Mission Control provides the user powerful access to your Starburst Enterprise platform (SEP) deployment. Access restrictions to allow only authenticated and authorized users are important for successful usage.
Mission Control supports three authentication systems:
built-in user management
external LDAP providers such as Active Directory
The user authentication systems are configured in the
property. The default is
INTERNAL. One or more types in the desired order,
separated by commas, are supported. Leaving the value empty disables
authentication, and is not recommended.
The internal authentication uses data stored in the backend database for access control and can be controlled with the user management section.
LDAP authentication for Mission Control has to be configured using the
ldap.* properties in the general config file.
You can use Google authentication, if your Mission Control server is available
at a URL using a full domain name, such as
The following steps describe how to activate this authentication in your Google cloud configuration.
Go to your Google Cloud console at https://console.cloud.google.com.
Select your project.
Access the APIs & Services > OAuth consent screen.
Select application type. Use internal app so that only users within your organization can authenticate.
Add your domain name to the authorized domains list.
Save and access APIs & Services > Credentials.
Create credentials selecting OAuth client ID.
Select Web application.
Provide a name such as Mission Control and the full URL to Mission Control.
Use the provided client id and client secret for the parameters
authentication.google.secretin your Mission Control general config file.
Add the domain name of the Google accounts to allow, such as
authentication.google.hosted-domainin the config file.
Restart Mission Control.
Now you can sign into Mission Control using your Google account.
Mission Control distinguishes between users with and without administrative rights. Only administrative users have access to manage other users and to edit all data sources and clusters.
INTERNAL authentication system allows users to have administrative
rights. We therefore suggest to use other authentication types in combination
with the internal authentication.
Data sources have no authorization restrictions.
Clusters can only be edited by the creator, who are automatically assigned as the owner of the cluster, and administrators.