FBLV classifies every dataset by sensitivity. The tier determines which AI tools may read it, what masking applies, and which roles can grant access. Tiers travel with the data — exports, embeddings, and derived tables inherit their source tier.
Snowflake reference material
Documentation for the features this visualization depicts. Linked directly from Snowflake's official docs.
—
—
Masking policy (Snowflake DDL)
⚠ Illustrative example only. Role names, regex patterns, and policy logic are reasonable approximations for the demo — do not copy/paste into production. Verify against current Snowflake docs (linked in the References modal) before deploying.
What each role sees · SELECT against this column
—
—
—
Snowflake RBAC layers: account role → database role → objects (schemas, tables, columns). The account role is granted database roles; only database roles hold object-level grants. This isolates per-database permissions and keeps the role graph hub-and-spoke instead of tangled.
Network perimeter and integrations
Snowflake network policies and integration objects control what can reach the account and what each actor can touch. Inbound is IP-and-identity-gated; outbound is allowlisted via external access integrations. The defaults below are PROD's posture; STAGING and DEV are permissibly broader where they don't carry real data.