Getting Started Overview
EntryLayer runs as a Snowflake Native App inside your customer Snowflake account. This section helps administrators move from Marketplace install to working projects without mixing up runtime privileges, product seats, project access, or Snowflake source privileges.
When to use this section
Section titled “When to use this section”Use Getting Started when you are:
- installing through Snowflake Marketplace
- configuring EntryLayer administrators
- validating Snowflake source discovery
- creating projects from Snowflake, CSV/XLSX, or a blank form
- preparing handoff from Snowflake administration to builders and business users
Setup paths
Section titled “Setup paths”| Role | Start here | Goal |
|---|---|---|
| Snowflake admin | Installation | Install the Native App runtime and approve required privileges. |
| EntryLayer admin | Initial Setup | Grant app access, assign seats, enable Cortex, and configure caller rights. |
| Builder | Your First Project | Create a project and confirm generated form structure. |
| Business user | User Guide | Learn how to work records after a project is shared. |
| Cortex user | Cortex SQL API Skill | Use Cortex to discover and call the admin SQL API safely. MCP-capable clients can also use Snowflake MCP Client Setup. |
Setup sequence
Section titled “Setup sequence”- Install EntryLayer from the Snowflake Marketplace listing.
- Grant
ENTRYLAYER_USERto the Snowflake roles that should open the app. - Grant
ENTRYLAYER_ADMINonly to the small role that will run bootstrap SQL. - Enable
SNOWFLAKE.CORTEX_USERfrom the installed app Permissions tab. - Assign an
adminseat withAPI.SET_USER_SEAT. - Grant Restricted Caller Rights on the databases EntryLayer should browse.
- Verify Org Settings and Snowflake Access Diagnostics.
- Create a project and confirm record access behaves as expected.
What access means
Section titled “What access means”| Access layer | What it controls | What it does not control |
|---|---|---|
ENTRYLAYER_USER application role | Lets a Snowflake role open the installed app. | Does not assign an EntryLayer seat or source data access. |
ENTRYLAYER_ADMIN application role | Allows controlled bootstrap and admin SQL API calls. | Does not automatically grant project can_read. |
| EntryLayer seat type | Controls product capabilities such as view, act, build, and admin. | Does not bypass project permissions. |
| Project access | Controls whether a user can read, act, manage, or administer a project. | Does not create new Snowflake source privileges. |
| Restricted Caller Rights | Lets EntryLayer use the signed-in user’s existing Snowflake source access. | Does not grant users access they do not already have. |
Zero-access posture
Section titled “Zero-access posture”EntryLayer source discovery is metadata-oriented during setup and relies on Snowflake access controls in the customer account. The app does not require provider-owned egress, does not sample source rows for setup documentation flows, and does not send submission values to provider-owned services.
Verification checklist
Section titled “Verification checklist”- The installed app opens from Snowsight.
- An admin can open Org Settings.
- Members & Licenses shows the expected seat.
- Snowflake Access Diagnostics can see at least one intended database.
- A project can be created from a Snowflake source or starter form.