Concepts Overview
EntryLayer is a Snowflake Native App for turning Snowflake-backed data into governed entry, review, correction, and approval workflows. The Concepts section explains the boundaries that make that model work: where the app runs, where data lives, how permissions are resolved, and how Cortex-assisted features stay inside the Snowflake-centered operating model.
Start with the job
Section titled “Start with the job”| Question | Start with | Then use |
|---|---|---|
| How does EntryLayer run inside Snowflake? | Architecture | Snowflake Integration |
| What privileges and roles does the Native App use? | Native App Security Model | SQL Procedures |
| What data leaves the customer account? | Data Boundary & Compliance | Source Objects & Semantic Views |
| Where are projects, drafts, submissions, and audit records stored? | Data Lifecycle & Storage | Form Design Model |
| Why does an admin seat not automatically grant record visibility? | Seat Types & Licensing | Permission Model |
| Why do source rows appear before app submissions exist? | Virtual Submissions | Workflow States |
| What can Cortex see or generate? | Cortex & AI Boundary | Cortex SQL API Skill |
Human path
Section titled “Human path”Most customer admins use this sequence:
- Read the concept page that matches the decision.
- Follow the linked guide for setup or day-to-day operation.
- Use the Reference section for exact SQL, contracts, payloads, and troubleshooting.
For example, if a user has an admin seat but cannot open record data, start with Seat Types & Licensing, then check Permission Model.
Cortex and SQL-agent path
Section titled “Cortex and SQL-agent path”Concept pages help Cortex explain why EntryLayer behaves the way it does, but exact procedure calls should come from the SQL-discoverable API docs:
CALL ENTRYLAYER.API.HELP();CALL ENTRYLAYER.API.HELP('CONTRACTS');CALL ENTRYLAYER.API.HELP('SECURITY');CALL ENTRYLAYER.API.AGENT_MANIFEST();After every CALL, check status before reading data. On error, surface code and message instead of guessing.
Boundary in one minute
Section titled “Boundary in one minute”| Area | EntryLayer posture |
|---|---|
| Runtime | Snowflake Native App on Snowpark Container Services in the customer Snowflake account. |
| Source data | Remains in customer-owned Snowflake objects and is accessed through customer-approved grants. |
| App state | Stored in Snowflake Hybrid Tables inside the installed app namespace. |
| Source discovery | Metadata-only unless a documented user workflow opens or materializes records. |
| Provider egress | No provider-owned external access integration or network rule in the current package. |
| AI | Uses Snowflake Cortex for supported AI-assisted features. |
| SQL API | Admin-only, documented through HELP() and AGENT_MANIFEST(). |
Concept map
Section titled “Concept map”Snowflake Native App -> Security model: app roles, owner-rights procedures, caller rights -> Data boundary: source data, app state, billing, telemetry posture -> Data lifecycle: projects, drafts, forms, submissions, audit -> Access model: seats, project permissions, Snowflake grants -> User experience: virtual submissions, workflow, form design -> AI boundary: Cortex prompts, metadata context, safe generation