Installation

EntryLayer is delivered as a Snowflake Native App. Installation gets the product runtime running in your customer Snowflake account before you invite users, assign seats, or grant caller rights.

When to use this page

Use this page when a Snowflake administrator is installing EntryLayer from the Marketplace, approving the runtime privileges, or explaining what the package creates automatically.

Prerequisites

A Snowflake account that supports Native Apps, SPCS, and Hybrid Tables
A role that can install the application and approve requested privileges
An environment where Snowflake Cortex and Restricted Caller Rights workflows are allowed

Install from Marketplace

Open the EntryLayer Snowflake Marketplace listing, or open Data Products → Marketplace in Snowsight and find EntryLayer.
Select Get and complete the install flow.
Approve the requested privileges during installation.

If you start from the public web listing, Snowflake will prompt you to sign in to the account where you want to install the Native App.

At this stage, you are installing the product runtime. You are not yet granting user access to the app or to your business data sources.

What the package requests

During installation, the package requests only the runtime account privileges required by the current package:

Privilege	Purpose
`CREATE COMPUTE POOL`	Run the EntryLayer SPCS containers.
`CREATE WAREHOUSE`	Support Cortex-backed features and app-managed Snowflake work in the installed environment.
`BIND SERVICE ENDPOINT`	Expose the EntryLayer web interface through Snowflake.

The package also declares the Snowflake-managed SNOWFLAKE.CORTEX_USER database role for Cortex-backed form generation. Grant that database role from the installed app Permissions tab during first-run setup.

What the setup script creates automatically

The setup script creates the core runtime objects for you, including:

the application roles ENTRYLAYER_USER and ENTRYLAYER_ADMIN
the management and application-state schemas
the compute pool and warehouse needed to run the app
the web service
admin SQL API procedures and functions such as API.SET_USER_SEAT, API.REVOKE_USER_SEAT, API.LIST_USERS, API.REPAIR_USER_SEATS, API.EXTRACT_PROJECT_SUBMISSIONS, API.SUSPEND_APP, and API.RESUME_APP

The current package is a two-container deployment:

api
web

This is the point where EntryLayer becomes a running service inside your Snowflake account. It does not mean end users are ready to work in it yet.

What installation does not do

Installation does not:

grant end users ENTRYLAYER_USER
assign anyone an admin seat automatically
grant caller rights on your business databases
grant project can_read, can_act, or can_manage
bypass Snowflake row access policies or masking policies

Those are the required post-install steps.

Source data guardrail

EntryLayer does not gain source table access simply because the Native App is installed. Source discovery and source-backed records require Restricted Caller Rights grants, and those grants only allow EntryLayer to use privileges the signed-in user already has.

What to expect next

After installation, the normal setup sequence is:

grant a Snowflake role access to the app
grant a small admin/operator role direct SQL admin access
enable the SNOWFLAKE.CORTEX_USER app permission for Cortex-backed generation
assign the first admin seat
grant caller rights on the business databases EntryLayer should browse
open the app and verify setup from Org Settings

Verification checklist

The installed app appears in Snowsight.
The EntryLayer web endpoint opens.
The app requested only the documented runtime privileges.
You know which Snowflake role will receive ENTRYLAYER_ADMIN for bootstrap SQL.

Next step

Continue to Initial Setup to:

grant user access
assign your first admin seat
grant caller rights on your data