 0x1e, 0x0a, 0x1a, 0x4a, 0x4f, 0x42, 0x5f, 0x53,
+	0x54, 0x41, 0x54, 0x55, 0x53, 0x5f, 0x52, 0x45, 0x41, 0x44, 0x49, 0x4e, 0x47, 0x5f, 0x52, 0x45,
+	0x53, 0x55, 0x4c, 0x54, 0x53, 0x10, 0x04, 0x12, 0x13, 0x0a, 0x0f, 0x4a, 0x4f, 0x42, 0x5f, 0x53,
+	0x54, 0x41, 0x54, 0x55, 0x53, 0x5f, 0x44, 0x4f, 0x4e, 0x45, 0x10, 0x05, 0x22, 0x5e, 0x0a, 0x0b,
+	0x51, 0x75, 0x65, 0x72, 0x79, 0x53, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x12, 0x1c, 0x0a, 0x18, 0x51,
+	0x55, 0x45, 0x52, 0x59, 0x5f, 0x53, 0x4f, 0x55, 0x52, 0x43, 0x45, 0x5f, 0x55, 0x4e, 0x53, 0x50,
+	0x45, 0x43, 0x49, 0x46, 0x49, 0x45, 0x44, 0x10, 0x00, 0x12, 0x17, 0x0a, 0x13, 0x51, 0x55, 0x45,
+	0x52, 0x59, 0x5f, 0x53, 0x4f, 0x55, 0x52, 0x43, 0x45, 0x5f, 0x49, 0x4e, 0x4c, 0x49, 0x4e, 0x45,
+	0x10, 0x01, 0x12, 0x18, 0x0a, 0x14, 0x51, 0x55, 0x45, 0x52, 0x59, 0x5f, 0x53, 0x4f, 0x55, 0x52,
+	0x43, 0x45, 0x5f, 0x53, 0x54, 0x4f, 0x52, 0x41, 0x47, 0x45, 0x10, 0x02, 0x22, 0xe2, 0x02, 0x0a,
+	0x04, 0x46, 0x69, 0x6c, 0x65, 0x12, 0x0e, 0x0a, 0x02, 0x69, 0x64, 0x18, 0x01, 0x20, 0x01, 0x28,
+	0x09, 0x52, 0x02, 0x69, 0x64, 0x12, 0x12, 0x0a, 0x04, 0x6e, 0x61, 0x6d, 0x65, 0x18, 0x02, 0x20,
+	0x01, 0x28, 0x09, 0x52, 0x04, 0x6e, 0x61, 0x6d, 0x65, 0x12, 0x1b, 0x0a, 0x09, 0x6d, 0x69, 0x6d,
+	0x65, 0x5f, 0x74, 0x79, 0x70, 0x65, 0x18, 0x03, 0x20, 0x01, 0x28, 0x09, 0x52, 0x08, 0x6d, 0x69,
+	0x6d, 0x65, 0x54, 0x79, 0x70, 0x65, 0x12, 0x12, 0x0a, 0x04, 0x73, 0x69, 0x7a, 0x65, 0x18, 0x04,
+	0x20, 0x01, 0x28, 0x03, 0x52, 0x04, 0x73, 0x69, 0x7a, 0x65, 0x12, 0x1b, 0x0a, 0x09, 0x73, 0x6f,
+	0x75, 0x72, 0x63, 0x65, 0x5f, 0x69, 0x64, 0x18, 0x05, 0x20, 0x01, 0x28, 0x09, 0x52, 0x08, 0x73,
+	0x6f, 0x75, 0x72, 0x63, 0x65, 0x49, 0x64, 0x12, 0x1d, 0x0a, 0x0a, 0x63, 0x72, 0x65, 0x61, 0x74,
+	0x65, 0x64, 0x5f, 0x61, 0x74, 0x18, 0x06, 0x20, 0x01, 0x28, 0x03, 0x52, 0x09, 0x63, 0x72, 0x65,
+	0x61, 0x74, 0x65, 0x64, 0x41, 0x74, 0x12, 0x1d, 0x0a, 0x0a, 0x75, 0x70, 0x64, 0x61, 0x74, 0x65,
+	0x64, 0x5f, 0x61, 0x74, 0x18, 0x07, 0x20, 0x01, 0x28, 0x03, 0x52, 0x09, 0x75, 0x70, 0x64, 0x61,
+	0x74, 0x65, 0x64, 0x41, 0x74, 0x12, 0x2d, 0x0a, 0x0b, 0x66, 0x69, 0x6c, 0x65, 0x5f, 0x73, 0x74,
+	0x61, 0x74, 0x75, 0x73, 0x18, 0x08, 0x20, 0x01, 0x28, 0x0e, 0x32, 0x0c, 0x2e, 0x46, 0x69, 0x6c,
+	0x65, 0x2e, 0x53, 0x74, 0x61, 0x74, 0x75, 0x73, 0x52, 0x0a, 0x66, 0x69, 0x6c, 0x65, 0x53, 0x74,
+	0x61, 0x74, 0x75, 0x73, 0x12, 0x21, 0x0a, 0x0c, 0x75, 0x70, 0x6c, 0x6f, 0x61, 0x64, 0x5f, 0x65,
+	0x72, 0x72, 0x6f, 0x72, 0x18, 0x09, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0b, 0x75, 0x70, 0x6c, 0x6f,
+	0x61, 0x64, 0x45, 0x72, 0x72, 0x6f, 0x72, 0x22, 0x58, 0x0a, 0x06, 0x53, 0x74, 0x61, 0x74, 0x75,
+	0x73, 0x12, 0x16, 0x0a, 0x12, 0x53, 0x54, 0x41, 0x54, 0x55, 0x53, 0x5f, 0x55, 0x4e, 0x53, 0x50,
+	0x45, 0x43, 0x49, 0x46, 0x49, 0x45, 0x44, 0x10, 0x00, 0x12, 0x0e, 0x0a, 0x0a, 0x53, 0x54, 0x41,
+	0x54, 0x55, 0x53, 0x5f, 0x4e, 0x45, 0x57, 0x10, 0x01, 0x12, 0x13, 0x0a, 0x0f, 0x53, 0x54, 0x41,
+	0x54, 0x55, 0x53, 0x5f, 0x52, 0x45, 0x43, 0x45, 0x49, 0x56, 0x45, 0x44, 0x10, 0x02, 0x12, 0x11,
+	0x0a, 0x0d, 0x53, 0x54, 0x41, 0x54, 0x55, 0x53, 0x5f, 0x53, 0x54, 0x4f, 0x52, 0x45, 0x44, 0x10,
+	0x03, 0x22, 0x54, 0x0a, 0x13, 0x55, 0x70, 0x64, 0x61, 0x74, 0x65, 0x52, 0x65, 0x70, 0x6f, 0x72,
+	0x74, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x12, 0x1f, 0x0a, 0x06, 0x72, 0x65, 0x70, 0x6f,
+	0x72, 0x74, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x07, 0x2e, 0x52, 0x65, 0x70, 0x6f, 0x72,
+	0x74, 0x52, 0x06, 0x72, 0x65, 0x70, 0x6f, 0x72, 0x74, 0x12, 0x1c, 0x0a, 0x05, 0x71, 0x75, 0x65,
+	0x72, 0x79, 0x18, 0x02, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x06, 0x2e, 0x51, 0x75, 0x65, 0x72, 0x79,
+	0x52, 0x05, 0x71, 0x75, 0x65, 0x72, 0x79, 0x22, 0x16, 0x0a, 0x14, 0x55, 0x70, 0x64, 0x61, 0x74,
+	0x65, 0x52, 0x65, 0x70, 0x6f, 0x72, 0x74, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x22,
+	0x4b, 0x0a, 0x0f, 0x52, 0x75, 0x6e, 0x51, 0x75, 0x65, 0x72, 0x79, 0x52, 0x65, 0x71, 0x75, 0x65,
+	0x73, 0x74, 0x12, 0x19, 0x0a, 0x08, 0x71, 0x75, 0x65, 0x72, 0x79, 0x5f, 0x69, 0x64, 0x18, 0x01,
+	0x20, 0x01, 0x28, 0x09, 0x52, 0x07, 0x71, 0x75, 0x65, 0x72, 0x79, 0x49, 0x64, 0x12, 0x1d, 0x0a,
+	0x0a, 0x71, 0x75, 0x65, 0x72, 0x79, 0x5f, 0x74, 0x65, 0x78, 0x74, 0x18, 0x02, 0x20, 0x01, 0x28,
+	0x09, 0x52, 0x09, 0x71, 0x75, 0x65, 0x72, 0x79, 0x54, 0x65, 0x78, 0x74, 0x22, 0x12, 0x0a, 0x10,
+	0x52, 0x75, 0x6e, 0x51, 0x75, 0x65, 0x72, 0x79, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65,
+	0x22, 0x2f, 0x0a, 0x12, 0x43, 0x61, 0x6e, 0x63, 0x65, 0x6c, 0x51, 0x75, 0x65, 0x72, 0x79, 0x52,
+	0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x12, 0x19, 0x0a, 0x08, 0x71, 0x75, 0x65, 0x72, 0x79, 0x5f,
+	0x69, 0x64, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x07, 0x71, 0x75, 0x65, 0x72, 0x79, 0x49,
+	0x64, 0x22, 0x15, 0x0a, 0x13, 0x43, 0x61, 0x6e, 0x63, 0x65, 0x6c, 0x51, 0x75, 0x65, 0x72, 0x79,
+	0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x22, 0x4d, 0x0a, 0x18, 0x55, 0x70, 0x64, 0x61,
+	0x74, 0x65, 0x44, 0x61, 0x74, 0x61, 0x73, 0x65, 0x74, 0x4e, 0x61, 0x6d, 0x65, 0x52, 0x65, 0x71,
+	0x75, 0x65, 0x73, 0x74, 0x12, 0x1d, 0x0a, 0x0a, 0x64, 0x61, 0x74, 0x61, 0x73, 0x65, 0x74, 0x5f,
+	0x69, 0x64, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x09, 0x64, 0x61, 0x74, 0x61, 0x73, 0x65,
+	0x74, 0x49, 0x64, 0x12, 0x12, 0x0a, 0x04, 0x6e, 0x61, 0x6d, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28,
+	0x09, 0x52, 0x04, 0x6e, 0x61, 0x6d, 0x65, 0x22, 0x1b, 0x0a, 0x19, 0x55, 0x70, 0x64, 0x61, 0x74,
+	0x65, 0x44, 0x61, 0x74, 0x61, 0x73, 0x65, 0x74, 0x4e, 0x61, 0x6d, 0x65, 0x52, 0x65, 0x73, 0x70,
+	0x6f, 0x6e, 0x73, 0x65, 0x22, 0x64, 0x0a, 0x1e, 0x55, 0x70, 0x64, 0x61, 0x74, 0x65, 0x44, 0x61,
+	0x74, 0x61, 0x73, 0x65, 0x74, 0x43, 0x6f, 0x6e, 0x6e, 0x65, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x52,
+	0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x12, 0x1d, 0x0a, 0x0a, 0x64, 0x61, 0x74, 0x61, 0x73, 0x65,
+	0x74, 0x5f, 0x69, 0x64, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x09, 0x64, 0x61, 0x74, 0x61,
+	0x73, 0x65, 0x74, 0x49, 0x64, 0x12, 0x23, 0x0a, 0x0d, 0x63, 0x6f, 0x6e, 0x6e, 0x65, 0x63, 0x74,
+	0x69, 0x6f, 0x6e, 0x5f, 0x69, 0x64, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0c, 0x63, 0x6f,
+	0x6e, 0x6e, 0x65, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x49, 0x64, 0x22, 0x21, 0x0a, 0x1f, 0x55, 0x70,
+	0x64, 0x61, 0x74, 0x65, 0x44, 0x61, 0x74, 0x61, 0x73, 0x65, 0x74, 0x43, 0x6f, 0x6e, 0x6e, 0x65,
+	0x63, 0x74, 0x69, 0x6f, 0x6e, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x22, 0x33, 0x0a,
+	0x14, 0x43, 0x72, 0x65, 0x61, 0x74, 0x65, 0x44, 0x61, 0x74, 0x61, 0x73, 0x65, 0x74, 0x52, 0x65,
+	0x71, 0x75, 0x65, 0x73, 0x74, 0x12, 0x1b, 0x0a, 0x09, 0x72, 0x65, 0x70, 0x6f, 0x72, 0x74, 0x5f,
+	0x69, 0x64, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x08, 0x72, 0x65, 0x70, 0x6f, 0x72, 0x74,
+	0x49, 0x64, 0x22, 0x17, 0x0a, 0x15, 0x43, 0x72, 0x65, 0x61, 0x74, 0x65, 0x44, 0x61, 0x74, 0x61,
+	0x73, 0x65, 0x74, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x22, 0x32, 0x0a, 0x11, 0x43,
+	0x72, 0x65, 0x61, 0x74, 0x65, 0x46, 0x69, 0x6c, 0x65, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74,
+	0x12, 0x1d, 0x0a, 0x0a, 0x64, 0x61, 0x74, 0x61, 0x73, 0x65, 0x74, 0x5f, 0x69, 0x64, 0x18, 0x01,
+	0x20, 0x01, 0x28, 0x09, 0x52, 0x09, 0x64, 0x61, 0x74, 0x61, 0x73, 0x65, 0x74, 0x49, 0x64, 0x22,
+	0x2d, 0x0a, 0x12, 0x43, 0x72, 0x65, 0x61, 0x74, 0x65, 0x46, 0x69, 0x6c, 0x65, 0x52, 0x65, 0x73,
+	0x70, 0x6f, 0x6e, 0x73, 0x65, 0x12, 0x17, 0x0a, 0x07, 0x66, 0x69, 0x6c, 0x65, 0x5f, 0x69, 0x64,
+	0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x06, 0x66, 0x69, 0x6c, 0x65, 0x49, 0x64, 0x22, 0x33,
+	0x0a, 0x12, 0x43, 0x72, 0x65, 0x61, 0x74, 0x65, 0x51, 0x75, 0x65, 0x72, 0x79, 0x52, 0x65, 0x71,
+	0x75, 0x65, 0x73, 0x74, 0x12, 0x1d, 0x0a, 0x0a, 0x64, 0x61, 0x74, 0x61, 0x73, 0x65, 0x74, 0x5f,
+	0x69, 0x64, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x09, 0x64, 0x61, 0x74, 0x61, 0x73, 0x65,
+	0x74, 0x49, 0x64, 0x22, 0x33, 0x0a, 0x13, 0x43, 0x72, 0x65, 0x61, 0x74, 0x65, 0x51, 0x75, 0x65,
+	0x72, 0x79, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x12, 0x1c, 0x0a, 0x05, 0x71, 0x75,
+	0x65, 0x72, 0x79, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x06, 0x2e, 0x51, 0x75, 0x65, 0x72,
+	0x79, 0x52, 0x05, 0x71, 0x75, 0x65, 0x72, 0x79, 0x22, 0x6d, 0x0a, 0x13, 0x52, 0x65, 0x70, 0x6f,
+	0x72, 0x74, 0x53, 0x74, 0x72, 0x65, 0x61, 0x6d, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x12,
+	0x1f, 0x0a, 0x06, 0x72, 0x65, 0x70, 0x6f, 0x72, 0x74, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0b, 0x32,
+	0x07, 0x2e, 0x52, 0x65, 0x70, 0x6f, 0x72, 0x74, 0x52, 0x06, 0x72, 0x65, 0x70, 0x6f, 0x72, 0x74,
 	0x12, 0x35, 0x0a, 0x0e, 0x73, 0x74, 0x72, 0x65, 0x61, 0x6d, 0x5f, 0x6f, 0x70, 0x74, 0x69, 0x6f,
-	0x6e, 0x73, 0x18, 0x03, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x0e, 0x2e, 0x53, 0x74, 0x72, 0x65, 0x61,
+	0x6e, 0x73, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x0e, 0x2e, 0x53, 0x74, 0x72, 0x65, 0x61,
 	0x6d, 0x4f, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x52, 0x0d, 0x73, 0x74, 0x72, 0x65, 0x61, 0x6d,
-	0x4f, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x12, 0x24, 0x0a, 0x08, 0x64, 0x61, 0x74, 0x61, 0x73,
-	0x65, 0x74, 0x73, 0x18, 0x04, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x08, 0x2e, 0x44, 0x61, 0x74, 0x61,
-	0x73, 0x65, 0x74, 0x52, 0x08, 0x64, 0x61, 0x74, 0x61, 0x73, 0x65, 0x74, 0x73, 0x12, 0x1b, 0x0a,
-	0x05, 0x66, 0x69, 0x6c, 0x65, 0x73, 0x18, 0x05, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x05, 0x2e, 0x46,
-	0x69, 0x6c, 0x65, 0x52, 0x05, 0x66, 0x69, 0x6c, 0x65, 0x73, 0x12, 0x2d, 0x0a, 0x0b, 0x63, 0x6f,
-	0x6e, 0x6e, 0x65, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x18, 0x06, 0x20, 0x03, 0x28, 0x0b, 0x32,
-	0x0b, 0x2e, 0x43, 0x6f, 0x6e, 0x6e, 0x65, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x52, 0x0b, 0x63, 0x6f,
-	0x6e, 0x6e, 0x65, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x22, 0x30, 0x0a, 0x11, 0x46, 0x6f, 0x72,
-	0x6b, 0x52, 0x65, 0x70, 0x6f, 0x72, 0x74, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x12, 0x1b,
-	0x0a, 0x09, 0x72, 0x65, 0x70, 0x6f, 0x72, 0x74, 0x5f, 0x69, 0x64, 0x18, 0x01, 0x20, 0x01, 0x28,
-	0x09, 0x52, 0x08, 0x72, 0x65, 0x70, 0x6f, 0x72, 0x74, 0x49, 0x64, 0x22, 0x31, 0x0a, 0x12, 0x46,
-	0x6f, 0x72, 0x6b, 0x52, 0x65, 0x70, 0x6f, 0x72, 0x74, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73,
-	0x65, 0x12, 0x1b, 0x0a, 0x09, 0x72, 0x65, 0x70, 0x6f, 0x72, 0x74, 0x5f, 0x69, 0x64, 0x18, 0x01,
-	0x20, 0x01, 0x28, 0x09, 0x52, 0x08, 0x72, 0x65, 0x70, 0x6f, 0x72, 0x74, 0x49, 0x64, 0x22, 0x15,
-	0x0a, 0x13, 0x43, 0x72, 0x65, 0x61, 0x74, 0x65, 0x52, 0x65, 0x70, 0x6f, 0x72, 0x74, 0x52, 0x65,
-	0x71, 0x75, 0x65, 0x73, 0x74, 0x22, 0x37, 0x0a, 0x14, 0x43, 0x72, 0x65, 0x61, 0x74, 0x65, 0x52,
-	0x65, 0x70, 0x6f, 0x72, 0x74, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x12, 0x1f, 0x0a,
-	0x06, 0x72, 0x65, 0x70, 0x6f, 0x72, 0x74, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x07, 0x2e,
-	0x52, 0x65, 0x70, 0x6f, 0x72, 0x74, 0x52, 0x06, 0x72, 0x65, 0x70, 0x6f, 0x72, 0x74, 0x32, 0xe9,
-	0x0d, 0x0a, 0x06, 0x44, 0x65, 0x6b, 0x61, 0x72, 0x74, 0x12, 0x3d, 0x0a, 0x0c, 0x43, 0x72, 0x65,
-	0x61, 0x74, 0x65, 0x52, 0x65, 0x70, 0x6f, 0x72, 0x74, 0x12, 0x14, 0x2e, 0x43, 0x72, 0x65, 0x61,
-	0x74, 0x65, 0x52, 0x65, 0x70, 0x6f, 0x72, 0x74, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a,
-	0x15, 0x2e, 0x43, 0x72, 0x65, 0x61, 0x74, 0x65, 0x52, 0x65, 0x70, 0x6f, 0x72, 0x74, 0x52, 0x65,
-	0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x22, 0x00, 0x12, 0x37, 0x0a, 0x0a, 0x46, 0x6f, 0x72, 0x6b,
-	0x52, 0x65, 0x70, 0x6f, 0x72, 0x74, 0x12, 0x12, 0x2e, 0x46, 0x6f, 0x72, 0x6b, 0x52, 0x65, 0x70,
-	0x6f, 0x72, 0x74, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x13, 0x2e, 0x46, 0x6f, 0x72,
-	0x6b, 0x52, 0x65, 0x70, 0x6f, 0x72, 0x74, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x22,
-	0x00, 0x12, 0x3d, 0x0a, 0x0c, 0x55, 0x70, 0x64, 0x61, 0x74, 0x65, 0x52, 0x65, 0x70, 0x6f, 0x72,
-	0x74, 0x12, 0x14, 0x2e, 0x55, 0x70, 0x64, 0x61, 0x74, 0x65, 0x52, 0x65, 0x70, 0x6f, 0x72, 0x74,
-	0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x15, 0x2e, 0x55, 0x70, 0x64, 0x61, 0x74, 0x65,
-	0x52, 0x65, 0x70, 0x6f, 0x72, 0x74, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x22, 0x00,
-	0x12, 0x40, 0x0a, 0x0d, 0x41, 0x72, 0x63, 0x68, 0x69, 0x76, 0x65, 0x52, 0x65, 0x70, 0x6f, 0x72,
-	0x74, 0x12, 0x15, 0x2e, 0x41, 0x72, 0x63, 0x68, 0x69, 0x76, 0x65, 0x52, 0x65, 0x70, 0x6f, 0x72,
-	0x74, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x16, 0x2e, 0x41, 0x72, 0x63, 0x68, 0x69,
-	0x76, 0x65, 0x52, 0x65, 0x70, 0x6f, 0x72, 0x74, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65,
-	0x22, 0x00, 0x12, 0x46, 0x0a, 0x0f, 0x53, 0x65, 0x74, 0x44, 0x69, 0x73, 0x63, 0x6f, 0x76, 0x65,
-	0x72, 0x61, 0x62, 0x6c, 0x65, 0x12, 0x17, 0x2e, 0x53, 0x65, 0x74, 0x44, 0x69, 0x73, 0x63, 0x6f,
-	0x76, 0x65, 0x72, 0x61, 0x62, 0x6c, 0x65, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x18,
-	0x2e, 0x53, 0x65, 0x74, 0x44, 0x69, 0x73, 0x63, 0x6f, 0x76, 0x65, 0x72, 0x61, 0x62, 0x6c, 0x65,
-	0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x22, 0x00, 0x12, 0x40, 0x0a, 0x0d, 0x43, 0x72,
-	0x65, 0x61, 0x74, 0x65, 0x44, 0x61, 0x74, 0x61, 0x73, 0x65, 0x74, 0x12, 0x15, 0x2e, 0x43, 0x72,
-	0x65, 0x61, 0x74, 0x65, 0x44, 0x61, 0x74, 0x61, 0x73, 0x65, 0x74, 0x52, 0x65, 0x71, 0x75, 0x65,
-	0x73, 0x74, 0x1a, 0x16, 0x2e, 0x43, 0x72, 0x65, 0x61, 0x74, 0x65, 0x44, 0x61, 0x74, 0x61, 0x73,
-	0x65, 0x74, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x22, 0x00, 0x12, 0x40, 0x0a, 0x0d,
-	0x52, 0x65, 0x6d, 0x6f, 0x76, 0x65, 0x44, 0x61, 0x74, 0x61, 0x73, 0x65, 0x74, 0x12, 0x15, 0x2e,
-	0x52, 0x65, 0x6d, 0x6f, 0x76, 0x65, 0x44, 0x61, 0x74, 0x61, 0x73, 0x65, 0x74, 0x52, 0x65, 0x71,
-	0x75, 0x65, 0x73, 0x74, 0x1a, 0x16, 0x2e, 0x52, 0x65, 0x6d, 0x6f, 0x76, 0x65, 0x44, 0x61, 0x74,
-	0x61, 0x73, 0x65, 0x74, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x22, 0x00, 0x12, 0x4c,
-	0x0a, 0x11, 0x55, 0x70, 0x64, 0x61, 0x74, 0x65, 0x44, 0x61, 0x74, 0x61, 0x73, 0x65, 0x74, 0x4e,
-	0x61, 0x6d, 0x65, 0x12, 0x19, 0x2e, 0x55, 0x70, 0x64, 0x61, 0x74, 0x65, 0x44, 0x61, 0x74, 0x61,
-	0x73, 0x65, 0x74, 0x4e, 0x61, 0x6d, 0x65, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x1a,
-	0x2e, 0x55, 0x70, 0x64, 0x61, 0x74, 0x65, 0x44, 0x61, 0x74, 0x61, 0x73, 0x65, 0x74, 0x4e, 0x61,
-	0x6d, 0x65, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x22, 0x00, 0x12, 0x5e, 0x0a, 0x17,
-	0x55, 0x70, 0x64, 0x61, 0x74, 0x65, 0x44, 0x61, 0x74, 0x61, 0x73, 0x65, 0x74, 0x43, 0x6f, 0x6e,
-	0x6e, 0x65, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x12, 0x1f, 0x2e, 0x55, 0x70, 0x64, 0x61, 0x74, 0x65,
-	0x44, 0x61, 0x74, 0x61, 0x73, 0x65, 0x74, 0x43, 0x6f, 0x6e, 0x6e, 0x65, 0x63, 0x74, 0x69, 0x6f,
-	0x6e, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x20, 0x2e, 0x55, 0x70, 0x64, 0x61, 0x74,
-	0x65, 0x44, 0x61, 0x74, 0x61, 0x73, 0x65, 0x74, 0x43, 0x6f, 0x6e, 0x6e, 0x65, 0x63, 0x74, 0x69,
-	0x6f, 0x6e, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x22, 0x00, 0x12, 0x37, 0x0a, 0x0a,
-	0x43, 0x72, 0x65, 0x61, 0x74, 0x65, 0x46, 0x69, 0x6c, 0x65, 0x12, 0x12, 0x2e, 0x43, 0x72, 0x65,
-	0x61, 0x74, 0x65, 0x46, 0x69, 0x6c, 0x65, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x13,
-	0x2e, 0x43, 0x72, 0x65, 0x61, 0x74, 0x65, 0x46, 0x69, 0x6c, 0x65, 0x52, 0x65, 0x73, 0x70, 0x6f,
-	0x6e, 0x73, 0x65, 0x22, 0x00, 0x12, 0x3a, 0x0a, 0x0b, 0x43, 0x72, 0x65, 0x61, 0x74, 0x65, 0x51,
-	0x75, 0x65, 0x72, 0x79, 0x12, 0x13, 0x2e, 0x43, 0x72, 0x65, 0x61, 0x74, 0x65, 0x51, 0x75, 0x65,
-	0x72, 0x79, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x14, 0x2e, 0x43, 0x72, 0x65, 0x61,
-	0x74, 0x65, 0x51, 0x75, 0x65, 0x72, 0x79, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x22,
-	0x00, 0x12, 0x31, 0x0a, 0x08, 0x52, 0x75, 0x6e, 0x51, 0x75, 0x65, 0x72, 0x79, 0x12, 0x10, 0x2e,
-	0x52, 0x75, 0x6e, 0x51, 0x75, 0x65, 0x72, 0x79, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a,
-	0x11, 0x2e, 0x52, 0x75, 0x6e, 0x51, 0x75, 0x65, 0x72, 0x79, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e,
-	0x73, 0x65, 0x22, 0x00, 0x12, 0x3a, 0x0a, 0x0b, 0x43, 0x61, 0x6e, 0x63, 0x65, 0x6c, 0x51, 0x75,
-	0x65, 0x72, 0x79, 0x12, 0x13, 0x2e, 0x43, 0x61, 0x6e, 0x63, 0x65, 0x6c, 0x51, 0x75, 0x65, 0x72,
-	0x79, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x14, 0x2e, 0x43, 0x61, 0x6e, 0x63, 0x65,
-	0x6c, 0x51, 0x75, 0x65, 0x72, 0x79, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x22, 0x00,
-	0x12, 0x40, 0x0a, 0x0d, 0x52, 0x75, 0x6e, 0x41, 0x6c, 0x6c, 0x51, 0x75, 0x65, 0x72, 0x69, 0x65,
-	0x73, 0x12, 0x15, 0x2e, 0x52, 0x75, 0x6e, 0x41, 0x6c, 0x6c, 0x51, 0x75, 0x65, 0x72, 0x69, 0x65,
-	0x73, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x16, 0x2e, 0x52, 0x75, 0x6e, 0x41, 0x6c,
-	0x6c, 0x51, 0x75, 0x65, 0x72, 0x69, 0x65, 0x73, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65,
-	0x22, 0x00, 0x12, 0x2b, 0x0a, 0x06, 0x47, 0x65, 0x74, 0x45, 0x6e, 0x76, 0x12, 0x0e, 0x2e, 0x47,
-	0x65, 0x74, 0x45, 0x6e, 0x76, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x0f, 0x2e, 0x47,
-	0x65, 0x74, 0x45, 0x6e, 0x76, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x22, 0x00, 0x12,
-	0x42, 0x0a, 0x0f, 0x47, 0x65, 0x74, 0x52, 0x65, 0x70, 0x6f, 0x72, 0x74, 0x53, 0x74, 0x72, 0x65,
-	0x61, 0x6d, 0x12, 0x14, 0x2e, 0x52, 0x65, 0x70, 0x6f, 0x72, 0x74, 0x53, 0x74, 0x72, 0x65, 0x61,
-	0x6d, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x15, 0x2e, 0x52, 0x65, 0x70, 0x6f, 0x72,
-	0x74, 0x53, 0x74, 0x72, 0x65, 0x61, 0x6d, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x22,
-	0x00, 0x30, 0x01, 0x12, 0x42, 0x0a, 0x13, 0x47, 0x65, 0x74, 0x52, 0x65, 0x70, 0x6f, 0x72, 0x74,
-	0x4c, 0x69, 0x73, 0x74, 0x53, 0x74, 0x72, 0x65, 0x61, 0x6d, 0x12, 0x12, 0x2e, 0x52, 0x65, 0x70,
-	0x6f, 0x72, 0x74, 0x4c, 0x69, 0x73, 0x74, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x13,
-	0x2e, 0x52, 0x65, 0x70, 0x6f, 0x72, 0x74, 0x4c, 0x69, 0x73, 0x74, 0x52, 0x65, 0x73, 0x70, 0x6f,
-	0x6e, 0x73, 0x65, 0x22, 0x00, 0x30, 0x01, 0x12, 0x42, 0x0a, 0x0d, 0x47, 0x65, 0x74, 0x55, 0x73,
-	0x65, 0x72, 0x53, 0x74, 0x72, 0x65, 0x61, 0x6d, 0x12, 0x15, 0x2e, 0x47, 0x65, 0x74, 0x55, 0x73,
-	0x65, 0x72, 0x53, 0x74, 0x72, 0x65, 0x61, 0x6d, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a,
-	0x16, 0x2e, 0x47, 0x65, 0x74, 0x55, 0x73, 0x65, 0x72, 0x53, 0x74, 0x72, 0x65, 0x61, 0x6d, 0x52,
-	0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x22, 0x00, 0x30, 0x01, 0x12, 0x31, 0x0a, 0x08, 0x47,
-	0x65, 0x74, 0x55, 0x73, 0x61, 0x67, 0x65, 0x12, 0x10, 0x2e, 0x47, 0x65, 0x74, 0x55, 0x73, 0x61,
-	0x67, 0x65, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x11, 0x2e, 0x47, 0x65, 0x74, 0x55,
-	0x73, 0x61, 0x67, 0x65, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x22, 0x00, 0x12, 0x49,
-	0x0a, 0x10, 0x43, 0x72, 0x65, 0x61, 0x74, 0x65, 0x43, 0x6f, 0x6e, 0x6e, 0x65, 0x63, 0x74, 0x69,
-	0x6f, 0x6e, 0x12, 0x18, 0x2e, 0x43, 0x72, 0x65, 0x61, 0x74, 0x65, 0x43, 0x6f, 0x6e, 0x6e, 0x65,
-	0x63, 0x74, 0x69, 0x6f, 0x6e, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x19, 0x2e, 0x43,
-	0x72, 0x65, 0x61, 0x74, 0x65, 0x43, 0x6f, 0x6e, 0x6e, 0x65, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x52,
-	0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x22, 0x00, 0x12, 0x4c, 0x0a, 0x11, 0x47, 0x65, 0x74,
-	0x47, 0x63, 0x70, 0x50, 0x72, 0x6f, 0x6a, 0x65, 0x63, 0x74, 0x4c, 0x69, 0x73, 0x74, 0x12, 0x19,
-	0x2e, 0x47, 0x65, 0x74, 0x47, 0x63, 0x70, 0x50, 0x72, 0x6f, 0x6a, 0x65, 0x63, 0x74, 0x4c, 0x69,
-	0x73, 0x74, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x1a, 0x2e, 0x47, 0x65, 0x74, 0x47,
-	0x63, 0x70, 0x50, 0x72, 0x6f, 0x6a, 0x65, 0x63, 0x74, 0x4c, 0x69, 0x73, 0x74, 0x52, 0x65, 0x73,
-	0x70, 0x6f, 0x6e, 0x73, 0x65, 0x22, 0x00, 0x12, 0x49, 0x0a, 0x10, 0x55, 0x70, 0x64, 0x61, 0x74,
-	0x65, 0x43, 0x6f, 0x6e, 0x6e, 0x65, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x12, 0x18, 0x2e, 0x55, 0x70,
-	0x64, 0x61, 0x74, 0x65, 0x43, 0x6f, 0x6e, 0x6e, 0x65, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x52, 0x65,
-	0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x19, 0x2e, 0x55, 0x70, 0x64, 0x61, 0x74, 0x65, 0x43, 0x6f,
-	0x6e, 0x6e, 0x65, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65,
-	0x22, 0x00, 0x12, 0x4c, 0x0a, 0x11, 0x41, 0x72, 0x63, 0x68, 0x69, 0x76, 0x65, 0x43, 0x6f, 0x6e,
-	0x6e, 0x65, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x12, 0x19, 0x2e, 0x41, 0x72, 0x63, 0x68, 0x69, 0x76,
-	0x65, 0x43, 0x6f, 0x6e, 0x6e, 0x65, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x52, 0x65, 0x71, 0x75, 0x65,
-	0x73, 0x74, 0x1a, 0x1a, 0x2e, 0x41, 0x72, 0x63, 0x68, 0x69, 0x76, 0x65, 0x43, 0x6f, 0x6e, 0x6e,
-	0x65, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x22, 0x00,
-	0x12, 0x4c, 0x0a, 0x11, 0x47, 0x65, 0x74, 0x43, 0x6f, 0x6e, 0x6e, 0x65, 0x63, 0x74, 0x69, 0x6f,
-	0x6e, 0x4c, 0x69, 0x73, 0x74, 0x12, 0x19, 0x2e, 0x47, 0x65, 0x74, 0x43, 0x6f, 0x6e, 0x6e, 0x65,
-	0x63, 0x74, 0x69, 0x6f, 0x6e, 0x4c, 0x69, 0x73, 0x74, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74,
-	0x1a, 0x1a, 0x2e, 0x47, 0x65, 0x74, 0x43, 0x6f, 0x6e, 0x6e, 0x65, 0x63, 0x74, 0x69, 0x6f, 0x6e,
-	0x4c, 0x69, 0x73, 0x74, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x22, 0x00, 0x12, 0x43,
-	0x0a, 0x0e, 0x54, 0x65, 0x73, 0x74, 0x43, 0x6f, 0x6e, 0x6e, 0x65, 0x63, 0x74, 0x69, 0x6f, 0x6e,
-	0x12, 0x16, 0x2e, 0x54, 0x65, 0x73, 0x74, 0x43, 0x6f, 0x6e, 0x6e, 0x65, 0x63, 0x74, 0x69, 0x6f,
-	0x6e, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x17, 0x2e, 0x54, 0x65, 0x73, 0x74, 0x43,
+	0x4f, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x22, 0x82, 0x02, 0x0a, 0x14, 0x52, 0x65, 0x70, 0x6f,
+	0x72, 0x74, 0x53, 0x74, 0x72, 0x65, 0x61, 0x6d, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65,
+	0x12, 0x1f, 0x0a, 0x06, 0x72, 0x65, 0x70, 0x6f, 0x72, 0x74, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0b,
+	0x32, 0x07, 0x2e, 0x52, 0x65, 0x70, 0x6f, 0x72, 0x74, 0x52, 0x06, 0x72, 0x65, 0x70, 0x6f, 0x72,
+	0x74, 0x12, 0x20, 0x0a, 0x07, 0x71, 0x75, 0x65, 0x72, 0x69, 0x65, 0x73, 0x18, 0x02, 0x20, 0x03,
+	0x28, 0x0b, 0x32, 0x06, 0x2e, 0x51, 0x75, 0x65, 0x72, 0x79, 0x52, 0x07, 0x71, 0x75, 0x65, 0x72,
+	0x69, 0x65, 0x73, 0x12, 0x35, 0x0a, 0x0e, 0x73, 0x74, 0x72, 0x65, 0x61, 0x6d, 0x5f, 0x6f, 0x70,
+	0x74, 0x69, 0x6f, 0x6e, 0x73, 0x18, 0x03, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x0e, 0x2e, 0x53, 0x74,
+	0x72, 0x65, 0x61, 0x6d, 0x4f, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x52, 0x0d, 0x73, 0x74, 0x72,
+	0x65, 0x61, 0x6d, 0x4f, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x12, 0x24, 0x0a, 0x08, 0x64, 0x61,
+	0x74, 0x61, 0x73, 0x65, 0x74, 0x73, 0x18, 0x04, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x08, 0x2e, 0x44,
+	0x61, 0x74, 0x61, 0x73, 0x65, 0x74, 0x52, 0x08, 0x64, 0x61, 0x74, 0x61, 0x73, 0x65, 0x74, 0x73,
+	0x12, 0x1b, 0x0a, 0x05, 0x66, 0x69, 0x6c, 0x65, 0x73, 0x18, 0x05, 0x20, 0x03, 0x28, 0x0b, 0x32,
+	0x05, 0x2e, 0x46, 0x69, 0x6c, 0x65, 0x52, 0x05, 0x66, 0x69, 0x6c, 0x65, 0x73, 0x12, 0x2d, 0x0a,
+	0x0b, 0x63, 0x6f, 0x6e, 0x6e, 0x65, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x18, 0x06, 0x20, 0x03,
+	0x28, 0x0b, 0x32, 0x0b, 0x2e, 0x43, 0x6f, 0x6e, 0x6e, 0x65, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x52,
+	0x0b, 0x63, 0x6f, 0x6e, 0x6e, 0x65, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x22, 0x30, 0x0a, 0x11,
+	0x46, 0x6f, 0x72, 0x6b, 0x52, 0x65, 0x70, 0x6f, 0x72, 0x74, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73,
+	0x74, 0x12, 0x1b, 0x0a, 0x09, 0x72, 0x65, 0x70, 0x6f, 0x72, 0x74, 0x5f, 0x69, 0x64, 0x18, 0x01,
+	0x20, 0x01, 0x28, 0x09, 0x52, 0x08, 0x72, 0x65, 0x70, 0x6f, 0x72, 0x74, 0x49, 0x64, 0x22, 0x31,
+	0x0a, 0x12, 0x46, 0x6f, 0x72, 0x6b, 0x52, 0x65, 0x70, 0x6f, 0x72, 0x74, 0x52, 0x65, 0x73, 0x70,
+	0x6f, 0x6e, 0x73, 0x65, 0x12, 0x1b, 0x0a, 0x09, 0x72, 0x65, 0x70, 0x6f, 0x72, 0x74, 0x5f, 0x69,
+	0x64, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x08, 0x72, 0x65, 0x70, 0x6f, 0x72, 0x74, 0x49,
+	0x64, 0x22, 0x15, 0x0a, 0x13, 0x43, 0x72, 0x65, 0x61, 0x74, 0x65, 0x52, 0x65, 0x70, 0x6f, 0x72,
+	0x74, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x22, 0x37, 0x0a, 0x14, 0x43, 0x72, 0x65, 0x61,
+	0x74, 0x65, 0x52, 0x65, 0x70, 0x6f, 0x72, 0x74, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65,
+	0x12, 0x1f, 0x0a, 0x06, 0x72, 0x65, 0x70, 0x6f, 0x72, 0x74, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0b,
+	0x32, 0x07, 0x2e, 0x52, 0x65, 0x70, 0x6f, 0x72, 0x74, 0x52, 0x06, 0x72, 0x65, 0x70, 0x6f, 0x72,
+	0x74, 0x32, 0xe9, 0x0d, 0x0a, 0x06, 0x44, 0x65, 0x6b, 0x61, 0x72, 0x74, 0x12, 0x3d, 0x0a, 0x0c,
+	0x43, 0x72, 0x65, 0x61, 0x74, 0x65, 0x52, 0x65, 0x70, 0x6f, 0x72, 0x74, 0x12, 0x14, 0x2e, 0x43,
+	0x72, 0x65, 0x61, 0x74, 0x65, 0x52, 0x65, 0x70, 0x6f, 0x72, 0x74, 0x52, 0x65, 0x71, 0x75, 0x65,
+	0x73, 0x74, 0x1a, 0x15, 0x2e, 0x43, 0x72, 0x65, 0x61, 0x74, 0x65, 0x52, 0x65, 0x70, 0x6f, 0x72,
+	0x74, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x22, 0x00, 0x12, 0x37, 0x0a, 0x0a, 0x46,
+	0x6f, 0x72, 0x6b, 0x52, 0x65, 0x70, 0x6f, 0x72, 0x74, 0x12, 0x12, 0x2e, 0x46, 0x6f, 0x72, 0x6b,
+	0x52, 0x65, 0x70, 0x6f, 0x72, 0x74, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x13, 0x2e,
+	0x46, 0x6f, 0x72, 0x6b, 0x52, 0x65, 0x70, 0x6f, 0x72, 0x74, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e,
+	0x73, 0x65, 0x22, 0x00, 0x12, 0x3d, 0x0a, 0x0c, 0x55, 0x70, 0x64, 0x61, 0x74, 0x65, 0x52, 0x65,
+	0x70, 0x6f, 0x72, 0x74, 0x12, 0x14, 0x2e, 0x55, 0x70, 0x64, 0x61, 0x74, 0x65, 0x52, 0x65, 0x70,
+	0x6f, 0x72, 0x74, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x15, 0x2e, 0x55, 0x70, 0x64,
+	0x61, 0x74, 0x65, 0x52, 0x65, 0x70, 0x6f, 0x72, 0x74, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73,
+	0x65, 0x22, 0x00, 0x12, 0x40, 0x0a, 0x0d, 0x41, 0x72, 0x63, 0x68, 0x69, 0x76, 0x65, 0x52, 0x65,
+	0x70, 0x6f, 0x72, 0x74, 0x12, 0x15, 0x2e, 0x41, 0x72, 0x63, 0x68, 0x69, 0x76, 0x65, 0x52, 0x65,
+	0x70, 0x6f, 0x72, 0x74, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x16, 0x2e, 0x41, 0x72,
+	0x63, 0x68, 0x69, 0x76, 0x65, 0x52, 0x65, 0x70, 0x6f, 0x72, 0x74, 0x52, 0x65, 0x73, 0x70, 0x6f,
+	0x6e, 0x73, 0x65, 0x22, 0x00, 0x12, 0x46, 0x0a, 0x0f, 0x53, 0x65, 0x74, 0x44, 0x69, 0x73, 0x63,
+	0x6f, 0x76, 0x65, 0x72, 0x61, 0x62, 0x6c, 0x65, 0x12, 0x17, 0x2e, 0x53, 0x65, 0x74, 0x44, 0x69,
+	0x73, 0x63, 0x6f, 0x76, 0x65, 0x72, 0x61, 0x62, 0x6c, 0x65, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73,
+	0x74, 0x1a, 0x18, 0x2e, 0x53, 0x65, 0x74, 0x44, 0x69, 0x73, 0x63, 0x6f, 0x76, 0x65, 0x72, 0x61,
+	0x62, 0x6c, 0x65, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x22, 0x00, 0x12, 0x40, 0x0a,
+	0x0d, 0x43, 0x72, 0x65, 0x61, 0x74, 0x65, 0x44, 0x61, 0x74, 0x61, 0x73, 0x65, 0x74, 0x12, 0x15,
+	0x2e, 0x43, 0x72, 0x65, 0x61, 0x74, 0x65, 0x44, 0x61, 0x74, 0x61, 0x73, 0x65, 0x74, 0x52, 0x65,
+	0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x16, 0x2e, 0x43, 0x72, 0x65, 0x61, 0x74, 0x65, 0x44, 0x61,
+	0x74, 0x61, 0x73, 0x65, 0x74, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x22, 0x00, 0x12,
+	0x40, 0x0a, 0x0d, 0x52, 0x65, 0x6d, 0x6f, 0x76, 0x65, 0x44, 0x61, 0x74, 0x61, 0x73, 0x65, 0x74,
+	0x12, 0x15, 0x2e, 0x52, 0x65, 0x6d, 0x6f, 0x76, 0x65, 0x44, 0x61, 0x74, 0x61, 0x73, 0x65, 0x74,
+	0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x16, 0x2e, 0x52, 0x65, 0x6d, 0x6f, 0x76, 0x65,
+	0x44, 0x61, 0x74, 0x61, 0x73, 0x65, 0x74, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x22,
+	0x00, 0x12, 0x4c, 0x0a, 0x11, 0x55, 0x70, 0x64, 0x61, 0x74, 0x65, 0x44, 0x61, 0x74, 0x61, 0x73,
+	0x65, 0x74, 0x4e, 0x61, 0x6d, 0x65, 0x12, 0x19, 0x2e, 0x55, 0x70, 0x64, 0x61, 0x74, 0x65, 0x44,
+	0x61, 0x74, 0x61, 0x73, 0x65, 0x74, 0x4e, 0x61, 0x6d, 0x65, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73,
+	0x74, 0x1a, 0x1a, 0x2e, 0x55, 0x70, 0x64, 0x61, 0x74, 0x65, 0x44, 0x61, 0x74, 0x61, 0x73, 0x65,
+	0x74, 0x4e, 0x61, 0x6d, 0x65, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x22, 0x00, 0x12,
+	0x5e, 0x0a, 0x17, 0x55, 0x70, 0x64, 0x61, 0x74, 0x65, 0x44, 0x61, 0x74, 0x61, 0x73, 0x65, 0x74,
+	0x43, 0x6f, 0x6e, 0x6e, 0x65, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x12, 0x1f, 0x2e, 0x55, 0x70, 0x64,
+	0x61, 0x74, 0x65, 0x44, 0x61, 0x74, 0x61, 0x73, 0x65, 0x74, 0x43, 0x6f, 0x6e, 0x6e, 0x65, 0x63,
+	0x74, 0x69, 0x6f, 0x6e, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x20, 0x2e, 0x55, 0x70,
+	0x64, 0x61, 0x74, 0x65, 0x44, 0x61, 0x74, 0x61, 0x73, 0x65, 0x74, 0x43, 0x6f, 0x6e, 0x6e, 0x65,
+	0x63, 0x74, 0x69, 0x6f, 0x6e, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x22, 0x00, 0x12,
+	0x37, 0x0a, 0x0a, 0x43, 0x72, 0x65, 0x61, 0x74, 0x65, 0x46, 0x69, 0x6c, 0x65, 0x12, 0x12, 0x2e,
+	0x43, 0x72, 0x65, 0x61, 0x74, 0x65, 0x46, 0x69, 0x6c, 0x65, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73,
+	0x74, 0x1a, 0x13, 0x2e, 0x43, 0x72, 0x65, 0x61, 0x74, 0x65, 0x46, 0x69, 0x6c, 0x65, 0x52, 0x65,
+	0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x22, 0x00, 0x12, 0x3a, 0x0a, 0x0b, 0x43, 0x72, 0x65, 0x61,
+	0x74, 0x65, 0x51, 0x75, 0x65, 0x72, 0x79, 0x12, 0x13, 0x2e, 0x43, 0x72, 0x65, 0x61, 0x74, 0x65,
+	0x51, 0x75, 0x65, 0x72, 0x79, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x14, 0x2e, 0x43,
+	0x72, 0x65, 0x61, 0x74, 0x65, 0x51, 0x75, 0x65, 0x72, 0x79, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e,
+	0x73, 0x65, 0x22, 0x00, 0x12, 0x31, 0x0a, 0x08, 0x52, 0x75, 0x6e, 0x51, 0x75, 0x65, 0x72, 0x79,
+	0x12, 0x10, 0x2e, 0x52, 0x75, 0x6e, 0x51, 0x75, 0x65, 0x72, 0x79, 0x52, 0x65, 0x71, 0x75, 0x65,
+	0x73, 0x74, 0x1a, 0x11, 0x2e, 0x52, 0x75, 0x6e, 0x51, 0x75, 0x65, 0x72, 0x79, 0x52, 0x65, 0x73,
+	0x70, 0x6f, 0x6e, 0x73, 0x65, 0x22, 0x00, 0x12, 0x3a, 0x0a, 0x0b, 0x43, 0x61, 0x6e, 0x63, 0x65,
+	0x6c, 0x51, 0x75, 0x65, 0x72, 0x79, 0x12, 0x13, 0x2e, 0x43, 0x61, 0x6e, 0x63, 0x65, 0x6c, 0x51,
+	0x75, 0x65, 0x72, 0x79, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x14, 0x2e, 0x43, 0x61,
+	0x6e, 0x63, 0x65, 0x6c, 0x51, 0x75, 0x65, 0x72, 0x79, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73,
+	0x65, 0x22, 0x00, 0x12, 0x40, 0x0a, 0x0d, 0x52, 0x75, 0x6e, 0x41, 0x6c, 0x6c, 0x51, 0x75, 0x65,
+	0x72, 0x69, 0x65, 0x73, 0x12, 0x15, 0x2e, 0x52, 0x75, 0x6e, 0x41, 0x6c, 0x6c, 0x51, 0x75, 0x65,
+	0x72, 0x69, 0x65, 0x73, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x16, 0x2e, 0x52, 0x75,
+	0x6e, 0x41, 0x6c, 0x6c, 0x51, 0x75, 0x65, 0x72, 0x69, 0x65, 0x73, 0x52, 0x65, 0x73, 0x70, 0x6f,
+	0x6e, 0x73, 0x65, 0x22, 0x00, 0x12, 0x2b, 0x0a, 0x06, 0x47, 0x65, 0x74, 0x45, 0x6e, 0x76, 0x12,
+	0x0e, 0x2e, 0x47, 0x65, 0x74, 0x45, 0x6e, 0x76, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a,
+	0x0f, 0x2e, 0x47, 0x65, 0x74, 0x45, 0x6e, 0x76, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65,
+	0x22, 0x00, 0x12, 0x42, 0x0a, 0x0f, 0x47, 0x65, 0x74, 0x52, 0x65, 0x70, 0x6f, 0x72, 0x74, 0x53,
+	0x74, 0x72, 0x65, 0x61, 0x6d, 0x12, 0x14, 0x2e, 0x52, 0x65, 0x70, 0x6f, 0x72, 0x74, 0x53, 0x74,
+	0x72, 0x65, 0x61, 0x6d, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x15, 0x2e, 0x52, 0x65,
+	0x70, 0x6f, 0x72, 0x74, 0x53, 0x74, 0x72, 0x65, 0x61, 0x6d, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e,
+	0x73, 0x65, 0x22, 0x00, 0x30, 0x01, 0x12, 0x42, 0x0a, 0x13, 0x47, 0x65, 0x74, 0x52, 0x65, 0x70,
+	0x6f, 0x72, 0x74, 0x4c, 0x69, 0x73, 0x74, 0x53, 0x74, 0x72, 0x65, 0x61, 0x6d, 0x12, 0x12, 0x2e,
+	0x52, 0x65, 0x70, 0x6f, 0x72, 0x74, 0x4c, 0x69, 0x73, 0x74, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73,
+	0x74, 0x1a, 0x13, 0x2e, 0x52, 0x65, 0x70, 0x6f, 0x72, 0x74, 0x4c, 0x69, 0x73, 0x74, 0x52, 0x65,
+	0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x22, 0x00, 0x30, 0x01, 0x12, 0x42, 0x0a, 0x0d, 0x47, 0x65,
+	0x74, 0x55, 0x73, 0x65, 0x72, 0x53, 0x74, 0x72, 0x65, 0x61, 0x6d, 0x12, 0x15, 0x2e, 0x47, 0x65,
+	0x74, 0x55, 0x73, 0x65, 0x72, 0x53, 0x74, 0x72, 0x65, 0x61, 0x6d, 0x52, 0x65, 0x71, 0x75, 0x65,
+	0x73, 0x74, 0x1a, 0x16, 0x2e, 0x47, 0x65, 0x74, 0x55, 0x73, 0x65, 0x72, 0x53, 0x74, 0x72, 0x65,
+	0x61, 0x6d, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x22, 0x00, 0x30, 0x01, 0x12, 0x31,
+	0x0a, 0x08, 0x47, 0x65, 0x74, 0x55, 0x73, 0x61, 0x67, 0x65, 0x12, 0x10, 0x2e, 0x47, 0x65, 0x74,
+	0x55, 0x73, 0x61, 0x67, 0x65, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x11, 0x2e, 0x47,
+	0x65, 0x74, 0x55, 0x73, 0x61, 0x67, 0x65, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x22,
+	0x00, 0x12, 0x49, 0x0a, 0x10, 0x43, 0x72, 0x65, 0x61, 0x74, 0x65, 0x43, 0x6f, 0x6e, 0x6e, 0x65,
+	0x63, 0x74, 0x69, 0x6f, 0x6e, 0x12, 0x18, 0x2e, 0x43, 0x72, 0x65, 0x61, 0x74, 0x65, 0x43, 0x6f,
+	0x6e, 0x6e, 0x65, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a,
+	0x19, 0x2e, 0x43, 0x72, 0x65, 0x61, 0x74, 0x65, 0x43, 0x6f, 0x6e, 0x6e, 0x65, 0x63, 0x74, 0x69,
+	0x6f, 0x6e, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x22, 0x00, 0x12, 0x4c, 0x0a, 0x11,
+	0x47, 0x65, 0x74, 0x47, 0x63, 0x70, 0x50, 0x72, 0x6f, 0x6a, 0x65, 0x63, 0x74, 0x4c, 0x69, 0x73,
+	0x74, 0x12, 0x19, 0x2e, 0x47, 0x65, 0x74, 0x47, 0x63, 0x70, 0x50, 0x72, 0x6f, 0x6a, 0x65, 0x63,
+	0x74, 0x4c, 0x69, 0x73, 0x74, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x1a, 0x2e, 0x47,
+	0x65, 0x74, 0x47, 0x63, 0x70, 0x50, 0x72, 0x6f, 0x6a, 0x65, 0x63, 0x74, 0x4c, 0x69, 0x73, 0x74,
+	0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x22, 0x00, 0x12, 0x49, 0x0a, 0x10, 0x55, 0x70,
+	0x64, 0x61, 0x74, 0x65, 0x43, 0x6f, 0x6e, 0x6e, 0x65, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x12, 0x18,
+	0x2e, 0x55, 0x70, 0x64, 0x61, 0x74, 0x65, 0x43, 0x6f, 0x6e, 0x6e, 0x65, 0x63, 0x74, 0x69, 0x6f,
+	0x6e, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x19, 0x2e, 0x55, 0x70, 0x64, 0x61, 0x74,
+	0x65, 0x43, 0x6f, 0x6e, 0x6e, 0x65, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x52, 0x65, 0x73, 0x70, 0x6f,
+	0x6e, 0x73, 0x65, 0x22, 0x00, 0x12, 0x4c, 0x0a, 0x11, 0x41, 0x72, 0x63, 0x68, 0x69, 0x76, 0x65,
+	0x43, 0x6f, 0x6e, 0x6e, 0x65, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x12, 0x19, 0x2e, 0x41, 0x72, 0x63,
+	0x68, 0x69, 0x76, 0x65, 0x43, 0x6f, 0x6e, 0x6e, 0x65, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x52, 0x65,
+	0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x1a, 0x2e, 0x41, 0x72, 0x63, 0x68, 0x69, 0x76, 0x65, 0x43,
 	0x6f, 0x6e, 0x6e, 0x65, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73,
-	0x65, 0x22, 0x00, 0x12, 0x55, 0x0a, 0x14, 0x53, 0x65, 0x74, 0x44, 0x65, 0x66, 0x61, 0x75, 0x6c,
-	0x74, 0x43, 0x6f, 0x6e, 0x6e, 0x65, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x12, 0x1c, 0x2e, 0x53, 0x65,
-	0x74, 0x44, 0x65, 0x66, 0x61, 0x75, 0x6c, 0x74, 0x43, 0x6f, 0x6e, 0x6e, 0x65, 0x63, 0x74, 0x69,
-	0x6f, 0x6e, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x1d, 0x2e, 0x53, 0x65, 0x74, 0x44,
-	0x65, 0x66, 0x61, 0x75, 0x6c, 0x74, 0x43, 0x6f, 0x6e, 0x6e, 0x65, 0x63, 0x74, 0x69, 0x6f, 0x6e,
-	0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x22, 0x00, 0x42, 0x09, 0x5a, 0x07, 0x2e, 0x2f,
-	0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x06, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x33,
+	0x65, 0x22, 0x00, 0x12, 0x4c, 0x0a, 0x11, 0x47, 0x65, 0x74, 0x43, 0x6f, 0x6e, 0x6e, 0x65, 0x63,
+	0x74, 0x69, 0x6f, 0x6e, 0x4c, 0x69, 0x73, 0x74, 0x12, 0x19, 0x2e, 0x47, 0x65, 0x74, 0x43, 0x6f,
+	0x6e, 0x6e, 0x65, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x4c, 0x69, 0x73, 0x74, 0x52, 0x65, 0x71, 0x75,
+	0x65, 0x73, 0x74, 0x1a, 0x1a, 0x2e, 0x47, 0x65, 0x74, 0x43, 0x6f, 0x6e, 0x6e, 0x65, 0x63, 0x74,
+	0x69, 0x6f, 0x6e, 0x4c, 0x69, 0x73, 0x74, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x22,
+	0x00, 0x12, 0x43, 0x0a, 0x0e, 0x54, 0x65, 0x73, 0x74, 0x43, 0x6f, 0x6e, 0x6e, 0x65, 0x63, 0x74,
+	0x69, 0x6f, 0x6e, 0x12, 0x16, 0x2e, 0x54, 0x65, 0x73, 0x74, 0x43, 0x6f, 0x6e, 0x6e, 0x65, 0x63,
+	0x74, 0x69, 0x6f, 0x6e, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x17, 0x2e, 0x54, 0x65,
+	0x73, 0x74, 0x43, 0x6f, 0x6e, 0x6e, 0x65, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x52, 0x65, 0x73, 0x70,
+	0x6f, 0x6e, 0x73, 0x65, 0x22, 0x00, 0x12, 0x55, 0x0a, 0x14, 0x53, 0x65, 0x74, 0x44, 0x65, 0x66,
+	0x61, 0x75, 0x6c, 0x74, 0x43, 0x6f, 0x6e, 0x6e, 0x65, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x12, 0x1c,
+	0x2e, 0x53, 0x65, 0x74, 0x44, 0x65, 0x66, 0x61, 0x75, 0x6c, 0x74, 0x43, 0x6f, 0x6e, 0x6e, 0x65,
+	0x63, 0x74, 0x69, 0x6f, 0x6e, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x1d, 0x2e, 0x53,
+	0x65, 0x74, 0x44, 0x65, 0x66, 0x61, 0x75, 0x6c, 0x74, 0x43, 0x6f, 0x6e, 0x6e, 0x65, 0x63, 0x74,
+	0x69, 0x6f, 0x6e, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x22, 0x00, 0x42, 0x09, 0x5a,
+	0x07, 0x2e, 0x2f, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x06, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x33,
 }
 
 var (
@@ -4189,163 +4399,167 @@ func file_proto_dekart_proto_rawDescGZIP() []byte {
 	return file_proto_dekart_proto_rawDescData
 }
 
-var file_proto_dekart_proto_enumTypes = make([]protoimpl.EnumInfo, 5)
-var file_proto_dekart_proto_msgTypes = make([]protoimpl.MessageInfo, 61)
+var file_proto_dekart_proto_enumTypes = make([]protoimpl.EnumInfo, 6)
+var file_proto_dekart_proto_msgTypes = make([]protoimpl.MessageInfo, 62)
 var file_proto_dekart_proto_goTypes = []interface{}{
-	(GetEnvResponse_Variable_Type)(0),       // 0: GetEnvResponse.Variable.Type
-	(AuthState_Action)(0),                   // 1: AuthState.Action
-	(Query_JobStatus)(0),                    // 2: Query.JobStatus
-	(Query_QuerySource)(0),                  // 3: Query.QuerySource
-	(File_Status)(0),                        // 4: File.Status
-	(*GetGcpProjectListRequest)(nil),        // 5: GetGcpProjectListRequest
-	(*GetGcpProjectListResponse)(nil),       // 6: GetGcpProjectListResponse
-	(*SetDefaultConnectionRequest)(nil),     // 7: SetDefaultConnectionRequest
-	(*SetDefaultConnectionResponse)(nil),    // 8: SetDefaultConnectionResponse
-	(*RunAllQueriesRequest)(nil),            // 9: RunAllQueriesRequest
-	(*RunAllQueriesResponse)(nil),           // 10: RunAllQueriesResponse
-	(*GetConnectionListRequest)(nil),        // 11: GetConnectionListRequest
-	(*GetConnectionListResponse)(nil),       // 12: GetConnectionListResponse
-	(*GetUserStreamRequest)(nil),            // 13: GetUserStreamRequest
-	(*GetUserStreamResponse)(nil),           // 14: GetUserStreamResponse
-	(*TestConnectionRequest)(nil),           // 15: TestConnectionRequest
-	(*TestConnectionResponse)(nil),          // 16: TestConnectionResponse
-	(*ArchiveConnectionRequest)(nil),        // 17: ArchiveConnectionRequest
-	(*ArchiveConnectionResponse)(nil),       // 18: ArchiveConnectionResponse
-	(*UpdateConnectionRequest)(nil),         // 19: UpdateConnectionRequest
-	(*UpdateConnectionResponse)(nil),        // 20: UpdateConnectionResponse
-	(*CreateConnectionRequest)(nil),         // 21: CreateConnectionRequest
-	(*CreateConnectionResponse)(nil),        // 22: CreateConnectionResponse
-	(*Connection)(nil),                      // 23: Connection
-	(*GetUsageRequest)(nil),                 // 24: GetUsageRequest
-	(*GetUsageResponse)(nil),                // 25: GetUsageResponse
-	(*SetDiscoverableRequest)(nil),          // 26: SetDiscoverableRequest
-	(*SetDiscoverableResponse)(nil),         // 27: SetDiscoverableResponse
-	(*RemoveDatasetRequest)(nil),            // 28: RemoveDatasetRequest
-	(*RemoveDatasetResponse)(nil),           // 29: RemoveDatasetResponse
-	(*StreamOptions)(nil),                   // 30: StreamOptions
-	(*GetEnvRequest)(nil),                   // 31: GetEnvRequest
-	(*GetEnvResponse)(nil),                  // 32: GetEnvResponse
-	(*RedirectState)(nil),                   // 33: RedirectState
-	(*AuthState)(nil),                       // 34: AuthState
-	(*ArchiveReportRequest)(nil),            // 35: ArchiveReportRequest
-	(*ArchiveReportResponse)(nil),           // 36: ArchiveReportResponse
-	(*ReportListRequest)(nil),               // 37: ReportListRequest
-	(*ReportListResponse)(nil),              // 38: ReportListResponse
-	(*Report)(nil),                          // 39: Report
-	(*Dataset)(nil),                         // 40: Dataset
-	(*Query)(nil),                           // 41: Query
-	(*File)(nil),                            // 42: File
-	(*UpdateReportRequest)(nil),             // 43: UpdateReportRequest
-	(*UpdateReportResponse)(nil),            // 44: UpdateReportResponse
-	(*RunQueryRequest)(nil),                 // 45: RunQueryRequest
-	(*RunQueryResponse)(nil),                // 46: RunQueryResponse
-	(*CancelQueryRequest)(nil),              // 47: CancelQueryRequest
-	(*CancelQueryResponse)(nil),             // 48: CancelQueryResponse
-	(*UpdateDatasetNameRequest)(nil),        // 49: UpdateDatasetNameRequest
-	(*UpdateDatasetNameResponse)(nil),       // 50: UpdateDatasetNameResponse
-	(*UpdateDatasetConnectionRequest)(nil),  // 51: UpdateDatasetConnectionRequest
-	(*UpdateDatasetConnectionResponse)(nil), // 52: UpdateDatasetConnectionResponse
-	(*CreateDatasetRequest)(nil),            // 53: CreateDatasetRequest
-	(*CreateDatasetResponse)(nil),           // 54: CreateDatasetResponse
-	(*CreateFileRequest)(nil),               // 55: CreateFileRequest
-	(*CreateFileResponse)(nil),              // 56: CreateFileResponse
-	(*CreateQueryRequest)(nil),              // 57: CreateQueryRequest
-	(*CreateQueryResponse)(nil),             // 58: CreateQueryResponse
-	(*ReportStreamRequest)(nil),             // 59: ReportStreamRequest
-	(*ReportStreamResponse)(nil),            // 60: ReportStreamResponse
-	(*ForkReportRequest)(nil),               // 61: ForkReportRequest
-	(*ForkReportResponse)(nil),              // 62: ForkReportResponse
-	(*CreateReportRequest)(nil),             // 63: CreateReportRequest
-	(*CreateReportResponse)(nil),            // 64: CreateReportResponse
-	(*GetEnvResponse_Variable)(nil),         // 65: GetEnvResponse.Variable
+	(Connection_ConnectionType)(0),          // 0: Connection.ConnectionType
+	(GetEnvResponse_Variable_Type)(0),       // 1: GetEnvResponse.Variable.Type
+	(AuthState_Action)(0),                   // 2: AuthState.Action
+	(Query_JobStatus)(0),                    // 3: Query.JobStatus
+	(Query_QuerySource)(0),                  // 4: Query.QuerySource
+	(File_Status)(0),                        // 5: File.Status
+	(*GetGcpProjectListRequest)(nil),        // 6: GetGcpProjectListRequest
+	(*GetGcpProjectListResponse)(nil),       // 7: GetGcpProjectListResponse
+	(*SetDefaultConnectionRequest)(nil),     // 8: SetDefaultConnectionRequest
+	(*SetDefaultConnectionResponse)(nil),    // 9: SetDefaultConnectionResponse
+	(*RunAllQueriesRequest)(nil),            // 10: RunAllQueriesRequest
+	(*RunAllQueriesResponse)(nil),           // 11: RunAllQueriesResponse
+	(*GetConnectionListRequest)(nil),        // 12: GetConnectionListRequest
+	(*GetConnectionListResponse)(nil),       // 13: GetConnectionListResponse
+	(*GetUserStreamRequest)(nil),            // 14: GetUserStreamRequest
+	(*GetUserStreamResponse)(nil),           // 15: GetUserStreamResponse
+	(*TestConnectionRequest)(nil),           // 16: TestConnectionRequest
+	(*TestConnectionResponse)(nil),          // 17: TestConnectionResponse
+	(*ArchiveConnectionRequest)(nil),        // 18: ArchiveConnectionRequest
+	(*ArchiveConnectionResponse)(nil),       // 19: ArchiveConnectionResponse
+	(*UpdateConnectionRequest)(nil),         // 20: UpdateConnectionRequest
+	(*UpdateConnectionResponse)(nil),        // 21: UpdateConnectionResponse
+	(*CreateConnectionRequest)(nil),         // 22: CreateConnectionRequest
+	(*CreateConnectionResponse)(nil),        // 23: CreateConnectionResponse
+	(*Connection)(nil),                      // 24: Connection
+	(*Secret)(nil),                          // 25: Secret
+	(*GetUsageRequest)(nil),                 // 26: GetUsageRequest
+	(*GetUsageResponse)(nil),                // 27: GetUsageResponse
+	(*SetDiscoverableRequest)(nil),          // 28: SetDiscoverableRequest
+	(*SetDiscoverableResponse)(nil),         // 29: SetDiscoverableResponse
+	(*RemoveDatasetRequest)(nil),            // 30: RemoveDatasetRequest
+	(*RemoveDatasetResponse)(nil),           // 31: RemoveDatasetResponse
+	(*StreamOptions)(nil),                   // 32: StreamOptions
+	(*GetEnvRequest)(nil),                   // 33: GetEnvRequest
+	(*GetEnvResponse)(nil),                  // 34: GetEnvResponse
+	(*RedirectState)(nil),                   // 35: RedirectState
+	(*AuthState)(nil),                       // 36: AuthState
+	(*ArchiveReportRequest)(nil),            // 37: ArchiveReportRequest
+	(*ArchiveReportResponse)(nil),           // 38: ArchiveReportResponse
+	(*ReportListRequest)(nil),               // 39: ReportListRequest
+	(*ReportListResponse)(nil),              // 40: ReportListResponse
+	(*Report)(nil),                          // 41: Report
+	(*Dataset)(nil),                         // 42: Dataset
+	(*Query)(nil),                           // 43: Query
+	(*File)(nil),                            // 44: File
+	(*UpdateReportRequest)(nil),             // 45: UpdateReportRequest
+	(*UpdateReportResponse)(nil),            // 46: UpdateReportResponse
+	(*RunQueryRequest)(nil),                 // 47: RunQueryRequest
+	(*RunQueryResponse)(nil),                // 48: RunQueryResponse
+	(*CancelQueryRequest)(nil),              // 49: CancelQueryRequest
+	(*CancelQueryResponse)(nil),             // 50: CancelQueryResponse
+	(*UpdateDatasetNameRequest)(nil),        // 51: UpdateDatasetNameRequest
+	(*UpdateDatasetNameResponse)(nil),       // 52: UpdateDatasetNameResponse
+	(*UpdateDatasetConnectionRequest)(nil),  // 53: UpdateDatasetConnectionRequest
+	(*UpdateDatasetConnectionResponse)(nil), // 54: UpdateDatasetConnectionResponse
+	(*CreateDatasetRequest)(nil),            // 55: CreateDatasetRequest
+	(*CreateDatasetResponse)(nil),           // 56: CreateDatasetResponse
+	(*CreateFileRequest)(nil),               // 57: CreateFileRequest
+	(*CreateFileResponse)(nil),              // 58: CreateFileResponse
+	(*CreateQueryRequest)(nil),              // 59: CreateQueryRequest
+	(*CreateQueryResponse)(nil),             // 60: CreateQueryResponse
+	(*ReportStreamRequest)(nil),             // 61: ReportStreamRequest
+	(*ReportStreamResponse)(nil),            // 62: ReportStreamResponse
+	(*ForkReportRequest)(nil),               // 63: ForkReportRequest
+	(*ForkReportResponse)(nil),              // 64: ForkReportResponse
+	(*CreateReportRequest)(nil),             // 65: CreateReportRequest
+	(*CreateReportResponse)(nil),            // 66: CreateReportResponse
+	(*GetEnvResponse_Variable)(nil),         // 67: GetEnvResponse.Variable
 }
 var file_proto_dekart_proto_depIdxs = []int32{
-	23, // 0: GetConnectionListResponse.connections:type_name -> Connection
-	30, // 1: GetUserStreamRequest.stream_options:type_name -> StreamOptions
-	30, // 2: GetUserStreamResponse.stream_options:type_name -> StreamOptions
-	23, // 3: TestConnectionRequest.connection:type_name -> Connection
-	23, // 4: UpdateConnectionRequest.connection:type_name -> Connection
-	23, // 5: UpdateConnectionResponse.connection:type_name -> Connection
-	23, // 6: CreateConnectionRequest.connection:type_name -> Connection
-	23, // 7: CreateConnectionResponse.connection:type_name -> Connection
-	65, // 8: GetEnvResponse.variables:type_name -> GetEnvResponse.Variable
-	1,  // 9: AuthState.action:type_name -> AuthState.Action
-	30, // 10: ReportListRequest.stream_options:type_name -> StreamOptions
-	39, // 11: ReportListResponse.reports:type_name -> Report
-	30, // 12: ReportListResponse.stream_options:type_name -> StreamOptions
-	2,  // 13: Query.job_status:type_name -> Query.JobStatus
-	3,  // 14: Query.query_source:type_name -> Query.QuerySource
-	4,  // 15: File.file_status:type_name -> File.Status
-	39, // 16: UpdateReportRequest.report:type_name -> Report
-	41, // 17: UpdateReportRequest.query:type_name -> Query
-	41, // 18: CreateQueryResponse.query:type_name -> Query
-	39, // 19: ReportStreamRequest.report:type_name -> Report
-	30, // 20: ReportStreamRequest.stream_options:type_name -> StreamOptions
-	39, // 21: ReportStreamResponse.report:type_name -> Report
-	41, // 22: ReportStreamResponse.queries:type_name -> Query
-	30, // 23: ReportStreamResponse.stream_options:type_name -> StreamOptions
-	40, // 24: ReportStreamResponse.datasets:type_name -> Dataset
-	42, // 25: ReportStreamResponse.files:type_name -> File
-	23, // 26: ReportStreamResponse.connections:type_name -> Connection
-	39, // 27: CreateReportResponse.report:type_name -> Report
-	0,  // 28: GetEnvResponse.Variable.type:type_name -> GetEnvResponse.Variable.Type
-	63, // 29: Dekart.CreateReport:input_type -> CreateReportRequest
-	61, // 30: Dekart.ForkReport:input_type -> ForkReportRequest
-	43, // 31: Dekart.UpdateReport:input_type -> UpdateReportRequest
-	35, // 32: Dekart.ArchiveReport:input_type -> ArchiveReportRequest
-	26, // 33: Dekart.SetDiscoverable:input_type -> SetDiscoverableRequest
-	53, // 34: Dekart.CreateDataset:input_type -> CreateDatasetRequest
-	28, // 35: Dekart.RemoveDataset:input_type -> RemoveDatasetRequest
-	49, // 36: Dekart.UpdateDatasetName:input_type -> UpdateDatasetNameRequest
-	51, // 37: Dekart.UpdateDatasetConnection:input_type -> UpdateDatasetConnectionRequest
-	55, // 38: Dekart.CreateFile:input_type -> CreateFileRequest
-	57, // 39: Dekart.CreateQuery:input_type -> CreateQueryRequest
-	45, // 40: Dekart.RunQuery:input_type -> RunQueryRequest
-	47, // 41: Dekart.CancelQuery:input_type -> CancelQueryRequest
-	9,  // 42: Dekart.RunAllQueries:input_type -> RunAllQueriesRequest
-	31, // 43: Dekart.GetEnv:input_type -> GetEnvRequest
-	59, // 44: Dekart.GetReportStream:input_type -> ReportStreamRequest
-	37, // 45: Dekart.GetReportListStream:input_type -> ReportListRequest
-	13, // 46: Dekart.GetUserStream:input_type -> GetUserStreamRequest
-	24, // 47: Dekart.GetUsage:input_type -> GetUsageRequest
-	21, // 48: Dekart.CreateConnection:input_type -> CreateConnectionRequest
-	5,  // 49: Dekart.GetGcpProjectList:input_type -> GetGcpProjectListRequest
-	19, // 50: Dekart.UpdateConnection:input_type -> UpdateConnectionRequest
-	17, // 51: Dekart.ArchiveConnection:input_type -> ArchiveConnectionRequest
-	11, // 52: Dekart.GetConnectionList:input_type -> GetConnectionListRequest
-	15, // 53: Dekart.TestConnection:input_type -> TestConnectionRequest
-	7,  // 54: Dekart.SetDefaultConnection:input_type -> SetDefaultConnectionRequest
-	64, // 55: Dekart.CreateReport:output_type -> CreateReportResponse
-	62, // 56: Dekart.ForkReport:output_type -> ForkReportResponse
-	44, // 57: Dekart.UpdateReport:output_type -> UpdateReportResponse
-	36, // 58: Dekart.ArchiveReport:output_type -> ArchiveReportResponse
-	27, // 59: Dekart.SetDiscoverable:output_type -> SetDiscoverableResponse
-	54, // 60: Dekart.CreateDataset:output_type -> CreateDatasetResponse
-	29, // 61: Dekart.RemoveDataset:output_type -> RemoveDatasetResponse
-	50, // 62: Dekart.UpdateDatasetName:output_type -> UpdateDatasetNameResponse
-	52, // 63: Dekart.UpdateDatasetConnection:output_type -> UpdateDatasetConnectionResponse
-	56, // 64: Dekart.CreateFile:output_type -> CreateFileResponse
-	58, // 65: Dekart.CreateQuery:output_type -> CreateQueryResponse
-	46, // 66: Dekart.RunQuery:output_type -> RunQueryResponse
-	48, // 67: Dekart.CancelQuery:output_type -> CancelQueryResponse
-	10, // 68: Dekart.RunAllQueries:output_type -> RunAllQueriesResponse
-	32, // 69: Dekart.GetEnv:output_type -> GetEnvResponse
-	60, // 70: Dekart.GetReportStream:output_type -> ReportStreamResponse
-	38, // 71: Dekart.GetReportListStream:output_type -> ReportListResponse
-	14, // 72: Dekart.GetUserStream:output_type -> GetUserStreamResponse
-	25, // 73: Dekart.GetUsage:output_type -> GetUsageResponse
-	22, // 74: Dekart.CreateConnection:output_type -> CreateConnectionResponse
-	6,  // 75: Dekart.GetGcpProjectList:output_type -> GetGcpProjectListResponse
-	20, // 76: Dekart.UpdateConnection:output_type -> UpdateConnectionResponse
-	18, // 77: Dekart.ArchiveConnection:output_type -> ArchiveConnectionResponse
-	12, // 78: Dekart.GetConnectionList:output_type -> GetConnectionListResponse
-	16, // 79: Dekart.TestConnection:output_type -> TestConnectionResponse
-	8,  // 80: Dekart.SetDefaultConnection:output_type -> SetDefaultConnectionResponse
-	55, // [55:81] is the sub-list for method output_type
-	29, // [29:55] is the sub-list for method input_type
-	29, // [29:29] is the sub-list for extension type_name
-	29, // [29:29] is the sub-list for extension extendee
-	0,  // [0:29] is the sub-list for field type_name
+	24, // 0: GetConnectionListResponse.connections:type_name -> Connection
+	32, // 1: GetUserStreamRequest.stream_options:type_name -> StreamOptions
+	32, // 2: GetUserStreamResponse.stream_options:type_name -> StreamOptions
+	24, // 3: TestConnectionRequest.connection:type_name -> Connection
+	24, // 4: UpdateConnectionRequest.connection:type_name -> Connection
+	24, // 5: UpdateConnectionResponse.connection:type_name -> Connection
+	24, // 6: CreateConnectionRequest.connection:type_name -> Connection
+	24, // 7: CreateConnectionResponse.connection:type_name -> Connection
+	0,  // 8: Connection.connection_type:type_name -> Connection.ConnectionType
+	25, // 9: Connection.snowflake_password:type_name -> Secret
+	67, // 10: GetEnvResponse.variables:type_name -> GetEnvResponse.Variable
+	2,  // 11: AuthState.action:type_name -> AuthState.Action
+	32, // 12: ReportListRequest.stream_options:type_name -> StreamOptions
+	41, // 13: ReportListResponse.reports:type_name -> Report
+	32, // 14: ReportListResponse.stream_options:type_name -> StreamOptions
+	3,  // 15: Query.job_status:type_name -> Query.JobStatus
+	4,  // 16: Query.query_source:type_name -> Query.QuerySource
+	5,  // 17: File.file_status:type_name -> File.Status
+	41, // 18: UpdateReportRequest.report:type_name -> Report
+	43, // 19: UpdateReportRequest.query:type_name -> Query
+	43, // 20: CreateQueryResponse.query:type_name -> Query
+	41, // 21: ReportStreamRequest.report:type_name -> Report
+	32, // 22: ReportStreamRequest.stream_options:type_name -> StreamOptions
+	41, // 23: ReportStreamResponse.report:type_name -> Report
+	43, // 24: ReportStreamResponse.queries:type_name -> Query
+	32, // 25: ReportStreamResponse.stream_options:type_name -> StreamOptions
+	42, // 26: ReportStreamResponse.datasets:type_name -> Dataset
+	44, // 27: ReportStreamResponse.files:type_name -> File
+	24, // 28: ReportStreamResponse.connections:type_name -> Connection
+	41, // 29: CreateReportResponse.report:type_name -> Report
+	1,  // 30: GetEnvResponse.Variable.type:type_name -> GetEnvResponse.Variable.Type
+	65, // 31: Dekart.CreateReport:input_type -> CreateReportRequest
+	63, // 32: Dekart.ForkReport:input_type -> ForkReportRequest
+	45, // 33: Dekart.UpdateReport:input_type -> UpdateReportRequest
+	37, // 34: Dekart.ArchiveReport:input_type -> ArchiveReportRequest
+	28, // 35: Dekart.SetDiscoverable:input_type -> SetDiscoverableRequest
+	55, // 36: Dekart.CreateDataset:input_type -> CreateDatasetRequest
+	30, // 37: Dekart.RemoveDataset:input_type -> RemoveDatasetRequest
+	51, // 38: Dekart.UpdateDatasetName:input_type -> UpdateDatasetNameRequest
+	53, // 39: Dekart.UpdateDatasetConnection:input_type -> UpdateDatasetConnectionRequest
+	57, // 40: Dekart.CreateFile:input_type -> CreateFileRequest
+	59, // 41: Dekart.CreateQuery:input_type -> CreateQueryRequest
+	47, // 42: Dekart.RunQuery:input_type -> RunQueryRequest
+	49, // 43: Dekart.CancelQuery:input_type -> CancelQueryRequest
+	10, // 44: Dekart.RunAllQueries:input_type -> RunAllQueriesRequest
+	33, // 45: Dekart.GetEnv:input_type -> GetEnvRequest
+	61, // 46: Dekart.GetReportStream:input_type -> ReportStreamRequest
+	39, // 47: Dekart.GetReportListStream:input_type -> ReportListRequest
+	14, // 48: Dekart.GetUserStream:input_type -> GetUserStreamRequest
+	26, // 49: Dekart.GetUsage:input_type -> GetUsageRequest
+	22, // 50: Dekart.CreateConnection:input_type -> CreateConnectionRequest
+	6,  // 51: Dekart.GetGcpProjectList:input_type -> GetGcpProjectListRequest
+	20, // 52: Dekart.UpdateConnection:input_type -> UpdateConnectionRequest
+	18, // 53: Dekart.ArchiveConnection:input_type -> ArchiveConnectionRequest
+	12, // 54: Dekart.GetConnectionList:input_type -> GetConnectionListRequest
+	16, // 55: Dekart.TestConnection:input_type -> TestConnectionRequest
+	8,  // 56: Dekart.SetDefaultConnection:input_type -> SetDefaultConnectionRequest
+	66, // 57: Dekart.CreateReport:output_type -> CreateReportResponse
+	64, // 58: Dekart.ForkReport:output_type -> ForkReportResponse
+	46, // 59: Dekart.UpdateReport:output_type -> UpdateReportResponse
+	38, // 60: Dekart.ArchiveReport:output_type -> ArchiveReportResponse
+	29, // 61: Dekart.SetDiscoverable:output_type -> SetDiscoverableResponse
+	56, // 62: Dekart.CreateDataset:output_type -> CreateDatasetResponse
+	31, // 63: Dekart.RemoveDataset:output_type -> RemoveDatasetResponse
+	52, // 64: Dekart.UpdateDatasetName:output_type -> UpdateDatasetNameResponse
+	54, // 65: Dekart.UpdateDatasetConnection:output_type -> UpdateDatasetConnectionResponse
+	58, // 66: Dekart.CreateFile:output_type -> CreateFileResponse
+	60, // 67: Dekart.CreateQuery:output_type -> CreateQueryResponse
+	48, // 68: Dekart.RunQuery:output_type -> RunQueryResponse
+	50, // 69: Dekart.CancelQuery:output_type -> CancelQueryResponse
+	11, // 70: Dekart.RunAllQueries:output_type -> RunAllQueriesResponse
+	34, // 71: Dekart.GetEnv:output_type -> GetEnvResponse
+	62, // 72: Dekart.GetReportStream:output_type -> ReportStreamResponse
+	40, // 73: Dekart.GetReportListStream:output_type -> ReportListResponse
+	15, // 74: Dekart.GetUserStream:output_type -> GetUserStreamResponse
+	27, // 75: Dekart.GetUsage:output_type -> GetUsageResponse
+	23, // 76: Dekart.CreateConnection:output_type -> CreateConnectionResponse
+	7,  // 77: Dekart.GetGcpProjectList:output_type -> GetGcpProjectListResponse
+	21, // 78: Dekart.UpdateConnection:output_type -> UpdateConnectionResponse
+	19, // 79: Dekart.ArchiveConnection:output_type -> ArchiveConnectionResponse
+	13, // 80: Dekart.GetConnectionList:output_type -> GetConnectionListResponse
+	17, // 81: Dekart.TestConnection:output_type -> TestConnectionResponse
+	9,  // 82: Dekart.SetDefaultConnection:output_type -> SetDefaultConnectionResponse
+	57, // [57:83] is the sub-list for method output_type
+	31, // [31:57] is the sub-list for method input_type
+	31, // [31:31] is the sub-list for extension type_name
+	31, // [31:31] is the sub-list for extension extendee
+	0,  // [0:31] is the sub-list for field type_name
 }
 
 func init() { file_proto_dekart_proto_init() }
@@ -4583,7 +4797,7 @@ func file_proto_dekart_proto_init() {
 			}
 		}
 		file_proto_dekart_proto_msgTypes[19].Exporter = func(v interface{}, i int) interface{} {
-			switch v := v.(*GetUsageRequest); i {
+			switch v := v.(*Secret); i {
 			case 0:
 				return &v.state
 			case 1:
@@ -4595,7 +4809,7 @@ func file_proto_dekart_proto_init() {
 			}
 		}
 		file_proto_dekart_proto_msgTypes[20].Exporter = func(v interface{}, i int) interface{} {
-			switch v := v.(*GetUsageResponse); i {
+			switch v := v.(*GetUsageRequest); i {
 			case 0:
 				return &v.state
 			case 1:
@@ -4607,7 +4821,7 @@ func file_proto_dekart_proto_init() {
 			}
 		}
 		file_proto_dekart_proto_msgTypes[21].Exporter = func(v interface{}, i int) interface{} {
-			switch v := v.(*SetDiscoverableRequest); i {
+			switch v := v.(*GetUsageResponse); i {
 			case 0:
 				return &v.state
 			case 1:
@@ -4619,7 +4833,7 @@ func file_proto_dekart_proto_init() {
 			}
 		}
 		file_proto_dekart_proto_msgTypes[22].Exporter = func(v interface{}, i int) interface{} {
-			switch v := v.(*SetDiscoverableResponse); i {
+			switch v := v.(*SetDiscoverableRequest); i {
 			case 0:
 				return &v.state
 			case 1:
@@ -4631,7 +4845,7 @@ func file_proto_dekart_proto_init() {
 			}
 		}
 		file_proto_dekart_proto_msgTypes[23].Exporter = func(v interface{}, i int) interface{} {
-			switch v := v.(*RemoveDatasetRequest); i {
+			switch v := v.(*SetDiscoverableResponse); i {
 			case 0:
 				return &v.state
 			case 1:
@@ -4643,7 +4857,7 @@ func file_proto_dekart_proto_init() {
 			}
 		}
 		file_proto_dekart_proto_msgTypes[24].Exporter = func(v interface{}, i int) interface{} {
-			switch v := v.(*RemoveDatasetResponse); i {
+			switch v := v.(*RemoveDatasetRequest); i {
 			case 0:
 				return &v.state
 			case 1:
@@ -4655,7 +4869,7 @@ func file_proto_dekart_proto_init() {
 			}
 		}
 		file_proto_dekart_proto_msgTypes[25].Exporter = func(v interface{}, i int) interface{} {
-			switch v := v.(*StreamOptions); i {
+			switch v := v.(*RemoveDatasetResponse); i {
 			case 0:
 				return &v.state
 			case 1:
@@ -4667,7 +4881,7 @@ func file_proto_dekart_proto_init() {
 			}
 		}
 		file_proto_dekart_proto_msgTypes[26].Exporter = func(v interface{}, i int) interface{} {
-			switch v := v.(*GetEnvRequest); i {
+			switch v := v.(*StreamOptions); i {
 			case 0:
 				return &v.state
 			case 1:
@@ -4679,7 +4893,7 @@ func file_proto_dekart_proto_init() {
 			}
 		}
 		file_proto_dekart_proto_msgTypes[27].Exporter = func(v interface{}, i int) interface{} {
-			switch v := v.(*GetEnvResponse); i {
+			switch v := v.(*GetEnvRequest); i {
 			case 0:
 				return &v.state
 			case 1:
@@ -4691,7 +4905,7 @@ func file_proto_dekart_proto_init() {
 			}
 		}
 		file_proto_dekart_proto_msgTypes[28].Exporter = func(v interface{}, i int) interface{} {
-			switch v := v.(*RedirectState); i {
+			switch v := v.(*GetEnvResponse); i {
 			case 0:
 				return &v.state
 			case 1:
@@ -4703,7 +4917,7 @@ func file_proto_dekart_proto_init() {
 			}
 		}
 		file_proto_dekart_proto_msgTypes[29].Exporter = func(v interface{}, i int) interface{} {
-			switch v := v.(*AuthState); i {
+			switch v := v.(*RedirectState); i {
 			case 0:
 				return &v.state
 			case 1:
@@ -4715,7 +4929,7 @@ func file_proto_dekart_proto_init() {
 			}
 		}
 		file_proto_dekart_proto_msgTypes[30].Exporter = func(v interface{}, i int) interface{} {
-			switch v := v.(*ArchiveReportRequest); i {
+			switch v := v.(*AuthState); i {
 			case 0:
 				return &v.state
 			case 1:
@@ -4727,7 +4941,7 @@ func file_proto_dekart_proto_init() {
 			}
 		}
 		file_proto_dekart_proto_msgTypes[31].Exporter = func(v interface{}, i int) interface{} {
-			switch v := v.(*ArchiveReportResponse); i {
+			switch v := v.(*ArchiveReportRequest); i {
 			case 0:
 				return &v.state
 			case 1:
@@ -4739,7 +4953,7 @@ func file_proto_dekart_proto_init() {
 			}
 		}
 		file_proto_dekart_proto_msgTypes[32].Exporter = func(v interface{}, i int) interface{} {
-			switch v := v.(*ReportListRequest); i {
+			switch v := v.(*ArchiveReportResponse); i {
 			case 0:
 				return &v.state
 			case 1:
@@ -4751,7 +4965,7 @@ func file_proto_dekart_proto_init() {
 			}
 		}
 		file_proto_dekart_proto_msgTypes[33].Exporter = func(v interface{}, i int) interface{} {
-			switch v := v.(*ReportListResponse); i {
+			switch v := v.(*ReportListRequest); i {
 			case 0:
 				return &v.state
 			case 1:
@@ -4763,7 +4977,7 @@ func file_proto_dekart_proto_init() {
 			}
 		}
 		file_proto_dekart_proto_msgTypes[34].Exporter = func(v interface{}, i int) interface{} {
-			switch v := v.(*Report); i {
+			switch v := v.(*ReportListResponse); i {
 			case 0:
 				return &v.state
 			case 1:
@@ -4775,7 +4989,7 @@ func file_proto_dekart_proto_init() {
 			}
 		}
 		file_proto_dekart_proto_msgTypes[35].Exporter = func(v interface{}, i int) interface{} {
-			switch v := v.(*Dataset); i {
+			switch v := v.(*Report); i {
 			case 0:
 				return &v.state
 			case 1:
@@ -4787,7 +5001,7 @@ func file_proto_dekart_proto_init() {
 			}
 		}
 		file_proto_dekart_proto_msgTypes[36].Exporter = func(v interface{}, i int) interface{} {
-			switch v := v.(*Query); i {
+			switch v := v.(*Dataset); i {
 			case 0:
 				return &v.state
 			case 1:
@@ -4799,7 +5013,7 @@ func file_proto_dekart_proto_init() {
 			}
 		}
 		file_proto_dekart_proto_msgTypes[37].Exporter = func(v interface{}, i int) interface{} {
-			switch v := v.(*File); i {
+			switch v := v.(*Query); i {
 			case 0:
 				return &v.state
 			case 1:
@@ -4811,7 +5025,7 @@ func file_proto_dekart_proto_init() {
 			}
 		}
 		file_proto_dekart_proto_msgTypes[38].Exporter = func(v interface{}, i int) interface{} {
-			switch v := v.(*UpdateReportRequest); i {
+			switch v := v.(*File); i {
 			case 0:
 				return &v.state
 			case 1:
@@ -4823,7 +5037,7 @@ func file_proto_dekart_proto_init() {
 			}
 		}
 		file_proto_dekart_proto_msgTypes[39].Exporter = func(v interface{}, i int) interface{} {
-			switch v := v.(*UpdateReportResponse); i {
+			switch v := v.(*UpdateReportRequest); i {
 			case 0:
 				return &v.state
 			case 1:
@@ -4835,7 +5049,7 @@ func file_proto_dekart_proto_init() {
 			}
 		}
 		file_proto_dekart_proto_msgTypes[40].Exporter = func(v interface{}, i int) interface{} {
-			switch v := v.(*RunQueryRequest); i {
+			switch v := v.(*UpdateReportResponse); i {
 			case 0:
 				return &v.state
 			case 1:
@@ -4847,7 +5061,7 @@ func file_proto_dekart_proto_init() {
 			}
 		}
 		file_proto_dekart_proto_msgTypes[41].Exporter = func(v interface{}, i int) interface{} {
-			switch v := v.(*RunQueryResponse); i {
+			switch v := v.(*RunQueryRequest); i {
 			case 0:
 				return &v.state
 			case 1:
@@ -4859,7 +5073,7 @@ func file_proto_dekart_proto_init() {
 			}
 		}
 		file_proto_dekart_proto_msgTypes[42].Exporter = func(v interface{}, i int) interface{} {
-			switch v := v.(*CancelQueryRequest); i {
+			switch v := v.(*RunQueryResponse); i {
 			case 0:
 				return &v.state
 			case 1:
@@ -4871,7 +5085,7 @@ func file_proto_dekart_proto_init() {
 			}
 		}
 		file_proto_dekart_proto_msgTypes[43].Exporter = func(v interface{}, i int) interface{} {
-			switch v := v.(*CancelQueryResponse); i {
+			switch v := v.(*CancelQueryRequest); i {
 			case 0:
 				return &v.state
 			case 1:
@@ -4883,7 +5097,7 @@ func file_proto_dekart_proto_init() {
 			}
 		}
 		file_proto_dekart_proto_msgTypes[44].Exporter = func(v interface{}, i int) interface{} {
-			switch v := v.(*UpdateDatasetNameRequest); i {
+			switch v := v.(*CancelQueryResponse); i {
 			case 0:
 				return &v.state
 			case 1:
@@ -4895,7 +5109,7 @@ func file_proto_dekart_proto_init() {
 			}
 		}
 		file_proto_dekart_proto_msgTypes[45].Exporter = func(v interface{}, i int) interface{} {
-			switch v := v.(*UpdateDatasetNameResponse); i {
+			switch v := v.(*UpdateDatasetNameRequest); i {
 			case 0:
 				return &v.state
 			case 1:
@@ -4907,7 +5121,7 @@ func file_proto_dekart_proto_init() {
 			}
 		}
 		file_proto_dekart_proto_msgTypes[46].Exporter = func(v interface{}, i int) interface{} {
-			switch v := v.(*UpdateDatasetConnectionRequest); i {
+			switch v := v.(*UpdateDatasetNameResponse); i {
 			case 0:
 				return &v.state
 			case 1:
@@ -4919,7 +5133,7 @@ func file_proto_dekart_proto_init() {
 			}
 		}
 		file_proto_dekart_proto_msgTypes[47].Exporter = func(v interface{}, i int) interface{} {
-			switch v := v.(*UpdateDatasetConnectionResponse); i {
+			switch v := v.(*UpdateDatasetConnectionRequest); i {
 			case 0:
 				return &v.state
 			case 1:
@@ -4931,7 +5145,7 @@ func file_proto_dekart_proto_init() {
 			}
 		}
 		file_proto_dekart_proto_msgTypes[48].Exporter = func(v interface{}, i int) interface{} {
-			switch v := v.(*CreateDatasetRequest); i {
+			switch v := v.(*UpdateDatasetConnectionResponse); i {
 			case 0:
 				return &v.state
 			case 1:
@@ -4943,7 +5157,7 @@ func file_proto_dekart_proto_init() {
 			}
 		}
 		file_proto_dekart_proto_msgTypes[49].Exporter = func(v interface{}, i int) interface{} {
-			switch v := v.(*CreateDatasetResponse); i {
+			switch v := v.(*CreateDatasetRequest); i {
 			case 0:
 				return &v.state
 			case 1:
@@ -4955,7 +5169,7 @@ func file_proto_dekart_proto_init() {
 			}
 		}
 		file_proto_dekart_proto_msgTypes[50].Exporter = func(v interface{}, i int) interface{} {
-			switch v := v.(*CreateFileRequest); i {
+			switch v := v.(*CreateDatasetResponse); i {
 			case 0:
 				return &v.state
 			case 1:
@@ -4967,7 +5181,7 @@ func file_proto_dekart_proto_init() {
 			}
 		}
 		file_proto_dekart_proto_msgTypes[51].Exporter = func(v interface{}, i int) interface{} {
-			switch v := v.(*CreateFileResponse); i {
+			switch v := v.(*CreateFileRequest); i {
 			case 0:
 				return &v.state
 			case 1:
@@ -4979,7 +5193,7 @@ func file_proto_dekart_proto_init() {
 			}
 		}
 		file_proto_dekart_proto_msgTypes[52].Exporter = func(v interface{}, i int) interface{} {
-			switch v := v.(*CreateQueryRequest); i {
+			switch v := v.(*CreateFileResponse); i {
 			case 0:
 				return &v.state
 			case 1:
@@ -4991,7 +5205,7 @@ func file_proto_dekart_proto_init() {
 			}
 		}
 		file_proto_dekart_proto_msgTypes[53].Exporter = func(v interface{}, i int) interface{} {
-			switch v := v.(*CreateQueryResponse); i {
+			switch v := v.(*CreateQueryRequest); i {
 			case 0:
 				return &v.state
 			case 1:
@@ -5003,7 +5217,7 @@ func file_proto_dekart_proto_init() {
 			}
 		}
 		file_proto_dekart_proto_msgTypes[54].Exporter = func(v interface{}, i int) interface{} {
-			switch v := v.(*ReportStreamRequest); i {
+			switch v := v.(*CreateQueryResponse); i {
 			case 0:
 				return &v.state
 			case 1:
@@ -5015,7 +5229,7 @@ func file_proto_dekart_proto_init() {
 			}
 		}
 		file_proto_dekart_proto_msgTypes[55].Exporter = func(v interface{}, i int) interface{} {
-			switch v := v.(*ReportStreamResponse); i {
+			switch v := v.(*ReportStreamRequest); i {
 			case 0:
 				return &v.state
 			case 1:
@@ -5027,7 +5241,7 @@ func file_proto_dekart_proto_init() {
 			}
 		}
 		file_proto_dekart_proto_msgTypes[56].Exporter = func(v interface{}, i int) interface{} {
-			switch v := v.(*ForkReportRequest); i {
+			switch v := v.(*ReportStreamResponse); i {
 			case 0:
 				return &v.state
 			case 1:
@@ -5039,7 +5253,7 @@ func file_proto_dekart_proto_init() {
 			}
 		}
 		file_proto_dekart_proto_msgTypes[57].Exporter = func(v interface{}, i int) interface{} {
-			switch v := v.(*ForkReportResponse); i {
+			switch v := v.(*ForkReportRequest); i {
 			case 0:
 				return &v.state
 			case 1:
@@ -5051,7 +5265,7 @@ func file_proto_dekart_proto_init() {
 			}
 		}
 		file_proto_dekart_proto_msgTypes[58].Exporter = func(v interface{}, i int) interface{} {
-			switch v := v.(*CreateReportRequest); i {
+			switch v := v.(*ForkReportResponse); i {
 			case 0:
 				return &v.state
 			case 1:
@@ -5063,7 +5277,7 @@ func file_proto_dekart_proto_init() {
 			}
 		}
 		file_proto_dekart_proto_msgTypes[59].Exporter = func(v interface{}, i int) interface{} {
-			switch v := v.(*CreateReportResponse); i {
+			switch v := v.(*CreateReportRequest); i {
 			case 0:
 				return &v.state
 			case 1:
@@ -5075,6 +5289,18 @@ func file_proto_dekart_proto_init() {
 			}
 		}
 		file_proto_dekart_proto_msgTypes[60].Exporter = func(v interface{}, i int) interface{} {
+			switch v := v.(*CreateReportResponse); i {
+			case 0:
+				return &v.state
+			case 1:
+				return &v.sizeCache
+			case 2:
+				return &v.unknownFields
+			default:
+				return nil
+			}
+		}
+		file_proto_dekart_proto_msgTypes[61].Exporter = func(v interface{}, i int) interface{} {
 			switch v := v.(*GetEnvResponse_Variable); i {
 			case 0:
 				return &v.state
@@ -5092,8 +5318,8 @@ func file_proto_dekart_proto_init() {
 		File: protoimpl.DescBuilder{
 			GoPackagePath: reflect.TypeOf(x{}).PkgPath(),
 			RawDescriptor: file_proto_dekart_proto_rawDesc,
-			NumEnums:      5,
-			NumMessages:   61,
+			NumEnums:      6,
+			NumMessages:   62,
 			NumExtensions: 0,
 			NumServices:   1,
 		},
diff --git a/src/proto/dekart_pb.d.ts b/src/proto/dekart_pb.d.ts
index dd683cf..6ad846c 100644
--- a/src/proto/dekart_pb.d.ts
+++ b/src/proto/dekart_pb.d.ts
@@ -185,12 +185,6 @@ export class GetUserStreamResponse extends jspb.Message {
   getEmail(): string;
   setEmail(value: string): void;
 
-  getSensitiveScopesGranted(): boolean;
-  setSensitiveScopesGranted(value: boolean): void;
-
-  getSensitiveScopesGrantedOnce(): boolean;
-  setSensitiveScopesGrantedOnce(value: boolean): void;
-
   serializeBinary(): Uint8Array;
   toObject(includeInstance?: boolean): GetUserStreamResponse.AsObject;
   static toObject(includeInstance: boolean, msg: GetUserStreamResponse): GetUserStreamResponse.AsObject;
@@ -206,8 +200,6 @@ export namespace GetUserStreamResponse {
     streamOptions?: StreamOptions.AsObject,
     connectionUpdate: number,
     email: string,
-    sensitiveScopesGranted: boolean,
-    sensitiveScopesGrantedOnce: boolean,
   }
 }
 
@@ -412,6 +404,23 @@ export class Connection extends jspb.Message {
   getCanStoreFiles(): boolean;
   setCanStoreFiles(value: boolean): void;
 
+  getConnectionType(): Connection.ConnectionTypeMap[keyof Connection.ConnectionTypeMap];
+  setConnectionType(value: Connection.ConnectionTypeMap[keyof Connection.ConnectionTypeMap]): void;
+
+  getSnowflakeAccountId(): string;
+  setSnowflakeAccountId(value: string): void;
+
+  getSnowflakeUsername(): string;
+  setSnowflakeUsername(value: string): void;
+
+  hasSnowflakePassword(): boolean;
+  clearSnowflakePassword(): void;
+  getSnowflakePassword(): Secret | undefined;
+  setSnowflakePassword(value?: Secret): void;
+
+  getSnowflakeWarehouse(): string;
+  setSnowflakeWarehouse(value: string): void;
+
   serializeBinary(): Uint8Array;
   toObject(includeInstance?: boolean): Connection.AsObject;
   static toObject(includeInstance: boolean, msg: Connection): Connection.AsObject;
@@ -434,6 +443,47 @@ export namespace Connection {
     updatedAt: number,
     datasetCount: number,
     canStoreFiles: boolean,
+    connectionType: Connection.ConnectionTypeMap[keyof Connection.ConnectionTypeMap],
+    snowflakeAccountId: string,
+    snowflakeUsername: string,
+    snowflakePassword?: Secret.AsObject,
+    snowflakeWarehouse: string,
+  }
+
+  export interface ConnectionTypeMap {
+    CONNECTION_TYPE_UNSPECIFIED: 0;
+    CONNECTION_TYPE_BIGQUERY: 1;
+    CONNECTION_TYPE_SNOWFLAKE: 2;
+  }
+
+  export const ConnectionType: ConnectionTypeMap;
+}
+
+export class Secret extends jspb.Message {
+  getClientEncrypted(): string;
+  setClientEncrypted(value: string): void;
+
+  getServerEncrypted(): string;
+  setServerEncrypted(value: string): void;
+
+  getLength(): number;
+  setLength(value: number): void;
+
+  serializeBinary(): Uint8Array;
+  toObject(includeInstance?: boolean): Secret.AsObject;
+  static toObject(includeInstance: boolean, msg: Secret): Secret.AsObject;
+  static extensions: {[key: number]: jspb.ExtensionFieldInfo<jspb.Message>};
+  static extensionsBinary: {[key: number]: jspb.ExtensionFieldBinaryInfo<jspb.Message>};
+  static serializeBinaryToWriter(message: Secret, writer: jspb.BinaryWriter): void;
+  static deserializeBinary(bytes: Uint8Array): Secret;
+  static deserializeBinaryFromReader(message: Secret, reader: jspb.BinaryReader): Secret;
+}
+
+export namespace Secret {
+  export type AsObject = {
+    clientEncrypted: string,
+    serverEncrypted: string,
+    length: number,
   }
 }
 
@@ -666,6 +716,10 @@ export namespace GetEnvResponse {
       TYPE_UX_ACCESS_ERROR_INFO_HTML: 13;
       TYPE_UX_NOT_FOUND_ERROR_INFO_HTML: 14;
       TYPE_UX_SAMPLE_QUERY_SQL: 15;
+      TYPE_AES_KEY: 16;
+      TYPE_AES_IV: 17;
+      TYPE_AUTH_ENABLED: 18;
+      TYPE_USER_DEFINED_CONNECTION: 19;
     }
 
     export const Type: TypeMap;
@@ -679,6 +733,9 @@ export class RedirectState extends jspb.Message {
   getError(): string;
   setError(value: string): void;
 
+  getSensitiveScopesGranted(): boolean;
+  setSensitiveScopesGranted(value: boolean): void;
+
   serializeBinary(): Uint8Array;
   toObject(includeInstance?: boolean): RedirectState.AsObject;
   static toObject(includeInstance: boolean, msg: RedirectState): RedirectState.AsObject;
@@ -693,6 +750,7 @@ export namespace RedirectState {
   export type AsObject = {
     tokenJson: string,
     error: string,
+    sensitiveScopesGranted: boolean,
   }
 }
 
@@ -873,6 +931,12 @@ export class Report extends jspb.Message {
   getUpdatedAt(): number;
   setUpdatedAt(value: number): void;
 
+  getIsSharable(): boolean;
+  setIsSharable(value: boolean): void;
+
+  getNeedSensitiveScope(): boolean;
+  setNeedSensitiveScope(value: boolean): void;
+
   serializeBinary(): Uint8Array;
   toObject(includeInstance?: boolean): Report.AsObject;
   static toObject(includeInstance: boolean, msg: Report): Report.AsObject;
@@ -896,6 +960,8 @@ export namespace Report {
     isAuthor: boolean,
     createdAt: number,
     updatedAt: number,
+    isSharable: boolean,
+    needSensitiveScope: boolean,
   }
 }
 
diff --git a/src/proto/dekart_pb.js b/src/proto/dekart_pb.js
index 8a91c05..6d530d5 100644
--- a/src/proto/dekart_pb.js
+++ b/src/proto/dekart_pb.js
@@ -23,6 +23,7 @@ goog.exportSymbol('proto.AuthState.Action', null, global);
 goog.exportSymbol('proto.CancelQueryRequest', null, global);
 goog.exportSymbol('proto.CancelQueryResponse', null, global);
 goog.exportSymbol('proto.Connection', null, global);
+goog.exportSymbol('proto.Connection.ConnectionType', null, global);
 goog.exportSymbol('proto.CreateConnectionRequest', null, global);
 goog.exportSymbol('proto.CreateConnectionResponse', null, global);
 goog.exportSymbol('proto.CreateDatasetRequest', null, global);
@@ -65,6 +66,7 @@ goog.exportSymbol('proto.RunAllQueriesRequest', null, global);
 goog.exportSymbol('proto.RunAllQueriesResponse', null, global);
 goog.exportSymbol('proto.RunQueryRequest', null, global);
 goog.exportSymbol('proto.RunQueryResponse', null, global);
+goog.exportSymbol('proto.Secret', null, global);
 goog.exportSymbol('proto.SetDefaultConnectionRequest', null, global);
 goog.exportSymbol('proto.SetDefaultConnectionResponse', null, global);
 goog.exportSymbol('proto.SetDiscoverableRequest', null, global);
@@ -479,6 +481,27 @@ if (goog.DEBUG && !COMPILED) {
    */
   proto.Connection.displayName = 'proto.Connection';
 }
+/**
+ * Generated by JsPbCodeGenerator.
+ * @param {Array=} opt_data Optional initial data array, typically from a
+ * server response, or constructed directly in Javascript. The array is used
+ * in place and becomes part of the constructed object. It is not cloned.
+ * If no data is provided, the constructed object will be empty, but still
+ * valid.
+ * @extends {jspb.Message}
+ * @constructor
+ */
+proto.Secret = function(opt_data) {
+  jspb.Message.initialize(this, opt_data, 0, -1, null, null);
+};
+goog.inherits(proto.Secret, jspb.Message);
+if (goog.DEBUG && !COMPILED) {
+  /**
+   * @public
+   * @override
+   */
+  proto.Secret.displayName = 'proto.Secret';
+}
 /**
  * Generated by JsPbCodeGenerator.
  * @param {Array=} opt_data Optional initial data array, typically from a
@@ -2526,9 +2549,7 @@ proto.GetUserStreamResponse.toObject = function(includeInstance, msg) {
   var f, obj = {
     streamOptions: (f = msg.getStreamOptions()) && proto.StreamOptions.toObject(includeInstance, f),
     connectionUpdate: jspb.Message.getFieldWithDefault(msg, 2, 0),
-    email: jspb.Message.getFieldWithDefault(msg, 3, ""),
-    sensitiveScopesGranted: jspb.Message.getBooleanFieldWithDefault(msg, 4, false),
-    sensitiveScopesGrantedOnce: jspb.Message.getBooleanFieldWithDefault(msg, 5, false)
+    email: jspb.Message.getFieldWithDefault(msg, 3, "")
   };
 
   if (includeInstance) {
@@ -2578,14 +2599,6 @@ proto.GetUserStreamResponse.deserializeBinaryFromReader = function(msg, reader)
       var value = /** @type {string} */ (reader.readString());
       msg.setEmail(value);
       break;
-    case 4:
-      var value = /** @type {boolean} */ (reader.readBool());
-      msg.setSensitiveScopesGranted(value);
-      break;
-    case 5:
-      var value = /** @type {boolean} */ (reader.readBool());
-      msg.setSensitiveScopesGrantedOnce(value);
-      break;
     default:
       reader.skipField();
       break;
@@ -2637,20 +2650,6 @@ proto.GetUserStreamResponse.serializeBinaryToWriter = function(message, writer)
       f
     );
   }
-  f = message.getSensitiveScopesGranted();
-  if (f) {
-    writer.writeBool(
-      4,
-      f
-    );
-  }
-  f = message.getSensitiveScopesGrantedOnce();
-  if (f) {
-    writer.writeBool(
-      5,
-      f
-    );
-  }
 };
 
 
@@ -2727,42 +2726,6 @@ proto.GetUserStreamResponse.prototype.setEmail = function(value) {
 };
 
 
-/**
- * optional bool sensitive_scopes_granted = 4;
- * @return {boolean}
- */
-proto.GetUserStreamResponse.prototype.getSensitiveScopesGranted = function() {
-  return /** @type {boolean} */ (jspb.Message.getBooleanFieldWithDefault(this, 4, false));
-};
-
-
-/**
- * @param {boolean} value
- * @return {!proto.GetUserStreamResponse} returns this
- */
-proto.GetUserStreamResponse.prototype.setSensitiveScopesGranted = function(value) {
-  return jspb.Message.setProto3BooleanField(this, 4, value);
-};
-
-
-/**
- * optional bool sensitive_scopes_granted_once = 5;
- * @return {boolean}
- */
-proto.GetUserStreamResponse.prototype.getSensitiveScopesGrantedOnce = function() {
-  return /** @type {boolean} */ (jspb.Message.getBooleanFieldWithDefault(this, 5, false));
-};
-
-
-/**
- * @param {boolean} value
- * @return {!proto.GetUserStreamResponse} returns this
- */
-proto.GetUserStreamResponse.prototype.setSensitiveScopesGrantedOnce = function(value) {
-  return jspb.Message.setProto3BooleanField(this, 5, value);
-};
-
-
 
 
 
@@ -3950,7 +3913,12 @@ proto.Connection.toObject = function(includeInstance, msg) {
     createdAt: jspb.Message.getFieldWithDefault(msg, 7, 0),
     updatedAt: jspb.Message.getFieldWithDefault(msg, 8, 0),
     datasetCount: jspb.Message.getFieldWithDefault(msg, 9, 0),
-    canStoreFiles: jspb.Message.getBooleanFieldWithDefault(msg, 10, false)
+    canStoreFiles: jspb.Message.getBooleanFieldWithDefault(msg, 10, false),
+    connectionType: jspb.Message.getFieldWithDefault(msg, 11, 0),
+    snowflakeAccountId: jspb.Message.getFieldWithDefault(msg, 12, ""),
+    snowflakeUsername: jspb.Message.getFieldWithDefault(msg, 13, ""),
+    snowflakePassword: (f = msg.getSnowflakePassword()) && proto.Secret.toObject(includeInstance, f),
+    snowflakeWarehouse: jspb.Message.getFieldWithDefault(msg, 15, "")
   };
 
   if (includeInstance) {
@@ -4027,6 +3995,27 @@ proto.Connection.deserializeBinaryFromReader = function(msg, reader) {
       var value = /** @type {boolean} */ (reader.readBool());
       msg.setCanStoreFiles(value);
       break;
+    case 11:
+      var value = /** @type {!proto.Connection.ConnectionType} */ (reader.readEnum());
+      msg.setConnectionType(value);
+      break;
+    case 12:
+      var value = /** @type {string} */ (reader.readString());
+      msg.setSnowflakeAccountId(value);
+      break;
+    case 13:
+      var value = /** @type {string} */ (reader.readString());
+      msg.setSnowflakeUsername(value);
+      break;
+    case 14:
+      var value = new proto.Secret;
+      reader.readMessage(value,proto.Secret.deserializeBinaryFromReader);
+      msg.setSnowflakePassword(value);
+      break;
+    case 15:
+      var value = /** @type {string} */ (reader.readString());
+      msg.setSnowflakeWarehouse(value);
+      break;
     default:
       reader.skipField();
       break;
@@ -4126,9 +4115,54 @@ proto.Connection.serializeBinaryToWriter = function(message, writer) {
       f
     );
   }
+  f = message.getConnectionType();
+  if (f !== 0.0) {
+    writer.writeEnum(
+      11,
+      f
+    );
+  }
+  f = message.getSnowflakeAccountId();
+  if (f.length > 0) {
+    writer.writeString(
+      12,
+      f
+    );
+  }
+  f = message.getSnowflakeUsername();
+  if (f.length > 0) {
+    writer.writeString(
+      13,
+      f
+    );
+  }
+  f = message.getSnowflakePassword();
+  if (f != null) {
+    writer.writeMessage(
+      14,
+      f,
+      proto.Secret.serializeBinaryToWriter
+    );
+  }
+  f = message.getSnowflakeWarehouse();
+  if (f.length > 0) {
+    writer.writeString(
+      15,
+      f
+    );
+  }
 };
 
 
+/**
+ * @enum {number}
+ */
+proto.Connection.ConnectionType = {
+  CONNECTION_TYPE_UNSPECIFIED: 0,
+  CONNECTION_TYPE_BIGQUERY: 1,
+  CONNECTION_TYPE_SNOWFLAKE: 2
+};
+
 /**
  * optional string id = 1;
  * @return {string}
@@ -4309,6 +4343,305 @@ proto.Connection.prototype.setCanStoreFiles = function(value) {
 };
 
 
+/**
+ * optional ConnectionType connection_type = 11;
+ * @return {!proto.Connection.ConnectionType}
+ */
+proto.Connection.prototype.getConnectionType = function() {
+  return /** @type {!proto.Connection.ConnectionType} */ (jspb.Message.getFieldWithDefault(this, 11, 0));
+};
+
+
+/**
+ * @param {!proto.Connection.ConnectionType} value
+ * @return {!proto.Connection} returns this
+ */
+proto.Connection.prototype.setConnectionType = function(value) {
+  return jspb.Message.setProto3EnumField(this, 11, value);
+};
+
+
+/**
+ * optional string snowflake_account_id = 12;
+ * @return {string}
+ */
+proto.Connection.prototype.getSnowflakeAccountId = function() {
+  return /** @type {string} */ (jspb.Message.getFieldWithDefault(this, 12, ""));
+};
+
+
+/**
+ * @param {string} value
+ * @return {!proto.Connection} returns this
+ */
+proto.Connection.prototype.setSnowflakeAccountId = function(value) {
+  return jspb.Message.setProto3StringField(this, 12, value);
+};
+
+
+/**
+ * optional string snowflake_username = 13;
+ * @return {string}
+ */
+proto.Connection.prototype.getSnowflakeUsername = function() {
+  return /** @type {string} */ (jspb.Message.getFieldWithDefault(this, 13, ""));
+};
+
+
+/**
+ * @param {string} value
+ * @return {!proto.Connection} returns this
+ */
+proto.Connection.prototype.setSnowflakeUsername = function(value) {
+  return jspb.Message.setProto3StringField(this, 13, value);
+};
+
+
+/**
+ * optional Secret snowflake_password = 14;
+ * @return {?proto.Secret}
+ */
+proto.Connection.prototype.getSnowflakePassword = function() {
+  return /** @type{?proto.Secret} */ (
+    jspb.Message.getWrapperField(this, proto.Secret, 14));
+};
+
+
+/**
+ * @param {?proto.Secret|undefined} value
+ * @return {!proto.Connection} returns this
+*/
+proto.Connection.prototype.setSnowflakePassword = function(value) {
+  return jspb.Message.setWrapperField(this, 14, value);
+};
+
+
+/**
+ * Clears the message field making it undefined.
+ * @return {!proto.Connection} returns this
+ */
+proto.Connection.prototype.clearSnowflakePassword = function() {
+  return this.setSnowflakePassword(undefined);
+};
+
+
+/**
+ * Returns whether this field is set.
+ * @return {boolean}
+ */
+proto.Connection.prototype.hasSnowflakePassword = function() {
+  return jspb.Message.getField(this, 14) != null;
+};
+
+
+/**
+ * optional string snowflake_warehouse = 15;
+ * @return {string}
+ */
+proto.Connection.prototype.getSnowflakeWarehouse = function() {
+  return /** @type {string} */ (jspb.Message.getFieldWithDefault(this, 15, ""));
+};
+
+
+/**
+ * @param {string} value
+ * @return {!proto.Connection} returns this
+ */
+proto.Connection.prototype.setSnowflakeWarehouse = function(value) {
+  return jspb.Message.setProto3StringField(this, 15, value);
+};
+
+
+
+
+
+if (jspb.Message.GENERATE_TO_OBJECT) {
+/**
+ * Creates an object representation of this proto.
+ * Field names that are reserved in JavaScript and will be renamed to pb_name.
+ * Optional fields that are not set will be set to undefined.
+ * To access a reserved field use, foo.pb_<name>, eg, foo.pb_default.
+ * For the list of reserved names please see:
+ *     net/proto2/compiler/js/internal/generator.cc#kKeyword.
+ * @param {boolean=} opt_includeInstance Deprecated. whether to include the
+ *     JSPB instance for transitional soy proto support:
+ *     http://goto/soy-param-migration
+ * @return {!Object}
+ */
+proto.Secret.prototype.toObject = function(opt_includeInstance) {
+  return proto.Secret.toObject(opt_includeInstance, this);
+};
+
+
+/**
+ * Static version of the {@see toObject} method.
+ * @param {boolean|undefined} includeInstance Deprecated. Whether to include
+ *     the JSPB instance for transitional soy proto support:
+ *     http://goto/soy-param-migration
+ * @param {!proto.Secret} msg The msg instance to transform.
+ * @return {!Object}
+ * @suppress {unusedLocalVariables} f is only used for nested messages
+ */
+proto.Secret.toObject = function(includeInstance, msg) {
+  var f, obj = {
+    clientEncrypted: jspb.Message.getFieldWithDefault(msg, 1, ""),
+    serverEncrypted: jspb.Message.getFieldWithDefault(msg, 2, ""),
+    length: jspb.Message.getFieldWithDefault(msg, 3, 0)
+  };
+
+  if (includeInstance) {
+    obj.$jspbMessageInstance = msg;
+  }
+  return obj;
+};
+}
+
+
+/**
+ * Deserializes binary data (in protobuf wire format).
+ * @param {jspb.ByteSource} bytes The bytes to deserialize.
+ * @return {!proto.Secret}
+ */
+proto.Secret.deserializeBinary = function(bytes) {
+  var reader = new jspb.BinaryReader(bytes);
+  var msg = new proto.Secret;
+  return proto.Secret.deserializeBinaryFromReader(msg, reader);
+};
+
+
+/**
+ * Deserializes binary data (in protobuf wire format) from the
+ * given reader into the given message object.
+ * @param {!proto.Secret} msg The message object to deserialize into.
+ * @param {!jspb.BinaryReader} reader The BinaryReader to use.
+ * @return {!proto.Secret}
+ */
+proto.Secret.deserializeBinaryFromReader = function(msg, reader) {
+  while (reader.nextField()) {
+    if (reader.isEndGroup()) {
+      break;
+    }
+    var field = reader.getFieldNumber();
+    switch (field) {
+    case 1:
+      var value = /** @type {string} */ (reader.readString());
+      msg.setClientEncrypted(value);
+      break;
+    case 2:
+      var value = /** @type {string} */ (reader.readString());
+      msg.setServerEncrypted(value);
+      break;
+    case 3:
+      var value = /** @type {number} */ (reader.readInt32());
+      msg.setLength(value);
+      break;
+    default:
+      reader.skipField();
+      break;
+    }
+  }
+  return msg;
+};
+
+
+/**
+ * Serializes the message to binary data (in protobuf wire format).
+ * @return {!Uint8Array}
+ */
+proto.Secret.prototype.serializeBinary = function() {
+  var writer = new jspb.BinaryWriter();
+  proto.Secret.serializeBinaryToWriter(this, writer);
+  return writer.getResultBuffer();
+};
+
+
+/**
+ * Serializes the given message to binary data (in protobuf wire
+ * format), writing to the given BinaryWriter.
+ * @param {!proto.Secret} message
+ * @param {!jspb.BinaryWriter} writer
+ * @suppress {unusedLocalVariables} f is only used for nested messages
+ */
+proto.Secret.serializeBinaryToWriter = function(message, writer) {
+  var f = undefined;
+  f = message.getClientEncrypted();
+  if (f.length > 0) {
+    writer.writeString(
+      1,
+      f
+    );
+  }
+  f = message.getServerEncrypted();
+  if (f.length > 0) {
+    writer.writeString(
+      2,
+      f
+    );
+  }
+  f = message.getLength();
+  if (f !== 0) {
+    writer.writeInt32(
+      3,
+      f
+    );
+  }
+};
+
+
+/**
+ * optional string client_encrypted = 1;
+ * @return {string}
+ */
+proto.Secret.prototype.getClientEncrypted = function() {
+  return /** @type {string} */ (jspb.Message.getFieldWithDefault(this, 1, ""));
+};
+
+
+/**
+ * @param {string} value
+ * @return {!proto.Secret} returns this
+ */
+proto.Secret.prototype.setClientEncrypted = function(value) {
+  return jspb.Message.setProto3StringField(this, 1, value);
+};
+
+
+/**
+ * optional string server_encrypted = 2;
+ * @return {string}
+ */
+proto.Secret.prototype.getServerEncrypted = function() {
+  return /** @type {string} */ (jspb.Message.getFieldWithDefault(this, 2, ""));
+};
+
+
+/**
+ * @param {string} value
+ * @return {!proto.Secret} returns this
+ */
+proto.Secret.prototype.setServerEncrypted = function(value) {
+  return jspb.Message.setProto3StringField(this, 2, value);
+};
+
+
+/**
+ * optional int32 length = 3;
+ * @return {number}
+ */
+proto.Secret.prototype.getLength = function() {
+  return /** @type {number} */ (jspb.Message.getFieldWithDefault(this, 3, 0));
+};
+
+
+/**
+ * @param {number} value
+ * @return {!proto.Secret} returns this
+ */
+proto.Secret.prototype.setLength = function(value) {
+  return jspb.Message.setProto3IntField(this, 3, value);
+};
+
+
 
 
 
@@ -5677,7 +6010,11 @@ proto.GetEnvResponse.Variable.Type = {
   TYPE_CLOUD_STORAGE_BUCKET: 12,
   TYPE_UX_ACCESS_ERROR_INFO_HTML: 13,
   TYPE_UX_NOT_FOUND_ERROR_INFO_HTML: 14,
-  TYPE_UX_SAMPLE_QUERY_SQL: 15
+  TYPE_UX_SAMPLE_QUERY_SQL: 15,
+  TYPE_AES_KEY: 16,
+  TYPE_AES_IV: 17,
+  TYPE_AUTH_ENABLED: 18,
+  TYPE_USER_DEFINED_CONNECTION: 19
 };
 
 /**
@@ -5787,7 +6124,8 @@ proto.RedirectState.prototype.toObject = function(opt_includeInstance) {
 proto.RedirectState.toObject = function(includeInstance, msg) {
   var f, obj = {
     tokenJson: jspb.Message.getFieldWithDefault(msg, 1, ""),
-    error: jspb.Message.getFieldWithDefault(msg, 2, "")
+    error: jspb.Message.getFieldWithDefault(msg, 2, ""),
+    sensitiveScopesGranted: jspb.Message.getBooleanFieldWithDefault(msg, 3, false)
   };
 
   if (includeInstance) {
@@ -5832,6 +6170,10 @@ proto.RedirectState.deserializeBinaryFromReader = function(msg, reader) {
       var value = /** @type {string} */ (reader.readString());
       msg.setError(value);
       break;
+    case 3:
+      var value = /** @type {boolean} */ (reader.readBool());
+      msg.setSensitiveScopesGranted(value);
+      break;
     default:
       reader.skipField();
       break;
@@ -5875,6 +6217,13 @@ proto.RedirectState.serializeBinaryToWriter = function(message, writer) {
       f
     );
   }
+  f = message.getSensitiveScopesGranted();
+  if (f) {
+    writer.writeBool(
+      3,
+      f
+    );
+  }
 };
 
 
@@ -5914,6 +6263,24 @@ proto.RedirectState.prototype.setError = function(value) {
 };
 
 
+/**
+ * optional bool sensitive_scopes_granted = 3;
+ * @return {boolean}
+ */
+proto.RedirectState.prototype.getSensitiveScopesGranted = function() {
+  return /** @type {boolean} */ (jspb.Message.getBooleanFieldWithDefault(this, 3, false));
+};
+
+
+/**
+ * @param {boolean} value
+ * @return {!proto.RedirectState} returns this
+ */
+proto.RedirectState.prototype.setSensitiveScopesGranted = function(value) {
+  return jspb.Message.setProto3BooleanField(this, 3, value);
+};
+
+
 
 
 
@@ -6899,7 +7266,9 @@ proto.Report.toObject = function(includeInstance, msg) {
     allowEdit: jspb.Message.getBooleanFieldWithDefault(msg, 8, false),
     isAuthor: jspb.Message.getBooleanFieldWithDefault(msg, 9, false),
     createdAt: jspb.Message.getFieldWithDefault(msg, 10, 0),
-    updatedAt: jspb.Message.getFieldWithDefault(msg, 11, 0)
+    updatedAt: jspb.Message.getFieldWithDefault(msg, 11, 0),
+    isSharable: jspb.Message.getBooleanFieldWithDefault(msg, 12, false),
+    needSensitiveScope: jspb.Message.getBooleanFieldWithDefault(msg, 13, false)
   };
 
   if (includeInstance) {
@@ -6980,6 +7349,14 @@ proto.Report.deserializeBinaryFromReader = function(msg, reader) {
       var value = /** @type {number} */ (reader.readInt64());
       msg.setUpdatedAt(value);
       break;
+    case 12:
+      var value = /** @type {boolean} */ (reader.readBool());
+      msg.setIsSharable(value);
+      break;
+    case 13:
+      var value = /** @type {boolean} */ (reader.readBool());
+      msg.setNeedSensitiveScope(value);
+      break;
     default:
       reader.skipField();
       break;
@@ -7086,6 +7463,20 @@ proto.Report.serializeBinaryToWriter = function(message, writer) {
       f
     );
   }
+  f = message.getIsSharable();
+  if (f) {
+    writer.writeBool(
+      12,
+      f
+    );
+  }
+  f = message.getNeedSensitiveScope();
+  if (f) {
+    writer.writeBool(
+      13,
+      f
+    );
+  }
 };
 
 
@@ -7287,6 +7678,42 @@ proto.Report.prototype.setUpdatedAt = function(value) {
 };
 
 
+/**
+ * optional bool is_sharable = 12;
+ * @return {boolean}
+ */
+proto.Report.prototype.getIsSharable = function() {
+  return /** @type {boolean} */ (jspb.Message.getBooleanFieldWithDefault(this, 12, false));
+};
+
+
+/**
+ * @param {boolean} value
+ * @return {!proto.Report} returns this
+ */
+proto.Report.prototype.setIsSharable = function(value) {
+  return jspb.Message.setProto3BooleanField(this, 12, value);
+};
+
+
+/**
+ * optional bool need_sensitive_scope = 13;
+ * @return {boolean}
+ */
+proto.Report.prototype.getNeedSensitiveScope = function() {
+  return /** @type {boolean} */ (jspb.Message.getBooleanFieldWithDefault(this, 13, false));
+};
+
+
+/**
+ * @param {boolean} value
+ * @return {!proto.Report} returns this
+ */
+proto.Report.prototype.setNeedSensitiveScope = function(value) {
+  return jspb.Message.setProto3BooleanField(this, 13, value);
+};
+
+
 
 
 
diff --git a/src/server/app/app.go b/src/server/app/app.go
index 2078507..e38a9bf 100644
--- a/src/server/app/app.go
+++ b/src/server/app/app.go
@@ -144,6 +144,7 @@ func configureHTTP(dekartServer *dekart.Server, claimsCheck user.ClaimsCheck) *m
 		router.HandleFunc("/reports/{id}", staticFilesHandler.ServeIndex)
 		router.HandleFunc("/reports/{id}/edit", staticFilesHandler.ServeIndex) // deprecated
 		router.HandleFunc("/reports/{id}/source", staticFilesHandler.ServeIndex)
+		router.HandleFunc("/grant-scopes", staticFilesHandler.ServeIndex)
 		router.HandleFunc("/400", func(w http.ResponseWriter, r *http.Request) {
 			staticFilesHandler.ServeIndex(ResponseWriter{w: w, statusCode: http.StatusBadRequest}, r)
 		})
diff --git a/src/server/bqjob/store.go b/src/server/bqjob/store.go
index a14d839..6113de5 100644
--- a/src/server/bqjob/store.go
+++ b/src/server/bqjob/store.go
@@ -7,10 +7,14 @@ import (
 	"dekart/src/server/user"
 	"os"
 	"strconv"
+	"strings"
 
 	"cloud.google.com/go/bigquery"
+	bqStorage "cloud.google.com/go/bigquery/storage/apiv1"
 	"github.com/rs/zerolog/log"
+	"google.golang.org/api/iterator"
 	"google.golang.org/api/option"
+	bqStoragePb "google.golang.org/genproto/googleapis/cloud/bigquery/storage/v1"
 )
 
 // Store implements job.Store interface for BigQuery
@@ -24,8 +28,7 @@ func NewStore() *Store {
 	return store
 }
 
-// Create job on store
-func (s *Store) Create(reportID string, queryID string, queryText string, userCtx context.Context) (job.Job, chan int32, error) {
+func Create(reportID string, queryID string, queryText string, userCtx context.Context) (job.Job, error) {
 	maxBytesBilledStr := os.Getenv("DEKART_BIGQUERY_MAX_BYTES_BILLED")
 	var maxBytesBilled int64
 	var err error
@@ -33,7 +36,7 @@ func (s *Store) Create(reportID string, queryID string, queryText string, userCt
 		maxBytesBilled, err = strconv.ParseInt(maxBytesBilledStr, 10, 64)
 		if err != nil {
 			log.Fatal().Msgf("Cannot parse DEKART_BIGQUERY_MAX_BYTES_BILLED")
-			return nil, nil, err
+			return nil, err
 		}
 	} else {
 		log.Warn().Msgf("DEKART_BIGQUERY_MAX_BYTES_BILLED is not set! Use the maximum bytes billed setting to limit query costs. https://cloud.google.com/bigquery/docs/best-practices-costs#limit_query_costs_by_restricting_the_number_of_bytes_billed")
@@ -48,12 +51,26 @@ func (s *Store) Create(reportID string, queryID string, queryText string, userCt
 		maxBytesBilled: maxBytesBilled,
 	}
 	job.Init(userCtx)
+	return job, nil
+}
+
+// Create job on store
+func (s *Store) Create(reportID string, queryID string, queryText string, userCtx context.Context) (job.Job, chan int32, error) {
+	job, err := Create(reportID, queryID, queryText, userCtx)
+	if err != nil {
+		log.Error().Err(err).Msg("Failed to create BigQuery job")
+		return nil, nil, err
+	}
 	s.StoreJob(job)
 	go s.RemoveJobWhenDone(job)
 	return job, job.Status(), nil
 }
 
 func (s *Store) TestConnection(ctx context.Context, req *proto.TestConnectionRequest) (*proto.TestConnectionResponse, error) {
+	return TestConnection(ctx, req)
+}
+
+func TestConnection(ctx context.Context, req *proto.TestConnectionRequest) (*proto.TestConnectionResponse, error) {
 	tokenSource := user.GetTokenSource(ctx)
 	client, err := bigquery.NewClient(
 		ctx,
@@ -70,13 +87,41 @@ func (s *Store) TestConnection(ctx context.Context, req *proto.TestConnectionReq
 	it := client.Datasets(ctx)
 	_, err = it.Next()
 	if err != nil {
-		log.Debug().Err(err).Msg("client.Datasets failed")
+		if err != iterator.Done { // if no datasets found, it still ok
+			return &proto.TestConnectionResponse{
+				Success: false,
+				Error:   err.Error(),
+			}, nil
+		}
+	}
+
+	// Attempt to create a read session to check for permissions
+	bqReadClient, err := bqStorage.NewBigQueryReadClient(ctx, option.WithTokenSource(tokenSource))
+	if err != nil {
+		log.Debug().Err(err).Msg("bigquery.NewBigQueryReadClient failed")
 		return &proto.TestConnectionResponse{
 			Success: false,
 			Error:   err.Error(),
 		}, nil
 	}
+	defer bqReadClient.Close()
 
+	createReadSessionRequest := &bqStoragePb.CreateReadSessionRequest{
+		Parent: "projects/" + req.Connection.BigqueryProjectId,
+		ReadSession: &bqStoragePb.ReadSession{
+			Table:      "projects/bigquery-public-data/datasets/samples/tables/shakespeare", // well-known public dataset
+			DataFormat: bqStoragePb.DataFormat_AVRO,
+		},
+	}
+	_, err = bqReadClient.CreateReadSession(ctx, createReadSessionRequest)
+	if err != nil {
+		if strings.Contains(err.Error(), "PermissionDenied") {
+			return &proto.TestConnectionResponse{
+				Success: false,
+				Error:   err.Error(),
+			}, nil
+		}
+	}
 	return &proto.TestConnectionResponse{
 		Success: true,
 	}, nil
diff --git a/src/server/bqstorage/bqstorage.go b/src/server/bqstorage/bqstorage.go
index f78f368..892aa25 100644
--- a/src/server/bqstorage/bqstorage.go
+++ b/src/server/bqstorage/bqstorage.go
@@ -94,27 +94,60 @@ func (s BigQueryStorageObject) GetReader(ctx context.Context) (io.ReadCloser, er
 	)
 	pr, pw := io.Pipe()
 	csvWriter := csv.NewWriter(pw)
+	var firstRow []string
+	var more bool
+
+	// read first row, make sure it's not an error
+	// this is needed because if user doesn't have permission to create read session, error will be returned in the channel
+	select {
+	case firstRow, more = <-csvRows:
+		if !more {
+			err := fmt.Errorf("no data returned by BigQuery Readers")
+			log.Err(err).Send()
+			return nil, err
+		}
+	case err := <-errors:
+		return nil, err
+	}
+
 	go func() {
-		for {
-			csvRow, more := <-csvRows
-			if !more {
-				break
-			}
-			err := csvWriter.Write(csvRow)
-			if err == context.Canceled {
-				break
-			}
+		defer pw.Close()
+		defer csvWriter.Flush()
+
+		if more {
+			// write first row
+			log.Debug().Msg("writing first row")
+			err := csvWriter.Write(firstRow)
 			if err != nil {
 				log.Err(err).Send()
-				break
+				return
+			}
+
+			// continue writing rows
+			for {
+				select {
+				case csvRow, more := <-csvRows:
+					if !more {
+						return
+					}
+					err := csvWriter.Write(csvRow)
+					if err != nil {
+						log.Err(err).Send()
+						return
+					}
+				case err := <-errors:
+					if err != nil {
+						log.Err(err).Send()
+						return
+					}
+				case <-ctx.Done():
+					log.Debug().Msg("context canceled")
+					return
+				}
 			}
-		}
-		csvWriter.Flush()
-		err := pw.Close()
-		if err != nil {
-			log.Error().Err(err).Msg("Error closing pipe writer")
 		}
 	}()
+
 	return pr, nil
 }
 
@@ -123,3 +156,25 @@ func (s BigQueryStorageObject) CopyFromS3(ctx context.Context, source string) er
 	log.Fatal().Err(err).Send()
 	return err
 }
+
+func (s BigQueryStorageObject) Delete(ctx context.Context) error {
+	log.Fatal().Msg("BigQueryStorageObject Delete not implemented")
+	return nil
+}
+
+func (s BigQueryStorageObject) CopyTo(ctx context.Context, writer io.WriteCloser) error {
+	reader, err := s.GetReader(ctx)
+	if err != nil {
+		log.Err(err).Msg("Error getting reader while copying to")
+		return err
+	}
+	_, err = io.Copy(writer, reader)
+	if err != nil {
+		return err
+	}
+	err = writer.Close()
+	if err != nil {
+		return err
+	}
+	return nil
+}
diff --git a/src/server/bqutils/reader.go b/src/server/bqutils/reader.go
index 2629458..a6594e1 100644
--- a/src/server/bqutils/reader.go
+++ b/src/server/bqutils/reader.go
@@ -6,6 +6,7 @@ import (
 	"dekart/src/server/user"
 	"fmt"
 	"io"
+	"strings"
 	"sync"
 
 	"cloud.google.com/go/bigquery"
@@ -67,7 +68,14 @@ func NewReader(
 	r.session, err = r.bqReadClient.CreateReadSession(r.ctx, createReadSessionRequest, rpcOpts)
 	if err != nil {
 		//TODO: context canceled
-		r.logger.Error().Err(err).Msg("cannot create read session")
+
+		// Check if the error is PermissionDenied
+		if strings.Contains(err.Error(), "PermissionDenied") {
+			// user does not have permission to create read session, not dekart error
+			r.logger.Warn().Err(err).Msg("Permission Denied: cannot create read session")
+		} else {
+			r.logger.Error().Err(err).Msg("cannot create read session")
+		}
 		return r, err
 	}
 	r.tableDecoder, err = NewDecoder(r.session)
diff --git a/src/server/conn/connctx.go b/src/server/conn/connctx.go
index 58ebf0d..9abbeea 100644
--- a/src/server/conn/connctx.go
+++ b/src/server/conn/connctx.go
@@ -3,38 +3,32 @@ package conn
 import (
 	"context"
 	"dekart/src/proto"
+	"os"
 
 	"github.com/rs/zerolog/log"
 )
 
-type Connection struct {
-	ID                 string
-	ConnectionName     string
-	BigqueryProjectID  string
-	CloudStorageBucket string
-}
-
 type ConnectionContextKey string
 
 const connectionContextKey ConnectionContextKey = "connection"
 
+var dekartBigQueryProjectID = os.Getenv("DEKART_BIGQUERY_PROJECT_ID")
+var dekartCloudStorageBucket = os.Getenv("DEKART_CLOUD_STORAGE_BUCKET")
+var dekartDataSource = os.Getenv("DEKART_DATASOURCE")
+
+func IsUserDefined() bool {
+	return (dekartBigQueryProjectID == "" && dekartDataSource == "BQ") || (dekartCloudStorageBucket == "" && dekartDataSource != "SNOWFLAKE")
+}
+
 func GetCtx(ctx context.Context, connection *proto.Connection) context.Context {
-	if connection == nil {
-		return context.WithValue(ctx, connectionContextKey, Connection{})
-	}
-	return context.WithValue(ctx, connectionContextKey, Connection{
-		ID:                 connection.Id,
-		ConnectionName:     connection.ConnectionName,
-		BigqueryProjectID:  connection.BigqueryProjectId,
-		CloudStorageBucket: connection.CloudStorageBucket,
-	})
+	return context.WithValue(ctx, connectionContextKey, connection)
 }
 
-func FromCtx(ctx context.Context) Connection {
-	connection, ok := ctx.Value(connectionContextKey).(Connection)
+func FromCtx(ctx context.Context) *proto.Connection {
+	connection, ok := ctx.Value(connectionContextKey).(*proto.Connection)
 	if !ok {
 		log.Error().Msg("Connection not found in context")
-		return Connection{}
+		return &proto.Connection{}
 	}
 	return connection
 }
diff --git a/src/server/dekart/connection.go b/src/server/dekart/connection.go
index cfccdc7..5adb3b7 100644
--- a/src/server/dekart/connection.go
+++ b/src/server/dekart/connection.go
@@ -4,11 +4,13 @@ import (
 	"context"
 	"database/sql"
 	"dekart/src/proto"
+	"dekart/src/server/secrets"
 	"dekart/src/server/storage"
 	"dekart/src/server/user"
 	"os"
 	"time"
 
+	"github.com/google/uuid"
 	"github.com/rs/zerolog/log"
 	"google.golang.org/grpc/codes"
 	"google.golang.org/grpc/status"
@@ -19,6 +21,10 @@ func (s Server) TestConnection(ctx context.Context, req *proto.TestConnectionReq
 	if claims == nil {
 		return nil, Unauthenticated
 	}
+	conn := req.Connection
+	if conn == nil {
+		return nil, status.Error(codes.InvalidArgument, "connection is required")
+	}
 	res, err := s.jobs.TestConnection(ctx, req)
 	if err != nil {
 		log.Err(err).Send()
@@ -27,7 +33,7 @@ func (s Server) TestConnection(ctx context.Context, req *proto.TestConnectionReq
 	if !res.Success {
 		return res, nil
 	}
-	if req.Connection.CloudStorageBucket == "" {
+	if req.Connection.CloudStorageBucket == "" && os.Getenv("DEKART_STORAGE") == "USER" {
 		// if no bucket is provided, temp storage is used
 		return &proto.TestConnectionResponse{
 			Success: true,
@@ -121,6 +127,11 @@ func (s Server) getConnection(ctx context.Context, connectionID string) (*proto.
 			connection_name,
 			bigquery_project_id,
 			cloud_storage_bucket,
+			connection_type,
+			snowflake_account_id,
+			snowflake_username,
+			snowflake_password_encrypted,
+			snowflake_warehouse,
 			(select count(*) from datasets where connection_id=connections.id) as dataset_count
 		from connections where id=$1 limit 1`,
 		connectionID,
@@ -135,16 +146,35 @@ func (s Server) getConnection(ctx context.Context, connectionID string) (*proto.
 		ID := sql.NullString{}
 		bigqueryProjectId := sql.NullString{}
 		cloudStorageBucket := sql.NullString{}
+		var connectionType proto.Connection_ConnectionType
+		snowflakeUser := sql.NullString{}
+		snowflakePassword := sql.NullString{}
+		snowflakeAccountID := sql.NullString{}
+		snowflakeWarehouse := sql.NullString{}
 		err := res.Scan(
 			&ID,
 			&connection.ConnectionName,
 			&bigqueryProjectId,
 			&cloudStorageBucket,
+			&connectionType,
+			&snowflakeAccountID,
+			&snowflakeUser,
+			&snowflakePassword,
+			&snowflakeWarehouse,
 			&connection.DatasetCount,
 		)
 		connection.Id = ID.String
 		connection.BigqueryProjectId = bigqueryProjectId.String
 		connection.CloudStorageBucket = cloudStorageBucket.String
+		connection.ConnectionType = connectionType
+		connection.SnowflakeUsername = snowflakeUser.String
+		connection.SnowflakeAccountId = snowflakeAccountID.String
+		connection.SnowflakeWarehouse = snowflakeWarehouse.String
+		if snowflakePassword.String != "" {
+			connection.SnowflakePassword = &proto.Secret{
+				ServerEncrypted: snowflakePassword.String,
+			}
+		}
 		if connection.CloudStorageBucket != "" {
 			connection.CanStoreFiles = true
 		}
@@ -169,6 +199,11 @@ func (s Server) getConnections(ctx context.Context) ([]*proto.Connection, error)
 			connection_name,
 			bigquery_project_id,
 			cloud_storage_bucket,
+			connection_type,
+			snowflake_account_id,
+			snowflake_username,
+			snowflake_password_encrypted,
+			snowflake_warehouse,
 			is_default,
 			created_at,
 			updated_at,
@@ -190,6 +225,10 @@ func (s Server) getConnections(ctx context.Context) ([]*proto.Connection, error)
 		ID := sql.NullString{}
 		bigqueryProjectId := sql.NullString{}
 		cloudStorageBucket := sql.NullString{}
+		snowflakeAccountID := sql.NullString{}
+		snowflakeUsername := sql.NullString{}
+		snowflakePassword := sql.NullString{}
+		snowflakeWarehouse := sql.NullString{}
 		isDefault := false
 		createdAt := time.Time{}
 		updatedAt := time.Time{}
@@ -198,6 +237,11 @@ func (s Server) getConnections(ctx context.Context) ([]*proto.Connection, error)
 			&connection.ConnectionName,
 			&bigqueryProjectId,
 			&cloudStorageBucket,
+			&connection.ConnectionType,
+			&snowflakeAccountID,
+			&snowflakeUsername,
+			&snowflakePassword,
+			&snowflakeWarehouse,
 			&isDefault,
 			&createdAt,
 			&updatedAt,
@@ -221,6 +265,10 @@ func (s Server) getConnections(ctx context.Context) ([]*proto.Connection, error)
 		connection.Id = ID.String
 		connection.BigqueryProjectId = bigqueryProjectId.String
 		connection.CloudStorageBucket = cloudStorageBucket.String
+		connection.SnowflakeAccountId = snowflakeAccountID.String
+		connection.SnowflakeUsername = snowflakeUsername.String
+		connection.SnowflakeWarehouse = snowflakeWarehouse.String
+		connection.SnowflakePassword = secrets.EncryptedToClient(snowflakePassword.String)
 		connection.UpdatedAt = updatedAt.Unix()
 		connection.CreatedAt = createdAt.Unix()
 		if connection.CloudStorageBucket != "" {
@@ -289,18 +337,53 @@ func (s Server) UpdateConnection(ctx context.Context, req *proto.UpdateConnectio
 		return nil, err
 	}
 
-	res, err := s.db.ExecContext(ctx,
-		`update connections set
+	_, err = uuid.Parse(req.Connection.Id)
+	if err != nil {
+		return nil, status.Error(codes.InvalidArgument, "invalid connection id")
+	}
+
+	var res sql.Result
+
+	if req.Connection.ConnectionType == proto.Connection_CONNECTION_TYPE_SNOWFLAKE {
+		res, err = s.db.ExecContext(ctx,
+			`update connections set
+				connection_name=$1,
+				snowflake_account_id=$2,
+				snowflake_username=$3,
+				snowflake_warehouse=$4,
+				updated_at=now()
+			where id=$5`,
+			req.Connection.ConnectionName,
+			req.Connection.SnowflakeAccountId,
+			req.Connection.SnowflakeUsername,
+			req.Connection.SnowflakeWarehouse,
+			req.Connection.Id,
+		)
+		// update password if it is provided
+		snowflakePassword := secrets.SecretToServerEncrypted(req.Connection.SnowflakePassword, claims)
+		if snowflakePassword != "" && err == nil {
+			res, err = s.db.ExecContext(ctx,
+				`update connections set
+				snowflake_password_encrypted=$1
+			where id=$2`,
+				snowflakePassword,
+				req.Connection.Id,
+			)
+		}
+	} else {
+		res, err = s.db.ExecContext(ctx,
+			`update connections set
 			connection_name=$1,
 			bigquery_project_id=$2,
 			cloud_storage_bucket=$3,
 			updated_at=now()
 		where id=$4`,
-		req.Connection.ConnectionName,
-		req.Connection.BigqueryProjectId,
-		req.Connection.CloudStorageBucket,
-		req.Connection.Id,
-	)
+			req.Connection.ConnectionName,
+			req.Connection.BigqueryProjectId,
+			req.Connection.CloudStorageBucket,
+			req.Connection.Id,
+		)
+	}
 	if err != nil {
 		log.Err(err).Send()
 		return nil, err
@@ -357,7 +440,7 @@ func (s Server) ArchiveConnection(ctx context.Context, req *proto.ArchiveConnect
 		`update connections set
 			archived=true,
 			updated_at=now()
-		where id=$1 and author_email=$2`,
+		where id=$1`,
 		req.ConnectionId,
 		claims.Email,
 	)
@@ -441,8 +524,17 @@ func validateReqConnection(con *proto.Connection) error {
 	if con.ConnectionName == "" {
 		return status.Error(codes.InvalidArgument, "connection_name is required")
 	}
-	if con.BigqueryProjectId == "" {
-		return status.Error(codes.InvalidArgument, "bigquery_project_id is required")
+	if con.ConnectionType == proto.Connection_CONNECTION_TYPE_SNOWFLAKE {
+		if con.SnowflakeAccountId == "" {
+			return status.Error(codes.InvalidArgument, "snowflake_account_id is required")
+		}
+		if con.SnowflakeUsername == "" {
+			return status.Error(codes.InvalidArgument, "snowflake_username is required")
+		}
+	} else {
+		if con.BigqueryProjectId == "" {
+			return status.Error(codes.InvalidArgument, "bigquery_project_id is required")
+		}
 	}
 	return nil
 }
@@ -460,11 +552,27 @@ func (s Server) CreateConnection(ctx context.Context, req *proto.CreateConnectio
 	id := newUUID()
 
 	_, err = s.db.ExecContext(ctx,
-		"INSERT INTO connections (id, connection_name, bigquery_project_id, cloud_storage_bucket, author_email) VALUES ($1, $2, $3, $4, $5)",
+		`INSERT INTO connections (
+			id,
+			connection_name,
+			bigquery_project_id,
+			cloud_storage_bucket,
+			connection_type,
+			snowflake_account_id,
+			snowflake_username,
+			snowflake_warehouse,
+			snowflake_password_encrypted,
+			author_email
+		) VALUES ($1, $2, $3, $4, $5, $6, $7, $8, $9, $10)`,
 		id,
 		req.Connection.ConnectionName,
 		req.Connection.BigqueryProjectId,
 		req.Connection.CloudStorageBucket,
+		req.Connection.ConnectionType,
+		req.Connection.SnowflakeAccountId,
+		req.Connection.SnowflakeUsername,
+		req.Connection.SnowflakeWarehouse,
+		secrets.SecretToServerEncrypted(req.Connection.SnowflakePassword, claims),
 		claims.Email,
 	)
 	if err != nil {
diff --git a/src/server/dekart/dataset.go b/src/server/dekart/dataset.go
index 888271b..b6d95c3 100644
--- a/src/server/dekart/dataset.go
+++ b/src/server/dekart/dataset.go
@@ -87,13 +87,13 @@ func (s Server) getDatasets(ctx context.Context, reportID string) ([]*proto.Data
 	return datasets, nil
 }
 
-func (s Server) getReportID(ctx context.Context, datasetID string, email string) (*string, error) {
-	datasetRows, err := s.db.QueryContext(ctx,
-		`select report_id from datasets
-		where id=$1 and report_id in (select report_id from reports where author_email=$2 or allow_edit)
-		limit 1`,
+// getReportID returns by dataset id and checks if user has access to the report
+func (s Server) getReportID(ctx context.Context, datasetID string, canWrite bool) (*string, error) {
+	var datasetRows *sql.Rows
+	var err error
+	datasetRows, err = s.db.QueryContext(ctx,
+		`select report_id from datasets where id=$1`,
 		datasetID,
-		email,
 	)
 	if err != nil {
 		return nil, err
@@ -109,11 +109,8 @@ func (s Server) getReportID(ctx context.Context, datasetID string, email string)
 	if reportID == "" {
 		// check legacy queries
 		queryRows, err := s.db.QueryContext(ctx,
-			`select report_id from queries
-			where id=$1 and report_id in (select report_id from reports where author_email=$2 or allow_edit)
-			limit 1`,
+			`select report_id from queries where id=$1 limit 1`,
 			datasetID,
-			email,
 		)
 		if err != nil {
 			return nil, err
@@ -129,6 +126,17 @@ func (s Server) getReportID(ctx context.Context, datasetID string, email string)
 			return nil, nil
 		}
 	}
+	// check if user has access to the report
+	report, err := s.getReport(ctx, reportID)
+	if err != nil {
+		return nil, err
+	}
+	if report == nil {
+		return nil, nil
+	}
+	if canWrite && !report.CanWrite {
+		return nil, nil
+	}
 	return &reportID, nil
 }
 
@@ -138,7 +146,7 @@ func (s Server) UpdateDatasetName(ctx context.Context, req *proto.UpdateDatasetN
 		return nil, Unauthenticated
 	}
 
-	reportID, err := s.getReportID(ctx, req.DatasetId, claims.Email)
+	reportID, err := s.getReportID(ctx, req.DatasetId, true)
 
 	if err != nil {
 		log.Err(err).Send()
@@ -175,7 +183,7 @@ func (s Server) UpdateDatasetConnection(ctx context.Context, req *proto.UpdateDa
 		return nil, Unauthenticated
 	}
 
-	reportID, err := s.getReportID(ctx, req.DatasetId, claims.Email)
+	reportID, err := s.getReportID(ctx, req.DatasetId, true)
 
 	if err != nil {
 		log.Err(err).Send()
@@ -216,7 +224,7 @@ func (s Server) RemoveDataset(ctx context.Context, req *proto.RemoveDatasetReque
 		return nil, status.Errorf(codes.InvalidArgument, err.Error())
 	}
 
-	reportID, err := s.getReportID(ctx, req.DatasetId, claims.Email)
+	reportID, err := s.getReportID(ctx, req.DatasetId, true)
 
 	if err != nil {
 		log.Err(err).Send()
@@ -354,9 +362,51 @@ func (s Server) getDWJobIDFromResultID(ctx context.Context, resultID string) (st
 // since reading is using connection no auth is needed here
 func (s Server) ServeDatasetSource(w http.ResponseWriter, r *http.Request) {
 	vars := mux.Vars(r)
-	ctx := r.Context()
+	userCtx := r.Context()
+
+	claims := user.GetClaims(userCtx)
+	if claims == nil {
+		http.Error(w, Unauthenticated.Error(), http.StatusUnauthorized)
+		return
+	}
+	_, err := uuid.Parse(vars["dataset"])
+	if err != nil {
+		log.Warn().Err(err).Msg("Invalid dataset id while serving dataset source")
+		http.Error(w, err.Error(), http.StatusBadRequest)
+		return
+	}
+
+	reportID, err := s.getReportID(userCtx, vars["dataset"], false)
+
+	if err != nil {
+		log.Err(err).Send()
+		HttpError(w, err)
+		return
+	}
+
+	if reportID == nil {
+		err := fmt.Errorf("dataset not found id:%s", vars["dataset"])
+		log.Warn().Err(err).Send()
+		http.Error(w, err.Error(), http.StatusNotFound)
+		return
+	}
+
+	report, err := s.getReport(userCtx, *reportID)
+
+	if err != nil {
+		log.Err(err).Send()
+		HttpError(w, err)
+		return
+	}
+
+	if report == nil {
+		err := fmt.Errorf("report not found id:%s", *reportID)
+		log.Warn().Err(err).Send()
+		http.Error(w, err.Error(), http.StatusNotFound)
+		return
+	}
 
-	connection, err := s.getConnectionFromDatasetID(ctx, vars["dataset"])
+	connection, err := s.getConnectionFromDatasetID(userCtx, vars["dataset"])
 
 	if err != nil {
 		HttpError(w, err)
@@ -372,8 +422,8 @@ func (s Server) ServeDatasetSource(w http.ResponseWriter, r *http.Request) {
 
 	bucketName := s.getBucketNameFromConnection(connection)
 
-	conCtx := conn.GetCtx(ctx, connection)
-	dwJobID, err := s.getDWJobIDFromResultID(ctx, vars["source"])
+	userConCtx := conn.GetCtx(userCtx, connection)
+	dwJobID, err := s.getDWJobIDFromResultID(userCtx, vars["source"])
 	if err != nil {
 		log.Error().Err(err).Msg("Error getting dw job id")
 		HttpError(w, err)
@@ -384,18 +434,20 @@ func (s Server) ServeDatasetSource(w http.ResponseWriter, r *http.Request) {
 
 	if dwJobID != "" {
 		// temp data warehouse table is used as source
-		obj = s.storage.GetObject(conCtx, bucketName, dwJobID)
+		log.Debug().Str("source", vars["source"]).Msg("Serving dataset source from temporary storage")
+		obj = s.storage.GetObject(userConCtx, bucketName, dwJobID)
 	} else {
 		// file stored on the bucket is used as source
-		obj = s.storage.GetObject(conCtx, bucketName, fmt.Sprintf("%s.%s", vars["source"], vars["extension"]))
+		log.Debug().Str("source", vars["source"]).Msg("Serving dataset source from user storage")
+		obj = s.storage.GetObject(userConCtx, bucketName, fmt.Sprintf("%s.%s", vars["source"], vars["extension"]))
 	}
 
-	created, err := obj.GetCreatedAt(ctx)
+	created, err := obj.GetCreatedAt(userCtx)
 	if err != nil {
 		storageError(w, err)
 		return
 	}
-	objectReader, err := obj.GetReader(ctx)
+	objectReader, err := obj.GetReader(userCtx)
 	if err != nil {
 		storageError(w, err)
 		return
diff --git a/src/server/dekart/error.go b/src/server/dekart/error.go
index 0c8bb38..501b501 100644
--- a/src/server/dekart/error.go
+++ b/src/server/dekart/error.go
@@ -1,7 +1,10 @@
 package dekart
 
 import (
+	"fmt"
 	"net/http"
+	"regexp"
+	"runtime"
 
 	"github.com/rs/zerolog/log"
 	"google.golang.org/api/googleapi"
@@ -17,6 +20,24 @@ func HttpError(w http.ResponseWriter, err error) {
 		http.Error(w, googleErr.Message, googleErr.Code)
 		return
 	}
-	log.Err(err).Interface("details", err).Msg("Unknown API Error")
+
+	// Handle specific RPC error format for PermissionDenied using regex
+	re := regexp.MustCompile(`rpc error: code = PermissionDenied desc = (.*)`)
+	matches := re.FindStringSubmatch(err.Error())
+	if len(matches) > 1 {
+		log.Warn().Err(err).Msg("Permission Denied Error")
+		desc := matches[1]
+		http.Error(w, "Permission Denied: "+desc, http.StatusForbidden)
+		return
+	}
+
+	// Capture the caller information
+	pc, file, line, ok := runtime.Caller(1)
+	caller := ""
+	if ok {
+		fn := runtime.FuncForPC(pc)
+		caller = fmt.Sprintf("called from %s:%d %s", file, line, fn.Name())
+	}
+	log.Err(err).Interface("details", err).Str("caller", caller).Msg("Unknown API Error")
 	http.Error(w, err.Error(), http.StatusInternalServerError)
 }
diff --git a/src/server/dekart/file.go b/src/server/dekart/file.go
index 98de731..bfa10f3 100644
--- a/src/server/dekart/file.go
+++ b/src/server/dekart/file.go
@@ -20,33 +20,31 @@ import (
 	"google.golang.org/grpc/status"
 )
 
-func (s Server) getFileReports(ctx context.Context, fileId string, claims *user.Claims) ([]string, error) {
+func (s Server) getFileReports(ctx context.Context, fileId string) (*string, error) {
 	fileRows, err := s.db.QueryContext(ctx,
 		`select
 			reports.id
 		from files
 			left join datasets on files.id = datasets.file_id
 			left join reports on datasets.report_id = reports.id
-		where files.id = $1 and (author_email = $2 or allow_edit)`,
+		where files.id = $1`,
 		fileId,
-		claims.Email,
 	)
 	if err != nil {
 		return nil, err
 	}
 	defer fileRows.Close()
-	reportIds := make([]string, 0)
 	for fileRows.Next() {
 		var reportId string
 		if err = fileRows.Scan(&reportId); err != nil {
 			return nil, err
 		}
-		reportIds = append(reportIds, reportId)
+		return &reportId, nil
 	}
-	return reportIds, nil
+	return nil, nil
 }
 
-func (s Server) setUploadError(reportIDs []string, fileSourceID string, err error) {
+func (s Server) setUploadError(reportID string, fileSourceID string, err error) {
 	ctx, cancel := context.WithTimeout(context.Background(), 10*time.Second)
 	defer cancel()
 	_, err = s.db.ExecContext(
@@ -59,7 +57,7 @@ func (s Server) setUploadError(reportIDs []string, fileSourceID string, err erro
 		log.Err(err).Send()
 		return
 	}
-	s.reportStreams.PingAll(reportIDs)
+	s.reportStreams.Ping(reportID)
 }
 
 func getFileExtension(mimeType string) string {
@@ -73,36 +71,36 @@ func getFileExtension(mimeType string) string {
 	}
 }
 
-func (s Server) moveFileToStorage(reqCtx context.Context, fileSourceID string, fileExtension string, file multipart.File, reportIDs []string, bucketName string) {
+func (s Server) moveFileToStorage(reqConCtx context.Context, fileSourceID string, fileExtension string, file multipart.File, report *proto.Report, bucketName string) {
 	defer file.Close()
-	ctx, cancel := context.WithTimeout(user.CopyClaims(reqCtx, context.Background()), 10*time.Minute)
+	userCtx, cancel := context.WithTimeout(user.CopyUserContext(reqConCtx, context.Background()), 10*time.Minute)
 	defer cancel()
-
-	// reqCtx is used because it has connection information, ctx does not have it
-	storageWriter := s.storage.GetObject(reqCtx, bucketName, fmt.Sprintf("%s.%s", fileSourceID, fileExtension)).GetWriter(ctx)
+	var storageWriter io.WriteCloser
+	// reqConCtx is used because it has connection information, userCtx does not have it
+	storageWriter = s.storage.GetObject(reqConCtx, bucketName, fmt.Sprintf("%s.%s", fileSourceID, fileExtension)).GetWriter(userCtx)
 	_, err := io.Copy(storageWriter, file)
 	if err != nil {
 		log.Err(err).Send()
-		s.setUploadError(reportIDs, fileSourceID, err)
+		s.setUploadError(report.Id, fileSourceID, err)
 		return
 	}
 
 	err = storageWriter.Close()
 	if err != nil {
 		log.Err(err).Send()
-		s.setUploadError(reportIDs, fileSourceID, err)
+		s.setUploadError(report.Id, fileSourceID, err)
 	}
 	log.Debug().Msgf("file %s.csv moved to storage", fileSourceID)
-	_, err = s.db.ExecContext(ctx,
+	_, err = s.db.ExecContext(userCtx,
 		`update files set file_status=3, updated_at=now() where file_source_id=$1`,
 		fileSourceID,
 	)
 	if err != nil {
 		log.Err(err).Send()
-		s.setUploadError(reportIDs, fileSourceID, err)
+		s.setUploadError(report.Id, fileSourceID, err)
 		return
 	}
-	s.reportStreams.PingAll(reportIDs)
+	s.reportStreams.Ping(report.Id)
 }
 
 func (s Server) UploadFile(w http.ResponseWriter, r *http.Request) {
@@ -118,16 +116,30 @@ func (s Server) UploadFile(w http.ResponseWriter, r *http.Request) {
 		http.Error(w, "Unauthorized", http.StatusUnauthorized)
 		return
 	}
-	reportIds, err := s.getFileReports(ctx, fileId, claims)
+	reportId, err := s.getFileReports(ctx, fileId)
 
 	if err != nil {
 		log.Err(err).Send()
 		http.Error(w, err.Error(), http.StatusInternalServerError)
 	}
 
-	if len(reportIds) == 0 {
-		err = fmt.Errorf("file not found or permission not granted")
+	if reportId == nil {
+		err := fmt.Errorf("file not found")
+		log.Warn().Err(err).Send()
+		http.Error(w, err.Error(), http.StatusNotFound)
+		return
+	}
+
+	report, err := s.getReport(ctx, *reportId)
+	if err != nil {
 		log.Err(err).Send()
+		http.Error(w, err.Error(), http.StatusInternalServerError)
+		return
+	}
+
+	if report == nil || !report.CanWrite {
+		err := fmt.Errorf("report not found or permission not granted")
+		log.Warn().Err(err).Send()
 		http.Error(w, err.Error(), http.StatusNotFound)
 		return
 	}
@@ -182,8 +194,8 @@ func (s Server) UploadFile(w http.ResponseWriter, r *http.Request) {
 		return
 	}
 	conCtx := conn.GetCtx(ctx, connection)
-	go s.moveFileToStorage(conCtx, fileSourceID, fileExtension, file, reportIds, bucketName)
-	s.reportStreams.PingAll(reportIds)
+	go s.moveFileToStorage(conCtx, fileSourceID, fileExtension, file, report, bucketName)
+	s.reportStreams.Ping(*reportId)
 
 }
 
@@ -193,7 +205,7 @@ func (s Server) CreateFile(ctx context.Context, req *proto.CreateFileRequest) (*
 		return nil, Unauthenticated
 	}
 
-	reportID, err := s.getReportID(ctx, req.DatasetId, claims.Email)
+	reportID, err := s.getReportID(ctx, req.DatasetId, true)
 
 	if err != nil {
 		log.Err(err).Send()
diff --git a/src/server/dekart/query.go b/src/server/dekart/query.go
index fba59b5..635f0bb 100644
--- a/src/server/dekart/query.go
+++ b/src/server/dekart/query.go
@@ -7,6 +7,7 @@ import (
 
 	"dekart/src/proto"
 	"dekart/src/server/conn"
+	"dekart/src/server/storage"
 	"dekart/src/server/user"
 
 	"github.com/google/uuid"
@@ -22,7 +23,7 @@ func (s Server) CreateQuery(ctx context.Context, req *proto.CreateQueryRequest)
 		return nil, Unauthenticated
 	}
 
-	reportID, err := s.getReportID(ctx, req.DatasetId, claims.Email)
+	reportID, err := s.getReportID(ctx, req.DatasetId, true)
 
 	if err != nil {
 		log.Err(err).Send()
@@ -35,20 +36,18 @@ func (s Server) CreateQuery(ctx context.Context, req *proto.CreateQueryRequest)
 		return nil, status.Error(codes.NotFound, err.Error())
 	}
 
-	connection, err := s.getConnectionFromDatasetID(ctx, req.DatasetId)
-
-	conCtx := conn.GetCtx(ctx, connection)
-
-	bucketName := s.getBucketNameFromConnection(connection)
+	id := newUUID()
 
+	_, err = s.db.ExecContext(ctx,
+		`insert into queries (id, query_text) values ($1, '')`,
+		id,
+	)
 	if err != nil {
 		log.Err(err).Send()
 		return nil, status.Error(codes.Internal, err.Error())
 	}
 
-	id := newUUID()
-
-	err = s.storeQuerySync(conCtx, bucketName, id, "", "")
+	err = s.storeQuerySync(ctx, id, "", "")
 
 	if err != nil {
 		if _, ok := err.(*queryWasNotUpdated); !ok {
@@ -58,15 +57,6 @@ func (s Server) CreateQuery(ctx context.Context, req *proto.CreateQueryRequest)
 		log.Warn().Msg("Query text not updated")
 	}
 
-	_, err = s.db.ExecContext(ctx,
-		`insert into queries (id, query_text) values ($1, '')`,
-		id,
-	)
-	if err != nil {
-		log.Err(err).Send()
-		return nil, status.Error(codes.Internal, err.Error())
-	}
-
 	result, err := s.db.ExecContext(ctx,
 		`update datasets set query_id=$1, updated_at=now() where id=$2 and query_id is null`,
 		id,
@@ -98,9 +88,17 @@ func (s Server) RunAllQueries(ctx context.Context, req *proto.RunAllQueriesReque
 		return nil, Unauthenticated
 	}
 
-	log.Debug().Str("report_id", req.ReportId).Msg("RunAllQueries")
+	report, err := s.getReport(ctx, req.ReportId)
+	if err != nil {
+		log.Err(err).Send()
+		return nil, status.Error(codes.Internal, err.Error())
+	}
+	if !(report.CanWrite || report.Discoverable) {
+		err := fmt.Errorf("permission denied")
+		log.Warn().Err(err).Send()
+		return nil, status.Error(codes.PermissionDenied, err.Error())
+	}
 
-	// get all queries from report
 	queriesRows, err := s.db.QueryContext(ctx,
 		`select
 			queries.id,
@@ -110,9 +108,8 @@ func (s Server) RunAllQueries(ctx context.Context, req *proto.RunAllQueriesReque
 		from queries
 			left join datasets on queries.id = datasets.query_id
 			left join reports on (datasets.report_id = reports.id or queries.report_id = reports.id)
-		where reports.id = $1 and (author_email = $2 or reports.discoverable or reports.allow_edit) and job_status = $3`,
+		where reports.id = $1 and job_status = $2`,
 		req.ReportId,
-		claims.Email,
 		int32(proto.Query_JOB_STATUS_DONE),
 	)
 
@@ -122,7 +119,7 @@ func (s Server) RunAllQueries(ctx context.Context, req *proto.RunAllQueriesReque
 	}
 	defer queriesRows.Close()
 
-	var queries []query
+	var queries []runQueryOptions
 	var querySourceIds []string
 
 	for queriesRows.Next() {
@@ -142,12 +139,12 @@ func (s Server) RunAllQueries(ctx context.Context, req *proto.RunAllQueriesReque
 			return nil, status.Error(codes.Internal, err.Error())
 		}
 		bucketName := s.getBucketNameFromConnection(connection)
-		queries = append(queries, query{
-			reportID:   req.ReportId,
-			queryID:    queryID,
-			connection: connection,
-			bucketName: bucketName,
-			queryText:  queryText,
+		queries = append(queries, runQueryOptions{
+			reportID:       req.ReportId,
+			queryID:        queryID,
+			connection:     connection,
+			userBucketName: bucketName,
+			queryText:      queryText,
 		})
 	}
 
@@ -163,7 +160,7 @@ func (s Server) RunAllQueries(ctx context.Context, req *proto.RunAllQueriesReque
 		go func(i int) {
 			if queries[i].queryText == "" {
 				// for SNOWFLAKE storage queryText is stored in db
-				queryText, err := s.getQueryText(ctx, querySourceIds[i], queries[i].bucketName)
+				queryText, err := s.getQueryText(ctx, querySourceIds[i], queries[i].userBucketName)
 				if err != nil {
 					res <- err
 					return
@@ -190,26 +187,35 @@ func (s Server) RunAllQueries(ctx context.Context, req *proto.RunAllQueriesReque
 	return &proto.RunAllQueriesResponse{}, nil
 }
 
-type query struct {
-	reportID   string
-	queryID    string
-	queryText  string
-	connection *proto.Connection
-	bucketName string
+type runQueryOptions struct {
+	reportID       string
+	queryID        string
+	queryText      string
+	connection     *proto.Connection
+	userBucketName string
+	isPublic       bool // is public report, result should be stored in public storage
 }
 
-func (s Server) runQuery(ctx context.Context, i query) error {
-	job, jobStatus, err := s.jobs.Create(i.reportID, i.queryID, i.queryText, ctx)
-	log.Debug().Str("jobID", job.GetID()).Msg("Job created")
+func (s Server) runQuery(ctx context.Context, o runQueryOptions) error {
+	connCtx := conn.GetCtx(ctx, o.connection)
+	job, jobStatus, err := s.jobs.Create(o.reportID, o.queryID, o.queryText, connCtx)
 	if err != nil {
 		log.Error().Err(err).Send()
 		return err
 	}
-	// Result ID should be same as job ID once available
-	obj := s.storage.GetObject(ctx, i.bucketName, fmt.Sprintf("%s.csv", job.GetID()))
+	log.Debug().Str("jobID", job.GetID()).Msg("Job created")
+	var obj storage.StorageObject
+	if o.isPublic {
+		st := storage.NewPublicStorage()
+		// Result ID should be same as job ID once available
+		obj = st.GetObject(ctx, st.GetDefaultBucketName(), fmt.Sprintf("%s.csv", job.GetID()))
+	} else {
+		// Result ID should be same as job ID once available
+		obj = s.storage.GetObject(connCtx, o.userBucketName, fmt.Sprintf("%s.csv", job.GetID()))
+	}
 	go s.updateJobStatus(job, jobStatus)
 	job.Status() <- int32(proto.Query_JOB_STATUS_PENDING)
-	err = job.Run(obj, i.connection)
+	err = job.Run(obj, o.connection)
 	if err != nil {
 		return err
 	}
@@ -223,6 +229,7 @@ func (s Server) RunQuery(ctx context.Context, req *proto.RunQueryRequest) (*prot
 		return nil, Unauthenticated
 	}
 	log.Debug().Str("query_id", req.QueryId).Int("QueryTextLen", len(req.QueryText)).Msg("RunQuery")
+
 	queriesRows, err := s.db.QueryContext(ctx,
 		`select
 			reports.id,
@@ -231,12 +238,10 @@ func (s Server) RunQuery(ctx context.Context, req *proto.RunQueryRequest) (*prot
 		from queries
 			left join datasets on queries.id = datasets.query_id
 			left join reports on (datasets.report_id = reports.id or queries.report_id = reports.id)
-		where queries.id = $1 and (author_email = $2 or reports.allow_edit)
+		where queries.id = $1
 		limit 1`,
 		req.QueryId,
-		claims.Email,
 	)
-
 	if err != nil {
 		log.Err(err).Send()
 		return nil, status.Error(codes.Internal, err.Error())
@@ -259,18 +264,33 @@ func (s Server) RunQuery(ctx context.Context, req *proto.RunQueryRequest) (*prot
 		return nil, status.Error(codes.NotFound, err.Error())
 	}
 
-	connection, err := s.getConnection(ctx, connectionID.String)
+	report, err := s.getReport(ctx, reportID)
 
-	conCtx := conn.GetCtx(ctx, connection)
+	if err != nil {
+		log.Err(err).Send()
+		return nil, status.Error(codes.Internal, err.Error())
+	}
 
-	bucketName := s.getBucketNameFromConnection(connection)
+	if report == nil {
+		err := fmt.Errorf("report not found id:%s", reportID)
+		log.Warn().Err(err).Send()
+		return nil, status.Error(codes.NotFound, err.Error())
+	}
+
+	if !report.CanWrite {
+		err := fmt.Errorf("permission denied")
+		log.Warn().Err(err).Send()
+		return nil, status.Error(codes.PermissionDenied, err.Error())
+	}
+
+	connection, err := s.getConnection(ctx, connectionID.String)
 
 	if err != nil {
 		log.Err(err).Send()
 		return nil, status.Error(codes.Internal, err.Error())
 	}
 
-	err = s.storeQuerySync(conCtx, bucketName, req.QueryId, req.QueryText, prevQuerySourceId)
+	err = s.storeQuerySync(ctx, req.QueryId, req.QueryText, prevQuerySourceId)
 
 	if err != nil {
 		code := codes.Internal
@@ -283,12 +303,12 @@ func (s Server) RunQuery(ctx context.Context, req *proto.RunQueryRequest) (*prot
 		return nil, status.Error(code, err.Error())
 	}
 
-	err = s.runQuery(conCtx, query{
-		reportID:   reportID,
-		queryID:    req.QueryId,
-		queryText:  req.QueryText,
-		connection: connection,
-		bucketName: bucketName,
+	err = s.runQuery(ctx, runQueryOptions{
+		reportID:       reportID,
+		queryID:        req.QueryId,
+		queryText:      req.QueryText,
+		connection:     connection,
+		userBucketName: s.getBucketNameFromConnection(connection),
 	})
 
 	if err != nil {
diff --git a/src/server/dekart/querysource.go b/src/server/dekart/querysource.go
index 9dd8b31..a47e2e7 100644
--- a/src/server/dekart/querysource.go
+++ b/src/server/dekart/querysource.go
@@ -3,7 +3,6 @@ package dekart
 import (
 	"context"
 	"crypto/sha1"
-	"database/sql"
 	"dekart/src/proto"
 	"dekart/src/server/conn"
 	"dekart/src/server/user"
@@ -69,46 +68,20 @@ func (e *queryWasNotUpdated) Error() string {
 	return "query was not updated"
 }
 
-func (s Server) storeQuerySync(ctx context.Context, bucketName, queryID string, queryText string, prevQuerySourceId string) error {
+func (s Server) storeQuerySync(ctx context.Context, queryID string, queryText string, prevQuerySourceId string) error {
 	h := sha1.New()
 	queryTextByte := []byte(queryText)
 	h.Write(queryTextByte)
 	newQuerySourceId := fmt.Sprintf("%x", h.Sum(nil))
-	var result sql.Result
-	var err error
-	if s.storage.CanSaveQuery(ctx, bucketName) {
-		log.Debug().Str("bucketName", bucketName).Msg("Storing query text in storage")
-		storageWriter := s.storage.GetObject(ctx, bucketName, fmt.Sprintf("%s.sql", newQuerySourceId)).GetWriter(ctx)
-		_, err = storageWriter.Write(queryTextByte)
-		if err != nil {
-			log.Err(err).Msg("Error writing query_text to storage")
-			storageWriter.Close()
-			return err
-		}
-		err = storageWriter.Close()
-		if err != nil {
-			log.Err(err).Str("bucketName", bucketName).Msg("Error writing query_text to storage")
-			return err
-		}
-
-		result, err = s.db.ExecContext(ctx,
-			`update queries set query_source_id=$1, query_source=$2, updated_at=now() where id=$3 and query_source_id=$4`,
-			newQuerySourceId,
-			proto.Query_QUERY_SOURCE_STORAGE,
-			queryID,
-			prevQuerySourceId,
-		)
-	} else {
-		log.Debug().Msg("Storing query text in database")
-		result, err = s.db.ExecContext(ctx,
-			`update queries set query_text=$1, query_source_id=$2, query_source=$3, updated_at=now() where id=$4 and query_source_id=$5`,
-			queryText,
-			newQuerySourceId,
-			proto.Query_QUERY_SOURCE_INLINE,
-			queryID,
-			prevQuerySourceId,
-		)
-	}
+	// now we always store the query text in the database
+	result, err := s.db.ExecContext(ctx,
+		`update queries set query_text=$1, query_source_id=$2, query_source=$3, updated_at=now() where id=$4 and query_source_id=$5`,
+		queryText,
+		newQuerySourceId,
+		proto.Query_QUERY_SOURCE_INLINE,
+		queryID,
+		prevQuerySourceId,
+	)
 	if err != nil {
 		return err
 	}
@@ -122,18 +95,8 @@ func (s Server) storeQuerySync(ctx context.Context, bucketName, queryID string,
 func (s Server) storeQuery(userCtx context.Context, reportID string, queryID string, queryText string, prevQuerySourceId string) {
 	ctx, cancel := context.WithTimeout(user.CopyClaims(userCtx, context.Background()), time.Second*5)
 	defer cancel()
-	connection, err := s.getConnectionFromQueryID(ctx, queryID)
-
-	conCtx := conn.GetCtx(ctx, connection)
-
-	if err != nil {
-		log.Err(err).Msg("Error getting connection from query id")
-		return
-	}
-
-	bucketName := s.getBucketNameFromConnection(connection)
 
-	err = s.storeQuerySync(conCtx, bucketName, queryID, queryText, prevQuerySourceId)
+	err := s.storeQuerySync(ctx, queryID, queryText, prevQuerySourceId)
 	if _, ok := err.(*queryWasNotUpdated); ok {
 		log.Warn().Msg("Query text not updated")
 		return
@@ -145,6 +108,7 @@ func (s Server) storeQuery(userCtx context.Context, reportID string, queryID str
 	s.reportStreams.Ping(reportID)
 }
 
+// legacy for query source stored in the storage
 func (s Server) getQueryText(ctx context.Context, querySourceId string, bucketName string) (string, error) {
 	if querySourceId == "" {
 		return "", nil
diff --git a/src/server/dekart/report.go b/src/server/dekart/report.go
index 2a4bf3f..2f2e9e5 100644
--- a/src/server/dekart/report.go
+++ b/src/server/dekart/report.go
@@ -4,6 +4,7 @@ import (
 	"context"
 	"database/sql"
 	"dekart/src/proto"
+	"dekart/src/server/conn"
 	"dekart/src/server/user"
 	"fmt"
 	"strings"
@@ -23,6 +24,7 @@ func newUUID() string {
 	return u.String()
 }
 
+// getReport returns report by id, checks if user has access to it
 func (s Server) getReport(ctx context.Context, reportID string) (*proto.Report, error) {
 	claims := user.GetClaims(ctx)
 	if claims == nil {
@@ -40,8 +42,28 @@ func (s Server) getReport(ctx context.Context, reportID string) (*proto.Report,
 			discoverable,
 			allow_edit,
 			created_at,
-			updated_at
-		from reports where id=$1 and not archived limit 1`,
+			updated_at,
+			(
+				select count(*) from connections as c
+				join datasets as d on c.id=d.connection_id
+				where d.report_id=$1 and cloud_storage_bucket is not null and (
+					cloud_storage_bucket != ''
+					or connection_type > 1 -- snowflake allows sharing without bucket
+				)
+			) as connections_with_cache_num,
+			(
+				select count(*) from connections as c
+				join datasets as d on c.id=d.connection_id
+				where d.report_id=$1
+			) as connections_num,
+			(
+				select count(*) from connections as c
+				join datasets as d on c.id=d.connection_id
+				where d.report_id=$1 and  connection_type <= 1 -- BigQuery
+			) as connections_with_sensitive_scope_num
+		from reports as r
+		where id=$1 and not archived
+		limit 1`,
 		reportID,
 		claims.Email,
 	)
@@ -55,6 +77,7 @@ func (s Server) getReport(ctx context.Context, reportID string) (*proto.Report,
 	for reportRows.Next() {
 		createdAt := time.Time{}
 		updatedAt := time.Time{}
+		var connectionsWithCacheNum, connectionsNum, connectionsWithSensitiveScopeNum int
 		err = reportRows.Scan(
 			&report.Id,
 			&report.MapConfig,
@@ -66,15 +89,27 @@ func (s Server) getReport(ctx context.Context, reportID string) (*proto.Report,
 			&report.AllowEdit,
 			&createdAt,
 			&updatedAt,
+			&connectionsWithCacheNum,
+			&connectionsNum,
+			&connectionsWithSensitiveScopeNum,
 		)
 		if err != nil {
 			log.Err(err).Send()
 			return nil, err
 		}
+
+		report.IsSharable = (connectionsNum > 0 && connectionsWithCacheNum == connectionsNum) || // all connections have cache, then report is sharable
+			!conn.IsUserDefined() || // non-user defined connections are always sharable
+			claims.Email == user.UnknownEmail // when no auth, report is available for all
+
+		report.NeedSensitiveScope = connectionsWithSensitiveScopeNum > 0
+		report.Discoverable = report.Discoverable && report.IsSharable // only sharable reports can be discoverable
+
 		report.CreatedAt = createdAt.Unix()
 		report.UpdatedAt = updatedAt.Unix()
 	}
-	if report.Id == "" {
+	if report.Id == "" || // no report found
+		(!report.Discoverable && !report.IsAuthor) { // report is not discoverable by others in workspace
 		return nil, nil // not found
 	}
 	return report, nil
@@ -236,13 +271,12 @@ func (s Server) ForkReport(ctx context.Context, req *proto.ForkReportRequest) (*
 	if claims == nil {
 		return nil, Unauthenticated
 	}
-
 	_, err := uuid.Parse(req.ReportId)
 	if err != nil {
 		return nil, status.Errorf(codes.InvalidArgument, err.Error())
 	}
 
-	reportID := newUUID()
+	newReportID := newUUID()
 
 	report, err := s.getReport(ctx, req.ReportId)
 	if err != nil {
@@ -250,11 +284,11 @@ func (s Server) ForkReport(ctx context.Context, req *proto.ForkReportRequest) (*
 		return nil, err
 	}
 	if report == nil {
-		err := fmt.Errorf("report %s not found", reportID)
+		err := fmt.Errorf("report %s not found", newReportID)
 		log.Warn().Err(err).Send()
 		return nil, status.Errorf(codes.NotFound, err.Error())
 	}
-	report.Id = reportID
+	report.Id = newReportID
 	report.Title = fmt.Sprintf("Fork of %s", report.Title)
 
 	datasets, err := s.getDatasets(ctx, req.ReportId)
@@ -270,7 +304,7 @@ func (s Server) ForkReport(ctx context.Context, req *proto.ForkReportRequest) (*
 	}
 
 	return &proto.ForkReportResponse{
-		ReportId: reportID,
+		ReportId: newReportID,
 	}, nil
 }
 
@@ -331,6 +365,21 @@ func (s Server) SetDiscoverable(ctx context.Context, req *proto.SetDiscoverableR
 	if err != nil {
 		return nil, status.Errorf(codes.InvalidArgument, err.Error())
 	}
+	report, err := s.getReport(ctx, req.ReportId)
+	if err != nil {
+		log.Err(err).Send()
+		return nil, status.Error(codes.Internal, err.Error())
+	}
+	if report == nil {
+		err := fmt.Errorf("report not found id:%s", req.ReportId)
+		log.Warn().Err(err).Send()
+		return nil, status.Error(codes.NotFound, err.Error())
+	}
+	if !report.IsAuthor {
+		err := fmt.Errorf("cannot set discoverable for report %s", req.ReportId)
+		log.Warn().Err(err).Send()
+		return nil, status.Error(codes.PermissionDenied, "Cannot set discoverable")
+	}
 	res, err := s.db.ExecContext(ctx,
 		`update reports set discoverable=$1, allow_edit=$2 where id=$3 and author_email=$4`, // only author can change discoverable and allow_edit
 		req.Discoverable,
diff --git a/src/server/dekart/server.go b/src/server/dekart/server.go
index cada62d..3d7bc71 100644
--- a/src/server/dekart/server.go
+++ b/src/server/dekart/server.go
@@ -4,8 +4,10 @@ import (
 	"context"
 	"database/sql"
 	"dekart/src/proto"
+	"dekart/src/server/conn"
 	"dekart/src/server/job"
 	"dekart/src/server/report"
+	"dekart/src/server/secrets"
 	"dekart/src/server/storage"
 	"dekart/src/server/user"
 	"encoding/json"
@@ -32,7 +34,6 @@ type Server struct {
 var Unauthenticated error = status.Error(codes.Unauthenticated, "UNAUTHENTICATED")
 
 // NewServer returns new Dekart Server
-// func NewServer(db *sql.DB, bucket *storage.BucketHandle, jobs *job.Store) *Server {
 func NewServer(db *sql.DB, storageBucket storage.Storage, jobs job.Store) *Server {
 	server := Server{
 		db:            db,
@@ -131,6 +132,16 @@ func (s Server) GetEnv(ctx context.Context, req *proto.GetEnvRequest) (*proto.Ge
 		if homePageUrl == "" {
 			homePageUrl = "https://dekart.xyz/cloud/"
 		}
+		var authEnabled string
+		if claims.Email != user.UnknownEmail {
+			authEnabled = "1"
+		}
+
+		var userDefinedConnection string
+		if conn.IsUserDefined() {
+			userDefinedConnection = "1"
+		}
+
 		variables = []*proto.GetEnvResponse_Variable{
 			{
 				Type:  proto.GetEnvResponse_Variable_TYPE_MAPBOX_TOKEN,
@@ -192,6 +203,22 @@ func (s Server) GetEnv(ctx context.Context, req *proto.GetEnvRequest) (*proto.Ge
 				Type:  proto.GetEnvResponse_Variable_TYPE_CLOUD_STORAGE_BUCKET,
 				Value: defaultString(os.Getenv("DEKART_CLOUD_STORAGE_BUCKET"), ""),
 			},
+			{
+				Type:  proto.GetEnvResponse_Variable_TYPE_AES_KEY,
+				Value: secrets.GetClientKeyBase64(*claims),
+			},
+			{
+				Type:  proto.GetEnvResponse_Variable_TYPE_AES_IV,
+				Value: secrets.GetClientIVBase64(*claims),
+			},
+			{
+				Type:  proto.GetEnvResponse_Variable_TYPE_AUTH_ENABLED,
+				Value: authEnabled,
+			},
+			{
+				Type:  proto.GetEnvResponse_Variable_TYPE_USER_DEFINED_CONNECTION,
+				Value: userDefinedConnection,
+			},
 		}
 
 	}
diff --git a/src/server/dekart/stream.go b/src/server/dekart/stream.go
index 87b3c6e..0f37e49 100644
--- a/src/server/dekart/stream.go
+++ b/src/server/dekart/stream.go
@@ -2,6 +2,7 @@ package dekart
 
 import (
 	"context"
+	"database/sql"
 	"dekart/src/proto"
 	"dekart/src/server/report"
 	"dekart/src/server/user"
@@ -127,21 +128,24 @@ func (s Server) GetReportStream(req *proto.ReportStreamRequest, srv proto.Dekart
 
 func (s Server) sendReportList(ctx context.Context, srv proto.Dekart_GetReportListStreamServer, sequence int64) error {
 	claims := user.GetClaims(ctx)
-	reportRows, err := s.db.QueryContext(ctx,
+
+	var err error
+	var reportRows *sql.Rows
+	reportRows, err = s.db.QueryContext(ctx,
 		`select
-			id,
-			case when title is null then 'Untitled' else title end as title,
-			archived,
-			(author_email = $1) or allow_edit as can_write,
-			author_email = $1 as is_author,
-			author_email,
-			discoverable,
-			allow_edit,
-			updated_at,
-			created_at
-		from reports
-		where author_email=$1 or (discoverable=true and archived=false) or allow_edit=true
-		order by updated_at desc`,
+				id,
+				case when title is null then 'Untitled' else title end as title,
+				archived,
+				(author_email = $1) or allow_edit as can_write,
+				author_email = $1 as is_author,
+				author_email,
+				discoverable,
+				allow_edit,
+				updated_at,
+				created_at
+			from reports as r
+			where (author_email=$1 or (discoverable=true and archived=false) or allow_edit=true)
+			order by updated_at desc`,
 		claims.Email,
 	)
 	if err != nil {
@@ -187,41 +191,23 @@ func (s Server) sendReportList(ctx context.Context, srv proto.Dekart_GetReportLi
 	return nil
 }
 
-func (s Server) sendUserStreamResponse(ctx context.Context, srv proto.Dekart_GetUserStreamServer, sequence int64) error {
-	claims := user.GetClaims(srv.Context())
-	connectionUpdate, err := s.getLastConnectionUpdate(ctx)
-	if err != nil {
-		log.Err(err).Send()
-		return status.Errorf(codes.Internal, err.Error())
-	}
+func (s Server) sendUserStreamResponse(incomingCtx context.Context, srv proto.Dekart_GetUserStreamServer, sequence int64) error {
+	ctx := incomingCtx
+	claims := user.GetClaims(ctx)
 
-	// query from db user scopes
-	res, err := s.db.QueryContext(ctx,
-		`select sensitive_scope from users where email=$1`,
-		claims.Email,
-	)
+	// connection update
+	connectionUpdate, err := s.getLastConnectionUpdate(ctx)
 	if err != nil {
 		log.Err(err).Send()
 		return status.Errorf(codes.Internal, err.Error())
 	}
-	defer res.Close()
-	sensitiveScopesGranted := ""
-	for res.Next() {
-		err = res.Scan(&sensitiveScopesGranted)
-		if err != nil {
-			log.Err(err).Send()
-			return status.Errorf(codes.Internal, err.Error())
-		}
-	}
 
 	response := proto.GetUserStreamResponse{
 		StreamOptions: &proto.StreamOptions{
 			Sequence: sequence,
 		},
-		ConnectionUpdate:           connectionUpdate,
-		Email:                      claims.Email,
-		SensitiveScopesGranted:     claims.SensitiveScopesGranted,                      // current token scopes
-		SensitiveScopesGrantedOnce: user.HasAllSensitiveScopes(sensitiveScopesGranted), // granted before to app
+		ConnectionUpdate: connectionUpdate,
+		Email:            claims.Email,
 	}
 
 	err = srv.Send(&response)
diff --git a/src/server/main.go b/src/server/main.go
index 9b27fb7..e1de3ae 100644
--- a/src/server/main.go
+++ b/src/server/main.go
@@ -18,8 +18,10 @@ import (
 	"dekart/src/server/dekart"
 	"dekart/src/server/job"
 	"dekart/src/server/pgjob"
+	"dekart/src/server/secrets"
 	"dekart/src/server/snowflakejob"
 	"dekart/src/server/storage"
+	"dekart/src/server/userjob"
 
 	"github.com/golang-migrate/migrate/v4"
 	"github.com/golang-migrate/migrate/v4/database/postgres"
@@ -119,6 +121,9 @@ func configureBucket() storage.Storage {
 func configureJobStore(bucket storage.Storage) job.Store {
 	var jobStore job.Store
 	switch os.Getenv("DEKART_DATASOURCE") {
+	case "USER":
+		log.Info().Msg("Using USER defined job store backend")
+		jobStore = userjob.NewStore()
 	case "SNOWFLAKE":
 		log.Info().Msg("Using Snowflake Datasource backend")
 		jobStore = snowflakejob.NewStore()
@@ -159,6 +164,8 @@ func waitForInterrupt() chan os.Signal {
 func main() {
 	configureLogger()
 
+	secrets.Init()
+
 	db := configureDb()
 	defer db.Close()
 
diff --git a/src/server/secrets/secrets.go b/src/server/secrets/secrets.go
new file mode 100644
index 0000000..11d2751
--- /dev/null
+++ b/src/server/secrets/secrets.go
@@ -0,0 +1,285 @@
+package secrets
+
+import (
+	"context"
+	"crypto/aes"
+	"crypto/cipher"
+	"crypto/rand"
+	"crypto/sha256"
+	"dekart/src/proto"
+	"dekart/src/server/user"
+	"encoding/base64"
+	"fmt"
+	"io"
+	"os"
+	"strings"
+	"time"
+
+	secretsmanager "cloud.google.com/go/secretmanager/apiv1"
+
+	"cloud.google.com/go/secretmanager/apiv1/secretmanagerpb"
+	"github.com/rs/zerolog/log"
+)
+
+// dataEncryptionKey is used to encrypt user sensitive data in database
+var dataEncryptionKey []byte
+
+func Init() {
+	keyName := os.Getenv("DEKART_DATA_ENCRYPTION_KEY")
+	if keyName != "" {
+		// Fetch data encryption key from Google Secret Manager
+		dataEncryptionKeyStr, err := fetchGoogleSecret(keyName)
+		if err != nil {
+			log.Fatal().Err(err).Msg("Cannot fetch data encryption key")
+		}
+		dataEncryptionKey, err = base64.StdEncoding.DecodeString(dataEncryptionKeyStr)
+		if err != nil {
+			log.Fatal().Err(err).Msg("Cannot decode data encryption key")
+		}
+	}
+	generateClientKeys()
+}
+
+// encrypt encrypts plaintext using dataEncryptionKey and returns a single string
+// that contains both the base64 encoded ciphertext and IV, separated by a divider.
+func ServerEncrypt(plaintext string) (string, error) {
+	// Convert plaintext to bytes
+	plaintextBytes := []byte(plaintext)
+
+	// Generate a new AES cipher using the key
+	block, err := aes.NewCipher(dataEncryptionKey)
+	if err != nil {
+		return "", err
+	}
+
+	// Create a new GCM cipher mode instance
+	gcm, err := cipher.NewGCM(block)
+	if err != nil {
+		return "", err
+	}
+
+	// Generate a random nonce (IV)
+	nonce := make([]byte, gcm.NonceSize())
+	if _, err = io.ReadFull(rand.Reader, nonce); err != nil {
+		return "", err
+	}
+
+	// Encrypt the plaintext
+	ciphertext := gcm.Seal(nil, nonce, plaintextBytes, nil)
+
+	// Concatenate the base64 encoded ciphertext and nonce (IV) with a divider
+	combined := base64.StdEncoding.EncodeToString(ciphertext) + "." + base64.StdEncoding.EncodeToString(nonce)
+
+	return combined, nil
+}
+
+// ClientToServer decrypts secret from client and encrypts it for server
+func ClientToServer(secret *proto.Secret, claims *user.Claims) *proto.Secret {
+	if secret == nil {
+		return nil
+	}
+	if secret.ClientEncrypted == "" {
+		return secret
+	}
+	plaintext := SecretToString(secret, claims)
+	if plaintext == "" {
+		return nil
+	}
+	serverEncrypted, err := ServerEncrypt(plaintext)
+	if err != nil {
+		log.Err(err).Msg("Cannot encrypt secret")
+		return nil
+	}
+	return &proto.Secret{
+		ServerEncrypted: serverEncrypted,
+	}
+}
+
+// EncryptedToClient decrypts secret from server and sends placeholder to client
+func EncryptedToClient(combined string) *proto.Secret {
+	if combined == "" {
+		return nil
+	}
+	plaintext, err := ServerDecrypt(combined)
+	if err != nil {
+		log.Err(err).Msg("Cannot decrypt secret")
+		return nil
+	}
+	return &proto.Secret{
+		Length: int32(len(plaintext)),
+	}
+}
+
+func SecretToServerEncrypted(secret *proto.Secret, claims *user.Claims) string {
+	plaintext := SecretToString(secret, claims)
+	if plaintext == "" {
+		return ""
+	}
+	serverEncrypted, err := ServerEncrypt(plaintext)
+	if err != nil {
+		log.Err(err).Msg("Cannot encrypt secret")
+		return ""
+	}
+	return serverEncrypted
+}
+
+func SecretToString(secret *proto.Secret, claims *user.Claims) string {
+	if secret == nil {
+		return ""
+	}
+	if secret.ServerEncrypted != "" {
+		plaintext, err := ServerDecrypt(secret.ServerEncrypted)
+		if err != nil {
+			log.Err(err).Msg("Cannot decrypt secret")
+			return ""
+		}
+		return plaintext
+	}
+	if secret.ClientEncrypted != "" {
+		if claims == nil {
+			log.Err(fmt.Errorf("claims is nil")).Msg("Cannot decrypt secret")
+			return ""
+		}
+		plaintext, err := DecryptFromClient(*claims, secret.ClientEncrypted)
+		if err != nil {
+			log.Err(err).Msg("Cannot decrypt secret")
+			return ""
+		}
+		return plaintext
+	}
+	log.Error().Msg("Secret is empty")
+	return ""
+}
+
+func ServerDecrypt(combined string) (string, error) {
+	// Split the combined string into its ciphertext and nonce components
+	parts := strings.Split(combined, ".")
+	if len(parts) != 2 {
+		return "", fmt.Errorf("combined string format is incorrect")
+	}
+
+	// Decode the base64 encoded ciphertext
+	ciphertext, err := base64.StdEncoding.DecodeString(parts[0])
+	if err != nil {
+		return "", err
+	}
+
+	// Decode the base64 encoded nonce
+	nonce, err := base64.StdEncoding.DecodeString(parts[1])
+	if err != nil {
+		return "", err
+	}
+
+	// Generate a new AES cipher using the key
+	block, err := aes.NewCipher(dataEncryptionKey)
+	if err != nil {
+		return "", err
+	}
+
+	// Create a new GCM cipher mode instance
+	gcm, err := cipher.NewGCM(block)
+	if err != nil {
+		return "", err
+	}
+
+	// Decrypt the ciphertext
+	plaintextBytes, err := gcm.Open(nil, nonce, ciphertext, nil)
+	if err != nil {
+		return "", err
+	}
+
+	// Convert the plaintext bytes back to a string
+	plaintext := string(plaintextBytes)
+
+	return plaintext, nil
+}
+
+// fetchGoogleSecret fetches secret from Google Secret Manager using application default credentials
+func fetchGoogleSecret(secretName string) (string, error) {
+	ctx, cancel := context.WithTimeout(context.Background(), 10*time.Second)
+	defer cancel()
+	client, err := secretsmanager.NewClient(ctx)
+	if err != nil {
+		return "", err
+	}
+	defer client.Close()
+	secret, err := client.AccessSecretVersion(ctx, &secretmanagerpb.AccessSecretVersionRequest{
+		Name: secretName,
+	})
+	if err != nil {
+		return "", err
+	}
+	return string(secret.Payload.Data), nil
+}
+
+var keys [][]byte // Store AES keys
+var ivs [][]byte  // Store IVs for each key
+
+// GenerateKeys generates 10 AES-256 keys and IVs.
+func generateClientKeys() error {
+	for i := 0; i < 10; i++ {
+		key := make([]byte, 32) // AES-256, so 32 bytes key
+		iv := make([]byte, 12)  // AES block size
+
+		if _, err := io.ReadFull(rand.Reader, key); err != nil {
+			return err
+		}
+		if _, err := io.ReadFull(rand.Reader, iv); err != nil {
+			return err
+		}
+
+		keys = append(keys, key)
+		ivs = append(ivs, iv)
+	}
+	return nil
+}
+
+// getKeyIndex returns an index for the keys slice based on the accessToken.
+func getKeyIndex(accessToken string) int {
+	hash := sha256.Sum256([]byte(accessToken))
+	// Use the first byte to get an index, ensuring it's within the range of 0-9
+	return int(hash[0]) % 10
+}
+
+func GetClientIVBase64(claims user.Claims) string {
+	return base64.StdEncoding.EncodeToString(ivs[getKeyIndex(claims.AccessToken)])
+}
+
+func GetClientKeyBase64(claims user.Claims) string {
+	return base64.StdEncoding.EncodeToString(keys[getKeyIndex(claims.AccessToken)])
+}
+
+func getClientKeys(claims user.Claims) ([]byte, []byte) {
+	accessToken := claims.AccessToken
+	keyIndex := getKeyIndex(accessToken)
+	return keys[keyIndex], ivs[keyIndex]
+}
+
+func DecryptFromClient(claims user.Claims, encrypted string) (string, error) {
+	key, iv := getClientKeys(claims)
+	return decryptFromClient(key, iv, encrypted)
+}
+
+func decryptFromClient(key, iv []byte, encryptedBase64 string) (string, error) {
+	encrypted, err := base64.StdEncoding.DecodeString(encryptedBase64)
+	if err != nil {
+		return "", err
+	}
+
+	block, err := aes.NewCipher(key)
+	if err != nil {
+		return "", err
+	}
+
+	gcm, err := cipher.NewGCM(block)
+	if err != nil {
+		return "", err
+	}
+
+	plaintext, err := gcm.Open(nil, iv, encrypted, nil)
+	if err != nil {
+		return "", err
+	}
+
+	return string(plaintext), nil
+}
diff --git a/src/server/snowflakejob/snowflakejob.go b/src/server/snowflakejob/snowflakejob.go
index ce4a5c1..ddd6889 100644
--- a/src/server/snowflakejob/snowflakejob.go
+++ b/src/server/snowflakejob/snowflakejob.go
@@ -4,16 +4,22 @@ import (
 	"context"
 	"database/sql"
 	"dekart/src/proto"
+	"dekart/src/server/conn"
 	"dekart/src/server/errtype"
 	"dekart/src/server/job"
+	"dekart/src/server/secrets"
 	"dekart/src/server/snowflakeutils"
 	"dekart/src/server/storage"
+	"dekart/src/server/user"
 	"encoding/csv"
+	"fmt"
 	"io"
 	"sync"
 
 	"github.com/rs/zerolog/log"
 	sf "github.com/snowflakedb/gosnowflake"
+	"google.golang.org/grpc/codes"
+	"google.golang.org/grpc/status"
 )
 
 type Job struct {
@@ -126,77 +132,79 @@ func (j *Job) Run(storageObject storage.StorageObject, connection *proto.Connect
 	j.storageObject = storageObject
 	_, isSnowflakeStorageObject := j.storageObject.(storage.SnowflakeStorageObject)
 	j.isSnowflakeStorageObject = isSnowflakeStorageObject
-	queryIDChan := make(chan string)
-	resultsReady := make(chan bool)
-	metadataWg := &sync.WaitGroup{}
-	metadataWg.Add(1)
-	go j.fetchQueryMetadata(queryIDChan, resultsReady, metadataWg)
-	j.Status() <- int32(proto.Query_JOB_STATUS_RUNNING)
-	// TODO will this just work: queryID = rows1.(sf.SnowflakeRows).GetQueryID()
-	// https://pkg.go.dev/github.com/snowflakedb/gosnowflake#hdr-Fetch_Results_by_Query_ID
-	rows, err := j.snowflakeDb.QueryContext(
-		sf.WithQueryIDChan(j.GetCtx(), queryIDChan),
-		j.QueryText,
-	)
-	if err != nil {
-		j.Logger.Debug().Err(err).Msg("Error querying snowflake")
-		j.CancelWithError(err)
-		return nil // it's ok, since these are query errors
-	}
-	defer rows.Close()
+	go func() {
+		queryIDChan := make(chan string)
+		resultsReady := make(chan bool)
+		metadataWg := &sync.WaitGroup{}
+		metadataWg.Add(1)
+		go j.fetchQueryMetadata(queryIDChan, resultsReady, metadataWg)
+		j.Status() <- int32(proto.Query_JOB_STATUS_RUNNING)
+		// TODO will this just work: queryID = rows1.(sf.SnowflakeRows).GetQueryID()
+		// https://pkg.go.dev/github.com/snowflakedb/gosnowflake#hdr-Fetch_Results_by_Query_ID
+		rows, err := j.snowflakeDb.QueryContext(
+			sf.WithQueryIDChan(j.GetCtx(), queryIDChan),
+			j.QueryText,
+		)
+		if err != nil {
+			j.Logger.Debug().Err(err).Msg("Error querying snowflake")
+			j.CancelWithError(err)
+			return
+		}
+		defer rows.Close()
 
-	if isSnowflakeStorageObject { // no need to write to storage, use temp query results storage
-		resultsReady <- true
-		defer (func() {
-			j.Status() <- int32(proto.Query_JOB_STATUS_DONE)
-		})()
-	} else {
-		csvRows := make(chan []string, 10) //j.TotalRows?
+		if isSnowflakeStorageObject { // no need to write to storage, use temp query results storage
+			resultsReady <- true
+			defer (func() {
+				j.Status() <- int32(proto.Query_JOB_STATUS_DONE)
+			})()
+		} else {
+			csvRows := make(chan []string, 10) //j.TotalRows?
 
-		go j.write(csvRows)
+			go j.write(csvRows)
 
-		firstRow := true
-		for rows.Next() {
-			if firstRow {
-				firstRow = false
-				resultsReady <- true
-				j.Status() <- int32(proto.Query_JOB_STATUS_READING_RESULTS)
-				columnNames, err := snowflakeutils.GetColumns(rows)
+			firstRow := true
+			for rows.Next() {
+				if firstRow {
+					firstRow = false
+					resultsReady <- true
+					j.Status() <- int32(proto.Query_JOB_STATUS_READING_RESULTS)
+					columnNames, err := snowflakeutils.GetColumns(rows)
+					if err != nil {
+						j.Logger.Error().Err(err).Msg("Error getting column names")
+						j.CancelWithError(err)
+						return
+					}
+					csvRows <- columnNames
+				}
+
+				csvRow, err := snowflakeutils.GetRow(rows)
 				if err != nil {
 					j.Logger.Error().Err(err).Msg("Error getting column names")
 					j.CancelWithError(err)
-					return err
+					return
 				}
-				csvRows <- columnNames
+				csvRows <- csvRow
 			}
 
-			csvRow, err := snowflakeutils.GetRow(rows)
-			if err != nil {
-				j.Logger.Error().Err(err).Msg("Error getting column names")
-				j.CancelWithError(err)
-				return err
+			if firstRow {
+				// unblock fetchQueryMetadata if no rows
+				resultsReady <- true
 			}
-			csvRows <- csvRow
-		}
-
-		if firstRow {
-			// unblock fetchQueryMetadata if no rows
-			resultsReady <- true
+			defer close(csvRows)
 		}
-		defer close(csvRows)
-	}
-
-	metadataWg.Wait() // do not close context until metadata is fetched
+		metadataWg.Wait() // do not close context until metadata is fetched
+	}()
 	return nil
 }
 
-func (s *Store) Create(reportID string, queryID string, queryText string, userCtx context.Context) (job.Job, chan int32, error) {
-	connector := snowflakeutils.GetConnector()
+func Create(reportID string, queryID string, queryText string, userCtx context.Context) (job.Job, error) {
+	connection := conn.FromCtx(userCtx)
+	connector := snowflakeutils.GetConnector(connection)
 	db := sql.OpenDB(connector)
 	err := db.Ping()
 	if err != nil {
 		log.Error().Err(err).Msg("Failed to ping snowflake")
-		return nil, nil, err
+		return nil, err
 	}
 	job := &Job{
 		BasicJob: job.BasicJob{
@@ -209,7 +217,43 @@ func (s *Store) Create(reportID string, queryID string, queryText string, userCt
 		connector:   connector,
 	}
 	job.Init(userCtx)
+	return job, nil
+}
+
+func (s *Store) Create(reportID string, queryID string, queryText string, userCtx context.Context) (job.Job, chan int32, error) {
+	job, err := Create(reportID, queryID, queryText, userCtx)
+	if err != nil {
+		return nil, nil, err
+	}
 	s.StoreJob(job)
 	go s.RemoveJobWhenDone(job)
 	return job, job.Status(), nil
 }
+
+func TestConnection(ctx context.Context, req *proto.TestConnectionRequest) (*proto.TestConnectionResponse, error) {
+	claims := user.GetClaims(ctx)
+	if claims == nil {
+		return nil, status.Error(codes.Unauthenticated, "claims are required")
+	}
+	conn := req.Connection
+	if conn == nil {
+		return nil, fmt.Errorf("connection is nil")
+	}
+	if conn.SnowflakePassword == nil {
+		return nil, status.Error(codes.InvalidArgument, "snowflake_password is required")
+	}
+	conn.SnowflakePassword = secrets.ClientToServer(conn.SnowflakePassword, claims)
+	connector := snowflakeutils.GetConnector(conn)
+	db := sql.OpenDB(connector)
+	err := db.PingContext(ctx)
+	if err != nil {
+		log.Debug().Err(err).Msg("snowflake.Ping failed when testing connection")
+		return &proto.TestConnectionResponse{
+			Success: false,
+			Error:   err.Error(),
+		}, nil
+	}
+	return &proto.TestConnectionResponse{
+		Success: true,
+	}, nil
+}
diff --git a/src/server/snowflakeutils/snowflakeutils.go b/src/server/snowflakeutils/snowflakeutils.go
index b5a600f..befc25e 100644
--- a/src/server/snowflakeutils/snowflakeutils.go
+++ b/src/server/snowflakeutils/snowflakeutils.go
@@ -2,6 +2,8 @@ package snowflakeutils
 
 import (
 	"database/sql"
+	"dekart/src/proto"
+	"dekart/src/server/secrets"
 	"encoding/csv"
 	"fmt"
 	"os"
@@ -24,8 +26,18 @@ func readSnowparkToken() string {
 	return string(token)
 }
 
-func getConfig() sf.Config {
-	token := readSnowparkToken()
+func getConfig(conn *proto.Connection) sf.Config {
+	if conn != nil && !conn.IsDefault { // for default connection we use environment variables
+		password := secrets.SecretToString(conn.SnowflakePassword, nil)
+		return sf.Config{
+			Account:   conn.SnowflakeAccountId,
+			User:      conn.SnowflakeUsername,
+			Warehouse: conn.SnowflakeWarehouse,
+			Password:  password,
+			Params:    map[string]*string{},
+		}
+
+	}
 	dekartSnowflakeUser := os.Getenv("DEKART_SNOWFLAKE_USER")
 	if dekartSnowflakeUser != "" {
 		log.Debug().Msg("Using snowflake password")
@@ -36,6 +48,7 @@ func getConfig() sf.Config {
 			Params:   map[string]*string{},
 		}
 	}
+	token := readSnowparkToken()
 	if token != "" {
 		log.Debug().Msg("Using snowpark token")
 		// https://docs.snowflake.com/en/developer-guide/snowpark-container-services/tutorials/tutorial-2#main-py-file
@@ -55,8 +68,8 @@ func getConfig() sf.Config {
 }
 
 // GetConnector returns a snowflake connector
-func GetConnector() sf.Connector {
-	config := getConfig()
+func GetConnector(conn *proto.Connection) sf.Connector {
+	config := getConfig(conn)
 	driver := sf.SnowflakeDriver{}
 	return sf.NewConnector(driver, config)
 }
diff --git a/src/server/storage/snowflakestorage.go b/src/server/storage/snowflakestorage.go
index 739dba8..3d2b60b 100644
--- a/src/server/storage/snowflakestorage.go
+++ b/src/server/storage/snowflakestorage.go
@@ -3,6 +3,8 @@ package storage
 import (
 	"context"
 	"database/sql"
+	"dekart/src/proto"
+	"dekart/src/server/conn"
 	"dekart/src/server/errtype"
 	"dekart/src/server/snowflakeutils"
 	"encoding/csv"
@@ -25,13 +27,14 @@ func (s *SnowflakeStorage) CanSaveQuery(context.Context, string) bool {
 	return false
 }
 
-func (s *SnowflakeStorage) GetObject(_ context.Context, string, queryID string) StorageObject {
-	return NewSnowflakeStorageObject(queryID)
+func (s *SnowflakeStorage) GetObject(ctx context.Context, string, queryID string) StorageObject {
+	connection := conn.FromCtx(ctx)
+	return NewSnowflakeStorageObject(queryID, connection)
 }
 
 // NewSnowflakeStorageObject
-func NewSnowflakeStorageObject(queryID string) StorageObject {
-	connector := snowflakeutils.GetConnector()
+func NewSnowflakeStorageObject(queryID string, conn *proto.Connection) StorageObject {
+	connector := snowflakeutils.GetConnector(conn)
 	return SnowflakeStorageObject{queryID: queryID, connector: connector}
 }
 
@@ -138,3 +141,25 @@ func (s SnowflakeStorageObject) CopyFromS3(ctx context.Context, source string) e
 	log.Fatal().Msg("not implemented")
 	return nil
 }
+
+func (s SnowflakeStorageObject) CopyTo(ctx context.Context, writer io.WriteCloser) error {
+	reader, err := s.GetReader(ctx)
+	if err != nil {
+		log.Err(err).Msg("Error getting reader while copying to")
+		return err
+	}
+	_, err = io.Copy(writer, reader)
+	if err != nil {
+		return err
+	}
+	err = writer.Close()
+	if err != nil {
+		return err
+	}
+	return nil
+}
+
+func (s SnowflakeStorageObject) Delete(ctx context.Context) error {
+	log.Fatal().Msg("not implemented")
+	return nil
+}
diff --git a/src/server/storage/storage.go b/src/server/storage/storage.go
index 4b19283..5a76a0b 100644
--- a/src/server/storage/storage.go
+++ b/src/server/storage/storage.go
@@ -27,6 +27,8 @@ type StorageObject interface {
 	GetCreatedAt(context.Context) (*time.Time, error)
 	GetSize(context.Context) (*int64, error)
 	CopyFromS3(ctx context.Context, source string) error
+	CopyTo(ctx context.Context, writer io.WriteCloser) error
+	Delete(ctx context.Context) error
 }
 
 type Storage interface {
@@ -53,6 +55,7 @@ func GetDefaultBucketName() string {
 type GoogleCloudStorage struct {
 	defaultBucketName string
 	logger            zerolog.Logger
+	useUserToken      bool // if false ignore user token in ctx and use default service account
 }
 
 // CanSaveQuery returns true if the storage can save SQL query text
@@ -72,6 +75,20 @@ func NewGoogleCloudStorage() *GoogleCloudStorage {
 	return &GoogleCloudStorage{
 		defaultBucketName,
 		log.With().Str("DEKART_CLOUD_STORAGE_BUCKET", defaultBucketName).Logger(),
+		true,
+	}
+}
+
+// NewPublicStorage used to access public storage bucket with application account
+func NewPublicStorage() *GoogleCloudStorage {
+	defaultBucketName := os.Getenv("DEKART_CLOUD_PUBLIC_STORAGE_BUCKET")
+	if defaultBucketName == "" {
+		log.Fatal().Msg("DEKART_CLOUD_PUBLIC_STORAGE_BUCKET is not set")
+	}
+	return &GoogleCloudStorage{
+		defaultBucketName,
+		log.With().Str("DEKART_CLOUD_PUBLIC_STORAGE_BUCKET", defaultBucketName).Logger(),
+		false,
 	}
 }
 
@@ -129,14 +146,16 @@ func (s GoogleCloudStorage) GetObject(_ context.Context, bucketName, object stri
 		bucketName,
 		object,
 		s.logger.With().Str("GoogleCloudStorageObject", object).Logger(),
+		s.useUserToken,
 	}
 }
 
 // GoogleCloudStorageObject implements StorageObject interface for Google Cloud Storage
 type GoogleCloudStorageObject struct {
-	bucketName string
-	object     string
-	logger     zerolog.Logger
+	bucketName   string
+	object       string
+	logger       zerolog.Logger
+	useUserToken bool // if false ignore user token in ctx and use default service account
 }
 
 func (o GoogleCloudStorageObject) CopyFromS3(ctx context.Context, source string) error {
@@ -144,11 +163,38 @@ func (o GoogleCloudStorageObject) CopyFromS3(ctx context.Context, source string)
 	return nil
 }
 
+func (o GoogleCloudStorageObject) CopyTo(ctx context.Context, writer io.WriteCloser) error {
+	reader, err := o.GetReader(ctx)
+	if err != nil {
+		log.Err(err).Msg("Error getting reader while copying to")
+		return err
+	}
+	_, err = io.Copy(writer, reader)
+	if err != nil {
+		return err
+	}
+	err = writer.Close()
+	if err != nil {
+		return err
+	}
+	return nil
+}
+
+func (o GoogleCloudStorageObject) Delete(ctx context.Context) error {
+	obj := o.getObject(ctx)
+	err := obj.Delete(ctx)
+	if err != nil {
+		o.logger.Error().Err(err).Msg("error deleting object")
+		return err
+	}
+	return nil
+}
+
 func (o GoogleCloudStorageObject) getObject(ctx context.Context) *storage.ObjectHandle {
 	tokenSource := user.GetTokenSource(ctx)
 	var client *storage.Client
 	var err error
-	if tokenSource == nil {
+	if tokenSource == nil || !o.useUserToken {
 		client, err = storage.NewClient(ctx)
 	} else {
 		client, err = storage.NewClient(ctx, option.WithTokenSource(tokenSource))
@@ -311,6 +357,16 @@ func (o S3StorageObject) CopyFromS3(ctx context.Context, source string) error {
 	return err
 }
 
+func (s S3StorageObject) CopyTo(ctx context.Context, writer io.WriteCloser) error {
+	log.Fatal().Msg("not implemented")
+	return nil
+}
+
+func (s S3StorageObject) Delete(ctx context.Context) error {
+	log.Fatal().Msg("not implemented")
+	return nil
+}
+
 type S3Writer struct {
 	errorGroup *errgroup.Group
 	w          io.WriteCloser
diff --git a/src/server/storage/userstorage.go b/src/server/storage/userstorage.go
index c77c349..47ac3d0 100644
--- a/src/server/storage/userstorage.go
+++ b/src/server/storage/userstorage.go
@@ -2,6 +2,7 @@ package storage
 
 import (
 	"context"
+	"dekart/src/proto"
 	"dekart/src/server/bqstorage"
 	"dekart/src/server/conn"
 	"strings"
@@ -19,21 +20,22 @@ func NewUserStorage() *UserStorage {
 
 func (s *UserStorage) GetObject(ctx context.Context, _ string, object string) StorageObject {
 	connection := conn.FromCtx(ctx)
-	log.Debug().Str("CloudStorageBucket", connection.CloudStorageBucket).Str("object", object).Msg("GetObject")
+	parts := strings.Split(object, ".")
+	if connection.ConnectionType == proto.Connection_CONNECTION_TYPE_SNOWFLAKE {
+		return NewSnowflakeStorageObject(parts[0], connection)
+	}
 	if connection.CloudStorageBucket != "" {
 		bucketName := connection.CloudStorageBucket
-		log.Debug().Msg("returning GoogleCloudStorageObject")
 		return GoogleCloudStorageObject{
 			bucketName,
 			object,
 			log.With().Str("GoogleCloudStorageObject", object).Logger(),
+			true,
 		}
 	}
-	parts := strings.Split(object, ".")
-	log.Debug().Msg("returning BigQueryStorageObject")
 	return bqstorage.BigQueryStorageObject{
 		JobID:             parts[0],
-		BigqueryProjectId: connection.BigqueryProjectID,
+		BigqueryProjectId: connection.BigqueryProjectId,
 	}
 }
 
diff --git a/src/server/user/claims.go b/src/server/user/claims.go
index 98b534a..33895ae 100644
--- a/src/server/user/claims.go
+++ b/src/server/user/claims.go
@@ -147,6 +147,19 @@ func CopyClaims(sourceCtx, destCtx context.Context) context.Context {
 	return context.WithValue(destCtx, contextKey, claims)
 }
 
+func copyClaims(sourceCtx, destCtx context.Context) context.Context {
+	claims := GetClaims(sourceCtx)
+	if claims == nil {
+		return destCtx
+	}
+	return context.WithValue(destCtx, contextKey, claims)
+}
+
+// CopyUserContext from one context to another
+func CopyUserContext(sourceCtx, destCtx context.Context) context.Context {
+	return copyClaims(sourceCtx, destCtx)
+}
+
 // GetTokenSource returns oauth2.TokenSource from context, returns nil if not found
 func GetTokenSource(ctx context.Context) oauth2.TokenSource {
 	claims := GetClaims(ctx)
@@ -235,8 +248,12 @@ func (c ClaimsCheck) requestToken(state *pb.AuthState, r *http.Request) *pb.Redi
 	redirectState := &pb.RedirectState{}
 	ctx := r.Context()
 	if authErr != "" {
-		log.Error().Str("authErr", authErr).Msg("Error authenticating")
 		redirectState.Error = authErr
+		if authErr == "access_denied" {
+			log.Warn().Str("authErr", authErr).Msg("User denied access with Google OAuth")
+		} else {
+			log.Error().Str("authErr", authErr).Msg("Error authenticating")
+		}
 		return redirectState
 	}
 	var auth = c.getAuthConfig(state)
@@ -271,7 +288,18 @@ func (c ClaimsCheck) requestToken(state *pb.AuthState, r *http.Request) *pb.Redi
 			tokenInfo.Scope,
 		)
 		if err != nil {
-			log.Fatal().Err(err).Msg("Error marshalling token")
+			log.Fatal().Err(err).Msg("Error updating user sensitive scope")
+		}
+	} else {
+		// create or update user, do not update sensitive scope
+		_, err = c.db.ExecContext(
+			ctx,
+			"INSERT INTO users (email, sensitive_scope) VALUES ($1, $2) ON CONFLICT (email) DO UPDATE SET updated_at = CURRENT_TIMESTAMP",
+			tokenInfo.Email,
+			tokenInfo.Scope,
+		)
+		if err != nil {
+			log.Fatal().Err(err).Msg("Error updating user")
 		}
 	}
 
@@ -280,6 +308,7 @@ func (c ClaimsCheck) requestToken(state *pb.AuthState, r *http.Request) *pb.Redi
 		log.Fatal().Err(err).Msg("Error marshalling token")
 	}
 	redirectState.TokenJson = string(tokenBin)
+	redirectState.SensitiveScopesGranted = missingSensitiveScope == ""
 	return redirectState
 }
 
@@ -304,11 +333,30 @@ func (c ClaimsCheck) requestDevToken(state *pb.AuthState, r *http.Request) *pb.R
 		return redirectState
 	}
 
+	tokenInfo, err := c.getTokenInfo(ctx, token)
+	if err != nil {
+		log.Error().Err(err).Msg("Error getting token info")
+		redirectState.Error = "Error getting token info"
+		return redirectState
+	}
+
+	// check if required scopes are granted by the user
+	missingScope := checkMissingScope(auth.Scopes, tokenInfo.Scope)
+	if missingScope != "" {
+		log.Warn().Str("missingScope", missingScope).Msg("Scope missing")
+		redirectState.Error = fmt.Sprintf("Scope %s missing", missingScope)
+		return redirectState
+	}
+
+	// update user sensitive scope requested to not show the scope onboarding again
+	missingSensitiveScope := checkMissingScope(sensitiveScope, tokenInfo.Scope)
+
 	tokenBin, err := json.Marshal(*token)
 	if err != nil {
 		log.Fatal().Err(err).Msg("Error marshalling token")
 	}
 	redirectState.TokenJson = string(tokenBin)
+	redirectState.SensitiveScopesGranted = missingSensitiveScope == ""
 	return redirectState
 }
 
diff --git a/src/server/userjob/userjob.go b/src/server/userjob/userjob.go
new file mode 100644
index 0000000..a055d75
--- /dev/null
+++ b/src/server/userjob/userjob.go
@@ -0,0 +1,44 @@
+package userjob
+
+import (
+	"context"
+	"dekart/src/proto"
+	"dekart/src/server/bqjob"
+	"dekart/src/server/conn"
+	"dekart/src/server/job"
+	"dekart/src/server/snowflakejob"
+)
+
+type Store struct {
+	job.BasicStore
+}
+
+func NewStore() *Store {
+	store := &Store{}
+	return store
+}
+
+func (s *Store) TestConnection(ctx context.Context, req *proto.TestConnectionRequest) (*proto.TestConnectionResponse, error) {
+	if req.Connection.ConnectionType == proto.Connection_CONNECTION_TYPE_SNOWFLAKE {
+		return snowflakejob.TestConnection(ctx, req)
+	}
+	return bqjob.TestConnection(ctx, req)
+}
+
+func (s *Store) Create(reportID string, queryID string, queryText string, connCtx context.Context) (job.Job, chan int32, error) {
+	var err error
+	var job job.Job
+	connection := conn.FromCtx(connCtx)
+	if connection.ConnectionType == proto.Connection_CONNECTION_TYPE_SNOWFLAKE {
+		job, err = snowflakejob.Create(reportID, queryID, queryText, connCtx)
+	} else {
+		job, err = bqjob.Create(reportID, queryID, queryText, connCtx)
+	}
+	if err != nil {
+		return nil, nil, err
+	}
+	s.StoreJob(job)
+	go s.RemoveJobWhenDone(job)
+	return job, job.Status(), nil
+
+}