--- name: ckg-snowflake-horizon-catalog description: "Snowflake Horizon Catalog (Snowflake's governance, compliance, security, privacy, discovery & collaboration umbrella) — complete CKG of the docs.snowflake.com governance + catalog + open-formats surface. 257 nodes, 419 edges, 8 domains. Covers the account/database/schema object model, RBAC & roles, dynamic data masking / row access / projection / aggregation policies, object tagging & sensitive-data classification, Data Metric Functions (DMFs) & data quality monitoring, object dependencies / lineage / ACCESS_HISTORY, Universal Search / Cortex Search / semantic views, Trust Center auditing, Secure Data Sharing / Listings / Marketplace / Data Clean Rooms, and Apache Iceberg + Snowflake Open Catalog / Apache Polaris open formats." metadata: node_type: reference type: reference version: 1.0.0 date: 2026-06-18 source: "Snowflake documentation — https://docs.snowflake.com (live docs, fetched 2026-06-18)" nodes: 257 edges: 419 domains: 8 formats: - md --- # Snowflake Horizon Catalog — Compressed Knowledge Graph (CKG) v1.0.0 # Source: docs.snowflake.com (live docs, fetched 2026-06-18) # NOTE: 'Horizon Catalog' is Snowflake's UMBRELLA brand for built-in governance, compliance, # security, privacy, discovery & collaboration — NOT a single product surface. It also # names the built-in Iceberg REST catalog in every account (powered by Apache Polaris). # Generated by Graphify.md | graphifymd.com # 257 concepts · 419 dependency edges · 8 domains # Paste into any LLM, ask: "What depends on [concept]?" or "Trace the path from Tag to Classification-to-Masking Loop." ## META domain: snowflake-horizon-catalog nodes: 257 edges: 419 domains: 8 (CORE · META · GOV · DQ · LIN · SRCH · SHARE · OPEN) edge_type: technical dependency (source concept required to understand/implement the target) version: 1.0.0 ## CORE — Platform, Object Model & Horizon Umbrella (23 concepts) # Source: snowflake-horizon · intro-objects · security-access-control-overview · databases-tables · warehouses-overview · guides-overview-govern Snowflake Account deps: none (root) Organization deps: none (root) Snowflake Horizon Catalog deps: Snowflake Account | Organization Securable Object deps: Snowflake Account Object Hierarchy deps: Securable Object | Snowflake Account | Organization Organization Account deps: Organization | Snowflake Account Database deps: Snowflake Account | Object Hierarchy Schema deps: Database | Object Hierarchy Schema-Level Object deps: Schema | Securable Object Account-Level Object deps: Snowflake Account | Securable Object Virtual Warehouse deps: Account-Level Object Warehouse Size deps: Virtual Warehouse Multi-Cluster Warehouse deps: Virtual Warehouse | Warehouse Size Credits deps: Virtual Warehouse | Warehouse Size Serverless Compute deps: Snowflake Account | Credits Snowsight deps: Snowflake Account Horizon: Governance Pillar deps: Snowflake Horizon Catalog Horizon: Compliance & Privacy Pillar deps: Snowflake Horizon Catalog Horizon: Security Pillar deps: Snowflake Horizon Catalog Horizon: Discovery Pillar deps: Snowflake Horizon Catalog Horizon: Collaboration Pillar deps: Snowflake Horizon Catalog Horizon: AI Context Layer deps: Snowflake Horizon Catalog Cross-Engine Policy Enforcement deps: Snowflake Horizon Catalog | Horizon: Governance Pillar ## META — Tables, Views & Metadata Views (29 concepts) # Source: databases-tables-views · views-introduction · views-materialized · tables-micro-partitions · object-tagging · info-schema · sql-reference/account-usage Table deps: Schema-Level Object Micro-partitions deps: Table Data Clustering deps: Table | Micro-partitions Clustering Key deps: Table | Data Clustering Automatic Clustering deps: Clustering Key | Data Clustering Hybrid Table deps: Table Event Table deps: Table Dynamic Table deps: Table View deps: Schema-Level Object | Table Non-materialized View deps: View Materialized View deps: View | Table | Virtual Warehouse Secure View deps: View | Materialized View Recursive View deps: Non-materialized View External Table deps: Table | Schema-Level Object Secure UDF deps: Schema-Level Object Tag deps: Schema-Level Object Object Tag deps: Tag | Securable Object Tag Inheritance deps: Tag | Object Hierarchy Automatic Tag Propagation deps: Object Tag | Object Dependencies Tag Allowed Values deps: Tag Tag Apply Method deps: Object Tag TAG_REFERENCES deps: Object Tag INFORMATION_SCHEMA deps: Database | Virtual Warehouse SNOWFLAKE Database deps: Snowflake Account ACCOUNT_USAGE deps: SNOWFLAKE Database ORGANIZATION_USAGE deps: SNOWFLAKE Database | Organization READER_ACCOUNT_USAGE deps: SNOWFLAKE Database | Reader Account Account Usage Database Roles deps: ACCOUNT_USAGE | Database Role POLICY_REFERENCES deps: INFORMATION_SCHEMA | ACCOUNT_USAGE | Masking Policy | Row Access Policy ## GOV — Access Control, Policies & Trust Center (76 concepts) # Source: security-access-control-overview · security-access-control-considerations · security-column-intro · security-row-intro · tag-based-masking-policies · projection-policies · aggregation-policies · governance-classify-concepts · trust-center/overview Privilege deps: Securable Object Role deps: Privilege User deps: Role Discretionary Access Control (DAC) deps: Securable Object | Object Ownership | Role Role-Based Access Control (RBAC) deps: Role | Privilege | User User-Based Access Control (UBAC) deps: User | Privilege | Secondary Roles Object Ownership deps: Role | OWNERSHIP Privilege OWNERSHIP Privilege deps: Privilege Role Hierarchy deps: Role | GRANT ROLE Privilege Inheritance deps: Role Hierarchy Account Role deps: Role | Snowflake Account Database Role deps: Role | Database Instance Role deps: Role Application Role deps: Role Custom Role deps: Role | CREATE ROLE | Role Hierarchy System-Defined Roles deps: Role ORGADMIN deps: System-Defined Roles | Organization ACCOUNTADMIN deps: System-Defined Roles | SYSADMIN | SECURITYADMIN SECURITYADMIN deps: System-Defined Roles | USERADMIN | MANAGE GRANTS USERADMIN deps: System-Defined Roles | CREATE ROLE SYSADMIN deps: System-Defined Roles | Virtual Warehouse | Database PUBLIC deps: System-Defined Roles | User | Role Primary Role deps: Role | Object Ownership Secondary Roles deps: Role | Privilege Aggregation Privilege Aggregation deps: Primary Role | Secondary Roles GRANT TO ROLE deps: Privilege | Role GRANT ROLE deps: Role | Role Hierarchy REVOKE deps: Privilege | Role WITH GRANT OPTION deps: GRANT TO ROLE MANAGE GRANTS deps: Privilege | Managed Access Schema CREATE ROLE deps: USERADMIN Future Grants deps: Database | Schema | GRANT TO ROLE Managed Access Schema deps: Schema | Object Ownership | MANAGE GRANTS USE SECONDARY ROLES deps: Secondary Roles Column-level Security deps: Masking Policy Masking Policy deps: Schema-Level Object | Privilege Dynamic Data Masking deps: Masking Policy | Column-level Security External Tokenization deps: Masking Policy | Column-level Security Conditional Masking deps: Masking Policy APPLY MASKING POLICY deps: Masking Policy | Privilege Row-level Security deps: Row Access Policy Row Access Policy deps: Schema-Level Object | Privilege Policy Expression deps: Row Access Policy Mapping Table deps: Policy Expression | Table APPLY ROW ACCESS POLICY deps: Row Access Policy | Privilege Tag-based Masking Policy deps: Object Tag | Masking Policy Projection Policy deps: Schema-Level Object | Privilege PROJECTION_CONSTRAINT deps: Projection Policy APPLY PROJECTION POLICY deps: Projection Policy | Privilege Aggregation Policy deps: Schema-Level Object | Privilege AGGREGATION_CONSTRAINT deps: Aggregation Policy MIN_GROUP_SIZE deps: AGGREGATION_CONSTRAINT Entity-Level Privacy deps: Aggregation Policy | Entity Key Entity Key deps: Aggregation Policy APPLY AGGREGATION POLICY deps: Aggregation Policy | Privilege Policy Evaluation Order deps: Row Access Policy | Masking Policy | Projection Policy | Aggregation Policy Sensitive Data Classification deps: Object Tag | Table Semantic Category deps: Sensitive Data Classification Privacy Category deps: Sensitive Data Classification SNOWFLAKE.CORE.SEMANTIC_CATEGORY deps: Semantic Category | Object Tag SNOWFLAKE.CORE.PRIVACY_CATEGORY deps: Privacy Category | Object Tag Custom Classifier deps: Sensitive Data Classification | Semantic Category Classification Profile deps: Sensitive Data Classification | Custom Classifier SYSTEM$CLASSIFY deps: Sensitive Data Classification Auto Classification deps: Classification Profile | Custom Classifier Classification-to-Masking Loop deps: Auto Classification | Tag-based Masking Policy Trust Center deps: Snowflake Account | ACCOUNT_USAGE Scanner Package deps: Trust Center Scanner deps: Scanner Package Finding deps: Scanner Violation deps: Finding Detection deps: Finding Security Essentials Scanner Package deps: Scanner Package CIS Benchmarks Scanner Package deps: Scanner Package Threat Intelligence Scanner Package deps: Scanner Package AI Security Scanner Package deps: Scanner Package ## DQ — Data Quality & Data Metric Functions (27 concepts) # Source: data-quality-intro · data-quality-system-dmfs · data-quality-custom-dmfs · data-quality-working · data-quality-expectations Data Metric Function (DMF) deps: Schema-Level Object Data Quality Monitoring deps: Data Metric Function (DMF) | Data Metric Schedule | Serverless Compute System DMF deps: Data Metric Function (DMF) | SNOWFLAKE.CORE Schema SNOWFLAKE.CORE Schema deps: SNOWFLAKE Database Custom DMF deps: Data Metric Function (DMF) | CREATE DATA METRIC FUNCTION CREATE DATA METRIC FUNCTION deps: Privilege | Custom DMF EXECUTE DATA METRIC FUNCTION deps: Privilege DMF Association deps: Data Metric Function (DMF) | Table | View Data Metric Schedule deps: DATA_METRIC_SCHEDULE | DMF Association DATA_METRIC_SCHEDULE deps: DMF Association TRIGGER_ON_CHANGES deps: DATA_METRIC_SCHEDULE USING CRON deps: DATA_METRIC_SCHEDULE Completeness DMFs deps: System DMF Volume DMFs deps: System DMF Uniqueness DMFs deps: System DMF Freshness DMFs deps: System DMF | Data Metric Schedule Accuracy DMFs deps: System DMF Statistics DMFs deps: System DMF Schema DMFs deps: System DMF Anomaly Detection deps: Data Metric Function (DMF) | Data Quality Monitoring Expectation deps: DMF Association | VALUE Keyword VALUE Keyword deps: Expectation Expectation Violation deps: Expectation SYSTEM$EVALUATE_DATA_QUALITY_EXPECTATIONS deps: Expectation DATA_QUALITY_MONITORING_RESULTS deps: DMF Association | Serverless Compute DATA_METRIC_FUNCTION_EXPECTATIONS deps: Expectation | ACCOUNT_USAGE DATA_QUALITY_MONITORING_USAGE_HISTORY deps: Serverless Compute | ACCOUNT_USAGE ## LIN — Lineage, Dependencies & Access History (20 concepts) # Source: ui-snowsight-lineage · object-dependencies · access-history · account-usage/object_dependencies · account-usage/access_history Object Dependencies deps: Securable Object OBJECT_DEPENDENCIES deps: Object Dependencies | ACCOUNT_USAGE Referenced Object deps: OBJECT_DEPENDENCIES Referencing Object deps: OBJECT_DEPENDENCIES DEPENDENCY_TYPE deps: OBJECT_DEPENDENCIES Recursive Dependency Chain deps: OBJECT_DEPENDENCIES Access History deps: ACCESS_HISTORY ACCESS_HISTORY deps: ACCOUNT_USAGE DIRECT_OBJECTS_ACCESSED deps: ACCESS_HISTORY BASE_OBJECTS_ACCESSED deps: ACCESS_HISTORY OBJECTS_MODIFIED deps: ACCESS_HISTORY OBJECT_MODIFIED_BY_DDL deps: ACCESS_HISTORY POLICIES_REFERENCED deps: ACCESS_HISTORY Data Lineage deps: Object Dependencies | Access History Lineage Graph deps: Data Lineage | Snowsight Column Lineage deps: Data Lineage | OBJECTS_MODIFIED Data Movement Lineage deps: Access History GET_LINEAGE deps: Data Lineage | SNOWFLAKE.CORE Schema VIEW LINEAGE Privilege deps: Data Lineage | Privilege End-to-End Data Lineage deps: Data Lineage | Column Lineage ## SRCH — Discovery, Search & Semantic Context (18 concepts) # Source: ui-snowsight-universal-search · cortex-search-overview · views-semantic/overview · marketplace-internal · auto-generated-descriptions Universal Search deps: Snowflake Horizon Catalog | Snowsight | Role Cortex Search deps: Cortex Search Service Cortex Search Service deps: Virtual Warehouse | Embedding Models | Table Hybrid Search deps: Cortex Search Service | Vector Search | Keyword Search Vector Search deps: Embedding Models Keyword Search deps: Cortex Search Service Embedding Models deps: Snowflake Cortex Snowflake Cortex deps: Snowflake Account Semantic View deps: Schema-Level Object | Table Logical Tables deps: Semantic View | Table Metrics deps: Logical Tables | Facts Dimensions deps: Logical Tables | Facts Facts deps: Logical Tables Relationships deps: Logical Tables Cortex Analyst deps: Semantic View Auto-Generated Descriptions deps: Snowflake Cortex | Object Tag Business Glossary (substitute) deps: Semantic View | Object Tag | Auto-Generated Descriptions | Data Product Data Product deps: Organizational Listing ## SHARE — Sharing, Collaboration & Marketplace (31 concepts) # Source: data-sharing-intro · data-sharing-provider · collaboration-listings-about · collaboration-marketplace-about · org-listing-about · cleanrooms/introduction · ui-snowsight-provider-studio Secure Data Sharing deps: Share Share deps: Database | Snowflake Account Provider deps: Share Consumer deps: Share | Shared Database Shared Database deps: Share | Consumer Reader Account deps: Provider | Secure Data Sharing Direct Share deps: Share Listing deps: Secure Data Sharing | Data Product | Provider Free Listing deps: Listing Paid Listing deps: Listing Limited Trial Listing deps: Listing | Paid Listing Private Listing deps: Listing Pricing Plans deps: Paid Listing Offers deps: Pricing Plans | Paid Listing Snowflake Marketplace deps: Listing | Provider | Consumer Cross-Cloud Auto-Fulfillment deps: Listing | Secure Data Sharing Provider Studio deps: Listing | Snowflake Marketplace | Snowsight Internal Marketplace deps: Organizational Listing | Snowflake Horizon Catalog Organizational Listing deps: Internal Marketplace | Account Targeting | Provider Organization Profile deps: Organizational Listing Account Targeting deps: Role-Based Access Control (RBAC) | Organizational Listing Request Approval Workflow deps: Organizational Listing Snowflake Data Clean Rooms deps: Data Clean Room | Provider | Consumer Data Clean Room deps: Collaboration | Data Offering Collaboration deps: Owner | Data Provider (clean room) | Analysis Runner Owner deps: Collaboration Data Provider (clean room) deps: Collaboration | Data Offering Analysis Runner deps: Collaboration | Template | Data Offering Template deps: Collaboration Data Offering deps: Data Provider (clean room) Differential Privacy deps: Data Clean Room ## OPEN — Open Formats: Iceberg, Open Catalog & Polaris (33 concepts) # Source: tables-iceberg · tables-iceberg-configure-catalog-integration · tables-iceberg-storage · tables-iceberg-externally-managed-writes · opencatalog/overview · tables-iceberg-query-using-external-query-engine-snowflake-horizon Apache Iceberg Table deps: Iceberg Catalog | Iceberg Metadata Iceberg Metadata deps: Apache Iceberg Table Iceberg Catalog deps: Apache Iceberg Table Snowflake-managed Iceberg Table deps: Apache Iceberg Table | Iceberg Catalog | External Volume Externally-managed Iceberg Table deps: Apache Iceberg Table | Catalog Integration | External Volume External Volume deps: Account-Level Object | Cloud Principal Cloud Principal deps: External Volume SNOWFLAKE_MANAGED deps: External Volume Catalog Integration deps: Account-Level Object | External Volume AWS Glue Catalog Integration deps: Catalog Integration Object Storage Catalog Integration deps: Catalog Integration Apache Iceberg REST Catalog Integration deps: Catalog Integration | Iceberg REST Protocol Iceberg REST Protocol deps: Apache Iceberg Table REST_AUTHENTICATION deps: Catalog Integration Vended Credentials deps: Catalog Integration | Credential Vending Credential Vending deps: Storage Configuration Catalog-Linked Database deps: Apache Iceberg REST Catalog Integration | Namespace | Automated Refresh Automated Refresh deps: Catalog-Linked Database Externally-managed Writes deps: Externally-managed Iceberg Table | Catalog-Linked Database Snowflake Open Catalog deps: Apache Polaris | Iceberg REST Protocol Apache Polaris deps: none (root) Catalog (Polaris) deps: Snowflake Open Catalog Internal Catalog deps: Catalog (Polaris) | Storage Configuration External Catalog deps: Catalog (Polaris) Namespace deps: Catalog (Polaris) Service Principal deps: Snowflake Open Catalog Principal Role deps: Service Principal | Catalog Role Catalog Role deps: Catalog (Polaris) | Principal Role Storage Configuration deps: Catalog (Polaris) Horizon Iceberg REST Catalog API deps: Snowflake Horizon Catalog | Apache Polaris Horizon Catalog Endpoint deps: Horizon Iceberg REST Catalog API | Account Identifier Account Identifier deps: none (root) External Query Engine deps: Horizon Iceberg REST Catalog API | Vended Credentials --- ## APPENDIX A — KEY OBJECTS / RESOURCES - **CORE** — Organization > Account > Database > Schema > schema-level object is the securable-object containment hierarchy. Virtual Warehouse = compute (sizes X-Small=1 credit/hr ... 6X-Large=512); serverless compute runs DMFs/Trust Center/search refresh. Horizon Catalog spans 6 pillars + an AI context layer; it is a brand, not a SKU. - **META** — Table (standard, hybrid, dynamic, event, external, Iceberg) stored as immutable micro-partitions; View / Materialized View / Secure View. Tag = schema object; Object Tag = assignment; tags inherit down the hierarchy and auto-propagate via dependencies. INFORMATION_SCHEMA (per-DB, low latency) vs ACCOUNT_USAGE (SNOWFLAKE DB, 45min-3hr latency, 365-day retention, dropped objects). - **GOV** — RBAC: Privilege -> Role -> User; DAC overlays Object Ownership per object. System roles: ORGADMIN, ACCOUNTADMIN (= SYSADMIN + SECURITYADMIN), SECURITYADMIN (MANAGE GRANTS, inherits USERADMIN), USERADMIN, SYSADMIN, PUBLIC. Account/Database/Instance/Application roles; Primary vs Secondary roles; Future Grants; Managed Access Schema. Policy types: Masking (Dynamic Data Masking / External Tokenization / Conditional), Row Access, Tag-based Masking, Projection, Aggregation (MIN_GROUP_SIZE, entity-level privacy). Eval order: Row Access -> Aggregation/Projection -> Masking. Classification: Semantic + Privacy categories (IDENTIFIER/QUASI_IDENTIFIER/SENSITIVE), Custom Classifier, Classification Profile, SYSTEM$CLASSIFY. Trust Center scanners: Security Essentials, CIS Benchmarks, Threat Intelligence, AI Security -> Violations + Detections. - **DQ** — Data Metric Function (DMF): system DMFs in SNOWFLAKE.CORE (completeness, volume, uniqueness, freshness, accuracy, statistics, schema categories) + custom DMFs (CREATE DATA METRIC FUNCTION, TABLE args). DMF Association binds a DMF to a table/view (cap 50,000/account); DATA_METRIC_SCHEDULE (interval / USING CRON / TRIGGER_ON_CHANGES); Expectations (VALUE keyword) raise violations; results in DATA_QUALITY_MONITORING_RESULTS. Requires Enterprise Edition + serverless compute. - **LIN** — Object Dependencies (ACCOUNT_USAGE.OBJECT_DEPENDENCIES; referenced vs referencing; DEPENDENCY_TYPE BY_NAME/BY_ID/BY_NAME_AND_ID). ACCESS_HISTORY arrays: DIRECT_OBJECTS_ACCESSED, BASE_OBJECTS_ACCESSED, OBJECTS_MODIFIED, OBJECT_MODIFIED_BY_DDL, POLICIES_REFERENCED. Snowsight Data Lineage = dependencies (metadata) + Access History (data movement); column lineage retained 1 year; GET_LINEAGE in SNOWFLAKE.CORE. - **SRCH** — Universal Search (NL search over objects + Marketplace + docs + KB, role-filtered). Cortex Search Service = managed hybrid (vector + keyword) search index. Semantic View = business-aligned metrics/dimensions/facts/relationships consumed by Cortex Analyst. NOTE: Snowflake has NO formal 'Business Glossary' product — glossary-like meaning is delivered via Semantic Views + Object Tags + Cortex auto-descriptions + Data Products. - **SHARE** — Secure Data Sharing: Share -> Provider/Consumer (no data copy; Reader Account for non-customers). Listing (free/paid/trial/private; pricing plans + offers) on Snowflake Marketplace or Internal Marketplace (Organizational Listings + Account Targeting + Org Profile). Provider Studio manages Marketplace + private listings. Data Clean Rooms: Collaboration (Owner / Data Provider / Analysis Runner; Templates, Data Offerings, Differential Privacy). - **OPEN** — Apache Iceberg tables: Snowflake-managed (Snowflake = catalog) vs externally-managed (Catalog Integration: AWS Glue / Object Storage / Iceberg REST). External Volume + Cloud Principal for storage; vended credentials / credential vending. Catalog-Linked Database syncs an external Iceberg REST catalog (automated refresh). Snowflake Open Catalog = managed Apache Polaris service (Catalog -> Namespace -> Table; Service Principal -> Principal Role -> Catalog Role). Horizon Iceberg REST Catalog API exposes Snowflake-managed Iceberg to external engines at /polaris/api/catalog. ## APPENDIX B — KEY ROLES / PRIVILEGES - System-defined roles: ORGADMIN, ACCOUNTADMIN, SECURITYADMIN, USERADMIN, SYSADMIN, PUBLIC — fixed inheritance: ACCOUNTADMIN -> {SYSADMIN, SECURITYADMIN}; SECURITYADMIN -> USERADMIN; PUBLIC granted to all. - Role types: Account Role, Database Role, Instance Role, Application Role; session model = exactly one Primary Role (CREATE + ownership) + any number of Secondary Roles (privilege aggregation for non-CREATE actions). - Policy privileges: CREATE/APPLY MASKING POLICY, CREATE/APPLY ROW ACCESS POLICY, CREATE/APPLY PROJECTION POLICY, CREATE/APPLY AGGREGATION POLICY, APPLY TAG — CREATE defines, APPLY assigns (decentralization pattern). - Grant mechanics: GRANT/REVOKE ... TO ROLE | TO USER (UBAC), GRANT ROLE (hierarchy), WITH GRANT OPTION, MANAGE GRANTS, Future Grants, Managed Access Schema. - Data quality: CREATE DATA METRIC FUNCTION, EXECUTE DATA METRIC FUNCTION, DATA_METRIC_USER database role. - Account Usage database roles: OBJECT_VIEWER, USAGE_VIEWER, GOVERNANCE_VIEWER, SECURITY_VIEWER (gate ACCESS_HISTORY / QUERY_HISTORY / LOGIN_HISTORY). - Lineage: VIEW LINEAGE (account-level), RESOLVE ALL, REFERENCES — visibility without data access. - Classification: SNOWFLAKE.CLASSIFICATION_ADMIN database role, EXECUTE AUTO CLASSIFICATION privilege, PRIVACY_USER instance role. - Trust Center: SNOWFLAKE.TRUST_CENTER_VIEWER (read), SNOWFLAKE.TRUST_CENTER_ADMIN (configure scanners + manage findings); ORGANIZATION_SECURITY_VIEWER for org-level findings. - Open Catalog (Polaris): Service Principal -> Principal Role -> Catalog Role (RBAC on catalogs/namespaces/tables); credential vending issues temporary storage creds to engines. ## APPENDIX C — NAMING & NOTES - **Horizon Catalog is an umbrella brand, not a single product.** It bundles built-in governance + compliance + security + privacy + discovery + collaboration capabilities (plus an emerging AI context layer) that already existed individually in Snowflake; treat it as the parent node, not a separate engine. - **'Horizon Catalog' is overloaded.** Besides the governance umbrella, it also names the built-in Iceberg REST catalog present in every account (endpoint `https://.snowflakecomputing.com/polaris/api/catalog`) that exposes Snowflake-managed Iceberg tables to external engines. Both are powered by Apache Polaris. - **Snowflake Open Catalog vs Horizon Catalog:** Open Catalog is a SEPARATE managed Apache Polaris service (own catalogs, principal/catalog roles, storage config); the Horizon Iceberg REST endpoint is built into the account. Different products, same Polaris foundation — modeled as distinct nodes. - **DMFs are the data-quality primitive.** All data quality monitoring (system + custom) flows through Data Metric Functions associated to tables/views with a schedule + optional expectations; requires Enterprise Edition + serverless compute. There is no separate 'data quality rule' object as in some other platforms. - **Tags are the shared governance substrate.** Object Tags feed tag-based masking, sensitive-data classification (system tags SNOWFLAKE.CORE.SEMANTIC_CATEGORY / PRIVACY_CATEGORY), tag inheritance/propagation, and discovery — closing the Classification-to-Masking loop where auto-classification auto-applies a masking policy. - **Policy evaluation order is fixed:** Row Access Policy filters rows first, then Aggregation/Projection constraints, then Masking Policy transforms surviving columns. Projection/aggregation/masking are independent schema-level policy objects with CREATE (define) + APPLY (assign) privilege pairs. - **No formal Business Glossary product exists in Snowflake docs.** Business-meaning discovery is delivered through Semantic Views (metrics/dimensions/facts/relationships for Cortex Analyst), Object Tags, Cortex auto-generated descriptions, comments, and richly-documented Data Products / Organizational Listings. Modeled as 'Business Glossary (substitute)'. - **Lineage = dependencies + access history.** Snowsight Data Lineage combines OBJECT_DEPENDENCIES (static metadata references) with ACCESS_HISTORY (CTAS/INSERT/MERGE data-movement, column-level); column lineage retained 1 year, ACCESS_HISTORY 365 days (Enterprise Edition). - **Internal Marketplace** uses Organizational Listings + Account Targeting (no pricing/offers) for in-org sharing, distinct from the public Snowflake Marketplace (free/paid/trial/private listings, pricing plans, offers, cross-cloud auto-fulfillment) managed in Provider Studio. --- **Version:** 1.0.0 — extracted from live Snowflake documentation, 2026-06-18. **Use for:** onboarding to Snowflake Horizon Catalog, governance & security architecture, exam/cert prep (SnowPro Governance), grounding an LLM/agent, mapping a data-governance program. **Ask the graph:** "What must I understand before Tag-based Masking Policy?" · "Trace Tag -> Classification-to-Masking Loop." · "What depends on ACCOUNT_USAGE?" · "What does Snowflake Horizon Catalog bundle?"