Starburst Enterprise web UI#

This topic provides an overview of the features available in the web UI. The Starburst Enterprise web UI is the default web interface when you access an SEP cluster that has a valid license configured.

A cluster with no license configured shows the Trino web UI by default. The Trino UI lacks the SEP features such as Insights, data products, the query editor, and domain management.

Are you a platform administrator looking to learn how to configure the web UI? Along with general features, this topic also covers the web-ui.* configuration properties that affect its behavior. Head over to our guides to learn how to secure the UI, and how other features and configuration properties change what screens are available.

Learn how to configure the web UI.

Direct URL access#

Access the Starburst Enterprise web UI directly with the URL of your coordinator.

Now that this interface is the default for licensed clusters, there is no longer a need to append the /ui/insights context to your coordinator’s URL. Use simple URLs such as the following:

  • https://sep.example.com/

  • http://sep.example.com:8080/

  • https://localhost:8443/

Authentication#

On a TLS-enabled cluster, enter the credentials required by the cluster’s authentication method. Contact your site’s network administrator for your username, password, and other credentials as required by your cluster.

On a cluster with no security method enabled, the login screen shows a username field with a disabled password field. Enter any username to log in; no password is required or allowed.

Note

The login screen you encounter is determined only by the cluster’s security configuration, including TLS support, and is independent of license status. There is no separate security configuration for the Starburst Enterprise web UI.

Session timeout#

The web-ui.session-timeout configuration property controls the timeout interval in deployments not using an identity provider (IdP) for authentication.

Deployments that use an IdP that substitutes for login credential forms, such as AzureAD and Okta, are subject to the session timeout defined in their IdP’s configuration.

When the timeout interval is reached, a dialog is displayed giving users the option to logout to exit the Starburst Enterprise web UI and return to the login screen, or to dismiss the dialog to stay on the current page without requesting new data. For example, if a session times out during a long-running query, the query is allowed to finish. Users can view and download the existing query result set in the query editor by clicking Dismiss in the modal dialog and then clicking Download, but cannot run a new query or navigate to another screen until logged back in.

Feature tabs#

The feature column of the Starburst Enterprise web UI shows several tabs, described next.

At the bottom of this column, find the Version, Environment description, and Uptime of the connected cluster.

Use the button to collapse the feature column to icon form and restore it.

Query editor#

The Query editor tab is a web-based interface for writing and executing SQL queries.

Data products#

The Data products tab allows you to publish, find, and manage curated data assets in your organization.

Domain management#

The Domain management tab allows you to manage grouping of your data products into domains that define your business.

Insights#

Overview#

The Overview tab is the default tab opened when the Starburst Enterprise web UI starts, and shows a summary of your cluster’s current activities.

Query overview#

The Query overview tab shows a list of queries running or recently run on your cluster. Click a query ID to open the details for that query.

Cluster history#

The Cluster history tab shows the resources consumed by your cluster when responding to recent queries, or for a specified time period.

Usage metrics#

The Usage metrics tab provides an overview of the cluster usage over a specified period of time and a cost estimation tool.

Roles and privileges#

SEP features an optional built-in role-based access control (RBAC) system that is integrated with the Starburst Enterprise web UI. If enabled, an authorized administrator can control users’ access to data on the Roles and privileges tab.

See Built-in access control overview for more information.

Help menu#

The Help (?) menu includes the following helpful links for convenience:

  • Web UI: Link to the Trino web UI

  • Documentation: Link to the Insights documentation

  • Authorization app: If configured by an administrator, links to the authorization app used in the cluster.

Authorization app#

The Help menu can be configured to include a convenient link in Starburst Enterprise web UI that opens the UI of the cluster’s associated authorization app, if any.

The Help menu only contains the Authorization UI link if an administrator configures the coordinator’s config.properties with the insights.authorization-application.url property, using a value pointing to a valid URL for an authorization app such as Apache Ranger or the Privacera Platform.

You can replace the default “Authorization UI” text of this submenu by using the insights.authorization-application.label property.

The following table shows the configuration properties for the authorization app:

Authorization app configuration properties#

Property name

Description

insights.authorization-application.url

UI URL of an authorization app associated with this cluster, such as Apache Ranger or the Privacera Platform.

insights.authorization-application.label

Name of the associated authorization app to appear in the Help menu. Default is Authorization UI.

The config.properties must still contain a valid ranger.policy-rest-url property for the cluster, which is the primary way to associate an authorization app with the cluster.

For example:

insights.authorization-application.url=https://ranger.example.com:6182/
insights.authorization-application.label=Lab Ranger

User menu#

The user menu in the upper right shows the name of the currently logged-in user, as well as their currently-applied roles.

Clicking on the Switch roles menu item brings up the Switch roles UI. The Switch roles UI allows users to switch between specific roles they have been granted, or to apply all roles that they have been granted. To apply all roles granted, click the * option in the Switch roles UI. This has the same effect as executing the SET ROLE ALL SQL statement.

The Log out option logs you out of the current session.

The Settings menu item is available to administrative users. Clicking on the Settings menu item brings up the Settings UI, with the following options:

  • License - This tab displays all possible SEP features, including connectors, and their statuses based on your current license file. Your license file is available by clicking the Download current license button.

  • Customize login - This tab allows you to add a logo and banner text.

Customize login#

The Customize login screen allows you to upload a logo and create a banner message. You can choose to do one or both. You must press Save for changes to take effect. The user ID and last updated time is displayed next to the Save button.

Client token authentication#

The Starburst Enterprise web UI features an optional page that, if enabled, exposes a JWT token that can be used to connect to SEP with clients that support JWT authentication.

To enable this page, SEP must be configured with JWT authentication or OAuth 2.0 authentication authentication. Set the following configuration property to true in the coordinator’s config.properties file:

web-ui.token-copy.enabled=true

Users can access this page in a web browser by logging into the Starburst Enterprise web UI and navigating to the /ui/token URL, such as https://sep.example.com/ui/token.

Legacy login#

You can disable the Starburst Enterprise web UI login and revert to the legacy Trino UI login by setting the following configuration in the config.properties file:

sep-ui.security.disable-enterprise-login=true