Billing & Operations

Billing and operations procedures support Marketplace billing reconciliation and app recovery workflows. They are admin-only and intentionally narrow.

When to use this page

Use this page when assigning seats, previewing billable seat state, reviewing the billing ledger, or recovering app-owned compute resources.

Seat management

Procedure	Use it for	Guardrail
`SET_USER_SEAT(username, seat_type)`	Assign an EntryLayer seat tier	Does not grant Snowflake roles, source privileges, or project access.
`REVOKE_USER_SEAT(username)`	Return a user to default view-style access	Does not delete the Snowflake user or remove project access grants.
`LIST_USERS()`	Inspect EntryLayer app membership	Not a Snowflake role audit.
`REPAIR_USER_SEATS(org_id)`	Repair duplicate seat rows	Does not merge accounts, submissions, or audit history.

Example:

CALL ENTRYLAYER.API.SET_USER_SEAT('JDOE', 'admin');
CALL ENTRYLAYER.API.LIST_USERS();

Billing inspection

Procedure	Output	Zero-access note
`PREVIEW_BILLING()`	Aggregate billable seat preview	No usernames, emails, project names, table names, row values, or query text.
`LIST_BILLING_LEDGER()`	Anonymous billing ledger rows	For Marketplace reconciliation, not user activity auditing.

Example:

CALL ENTRYLAYER.API.PREVIEW_BILLING();
CALL ENTRYLAYER.API.LIST_BILLING_LEDGER();

Operational recovery

Procedure	Use it for	Guardrail
`SUSPEND_APP()`	Suspend app-owned compute resources	Does not change app data, projects, source grants, or submissions.
`RESUME_APP()`	Resume/provision app-owned compute resources declared in the manifest	Does not request external access or source row data.

Use these commands for operational recovery, not for project lifecycle management.

Marketplace-safe telemetry boundary

Allowed telemetry is limited to seat activation/deactivation billing events. Do not add telemetry that concatenates PII, PHI, usernames, emails, project names, source object names, query text, row keys, or row values.