Data product feature configuration#
The data products feature is disabled by default. Before configuring data products, make sure your cluster is configured to fulfill the requirements.
Configuration properties for data products are set in the coordinator’s
config.properties
file. In Kubernetes, set this as additional
properties.
starburst.data-product.enabled=true
data-product.starburst-jdbc-url=jdbc:trino://coordinator.example.com?SSL=true
data-product.starburst-user=alice
data-product.starburst-password=my123password
Property name |
Description |
Default |
---|---|---|
|
Enable or disable data products. |
|
|
JDBC URL connection string of the cluster that data products is
running on. Use JDBC driver parameters to
configure details of the connection. For example, append |
Coordinator URL with no JDBC driver parameters set |
|
SEP user configured as an application user to execute the data product’s interactions with SEP, such as the creation of schemas, views, and so on. This service account user does not support OAuth 2.0. Therefore, there are additional security considerations that must be accounted for if you are using OAuth 2.0 to authenticate users in the SEP web UI for data products; see Security considerations later in this topic. If data products is used in conjunction with built-in access control, make sure the user or group membership for the username specified with this property is granted impersonate privileges over all SEP users of the data products tool. We recommend keeping this user’s credentials secured using secrets. |
|
|
Password for the user specified by |
|
|
Number of threads in the coordinator pool allocated to publishing data products. We strongly recommend using the default value unless you observe slowness in concurrent publishing jobs. |
|
|
Enable the background task that runs once a day to calculate stats for published data products. |
|
|
The time zone id used to calculate the start of each day. The background
task that calculates data product statistics runs at the start of each day
in this timezone. Example value: |
The coordinator’s system timezone |
Security considerations#
Regardless of who the logged-in user is, when interacting with a data product,
the configured data-product.starburst-user
service account impersonates the
logged-in user in all interactions with the underlying data, and must have the
permission to do so.
If your organization uses OAuth 2.0 as the authentication provider for SEP, you must enable password file authentication as an authentication method for the service user, and provide the necessary access control grants:
Enable and configure password file authentication.
Add the service account user to the file configured with
file.password-file
.Provide the privileges for
data-product.starburst-user
described in the configuration properties in your configured access control system, such as SEP’s built-in access control or Ranger.Change the value of
http-server.authentication.type
toPASSWORD,OAUTH2
.