Data product feature configuration

The data products feature is disabled by default. Before configuring data products, make sure your cluster is configured to fulfill the requirements.

Configuration properties for data products are set in the coordinator’s config.properties file. In Kubernetes, set this as additional properties.

starburst.data-product.enabled=true
data-product.starburst-jdbc-url=jdbc:trino://coordinator.example.com?SSL=true
data-product.starburst-user=alice
data-product.starburst-password=my123password

Mapping configuration properties

Property name	Description	Default
starburst.data-product.enabled	Enable or disable data products.	false
data-product.starburst-jdbc-url	JDBC URL connection string of the cluster that data products is running on. Use JDBC driver parameters to configure details of the connection. For example, append SSL=true for a cluster secured with TLS, or other parameters as needed for authentication, client identification, or client tags.	Coordinator URL with no JDBC driver parameters set
data-product.starburst-user	SEP user configured as an application user to execute the data product’s interactions with SEP, such as the creation of schemas, views, and so on. This service account user does not support OAuth 2.0. Therefore, there are additional security considerations that must be accounted for if you are using OAuth 2.0 to authenticate users in the SEP web UI for data products; see Security considerations later in this topic. If data products is used in conjunction with built-in access control or Apache ranger, make sure the user or group membership for the username specified with this property is granted impersonate privileges over all SEP users of the data products tool. We recommend keeping this user’s credentials secured using secrets.
data-product.starburst-password	Password for the user specified by data-product.starburst-user.
data-product.publishing-threads-count	Number of threads in the coordinator pool allocated to publishing data products. We strongly recommend using the default value unless you observe slowness in concurrent publishing jobs.	2
data-product.statistics-enabled	Enable the background task that runs once a day to calculate stats for published data products.	true
data-product.time-zone-id	The time zone id used to calculate the start of each day. The background task that calculates data product statistics runs at the start of each day in this timezone. Example value: America/New_York.	The coordinator’s system timezone

Security considerations

Regardless of who the logged-in user is, when interacting with a data product, the configured data-product.starburst-user service account impersonates the logged-in user in all interactions with the underlying data, and must have the permission to do so.

If your organization uses OAuth 2.0 as the authentication provider for SEP, you must enable password file authentication as an authentication method for the service user, and provide the necessary access control grants:

1. Enable and configure password file authentication.

2. Add the service account user to the file configured with file.password-file.

3. Provide the privileges for data-product.starburst-user described in the configuration properties in your configured access control system, such as SEP’s built-in access control or Ranger.

4. Change the value of http-server.authentication.type to PASSWORD,OAUTH2.