Administration¶

The Administration area is where platform owners configure Datahub itself: who has access, which modules are switched on, what the platform looks like, and where it connects.

It's not a single module — it's the umbrella for a set of admin-only pages collected at /admin/* and the user/role pages at /users, /orgroles, and /rolegroups. Most of these pages sit behind narrow roles, so a typical business user never sees them.

This page is the map: what each admin page does, who needs it, and which other module pages it interacts with.

When you'll come here¶

You want to…	Go to
Switch a whole module on or off (e.g. disable Flows for now)	Modules
Add a tag, domain, department, team, or event category	System tables
See the trail of "who changed what" across the platform	Audit log
Connect Databricks, Azure, or any external system	Integrations
Configure where exports land (S3, Azure Blob, GCS, SharePoint)	Export targets
Manage SLA policies (deadlines, reminders, escalation)	Policies
Define or edit approval workflows	Workflows
Manage fiscal calendars (so metrics use your YTD / QTD definitions)	Fiscal calendars
Clear / inspect the metric or insight result cache	Metric query cache / Insights query cache
Change the platform's brand colour, logo, agent name	Branding
Set tenant-wide defaults (date format, currency, locale, chart palette)	Defaults
Capture organisation-level mission, vision, strategy, and goals	Organisation profile
Manage users	Users
Define roles for organisational positions (CFO, Data Steward, …)	Organisation roles
Group platform roles into reusable bundles	Role groups
Manage AI provider keys, model settings, guardrails, observability, experiments	See the AI platform page
Run, monitor, or unblock approval workflows	See the Workflows page

Modules — turn the platform on and off, module by module¶

/admin/modules

Every top-level area of Datahub (Metrics, Insights, Flows, …) is governed by a row in the platform's module settings table. As an admin you can:

Activate / deactivate a module — when off, its sidebar item disappears or shows greyed-out (configurable per module).
Set visibility — hidden (vanishes from the sidebar entirely) or disabled (visible but non-clickable, with a tooltip explaining how to request access).
See the release status — ga or beta (drives the beta badge in the sidebar).

When a module is off, users who try to navigate there see a request access modal. Submitting it starts a workflow (handled by the Workflows engine). On approval the module auto-activates.

This is the cleanest way to roll a beta module out to a specific group, or to retire a module without deleting any data.

System tables — the master lists everyone shares¶

/admin/system-tables

System tables are the shared vocabulary the whole platform draws on. They're tabbed inside one page:

Tab	What it controls	Used in
Tags	Free-form labels with a colour. Govern PII, sensitivity, lineage hints, ad-hoc grouping.	Catalog assets, glossary terms, metrics, insights, events, transcripts, flows, etc.
Domains	Top-level business areas (Finance, HR, …). Drives ownership filters, governance dashboards, HERC's "what changed in Finance?" answers.	Glossary, catalog, metrics, contracts, products, processes.
Departments	Hierarchical organisational units (e.g. Finance → Accounting). Contracts, assets, and tasks are routed by department. Hierarchy via `parent_id`.	Contracts, products, flows, insights, dashboards.
Teams	Cross-functional teams (e.g. Data Engineering, Data Governance). Owns Data Products.	Data Products.
Event categories	Categories used in the Events module.	Events.

Each tab is a small CRUD list with system-flagged seed rows (which can't be deleted) and user-created entries (which can).

Because so many modules read from these tables, the rule of thumb is add here once, use everywhere.

Audit log — every change, every user¶

/admin/audit-log

A read-only ledger of mutating actions across the platform: who did what, when, against which entity. Filterable by user, entity type, action, and date range.

Used for:

Compliance reviews ("show me every change to Customer LTV in the last 90 days").
Incident triage ("who archived this contract?").
HERC's recent activity feed and the home page's trending entities list both read from here.

Audit entries are immutable.

Integrations — connect external systems¶

/admin/integrations

The single page where you wire Datahub to the world:

Databricks — workspaces (Service Principal, OAuth U2M, or PAT). Drives Metrics, Insights, Dashboards, Logic Engine, Metadata Engine, and several Flows actions.
AI providers — OpenAI, Anthropic, and Datahub Private AI. See AI platform.
Storage and identity backends — Azure AD, Azure Key Vault, etc.

Most integrations support multiple instances; the modules that consume them pick which instance per query.

For per-user Databricks identity (Unity Catalog RLS, per-user audit), see Databricks per-user OAuth.

Export targets — where bulk exports land¶

/admin/export-targets

Managed connections to S3, Azure Blob, GCS, and SharePoint that catalog and metadata exports can be sent to. Users with datacatalog.export.manage can register these once; downstream import / export flows reference them by name.

Policies — SLA, deadlines, reminders, escalation¶

/admin/policies

Type-aware policy templates with JSONB config. Today the main type is SLA policies — they govern how long a workflow step has before it's considered overdue, when reminders fire, and when it auto-expires.

Six standard SLA policies ship out of the box:

Policy	Deadline	Behaviour
Critical Escalation	4 h	Tight reminders, immediate escalation.
Quick Acknowledgment	8 h	Fast acknowledgement window.
Urgent Review	24 h	Auto-expire on miss.
Standard Approval	48 h	Default for most approvals.
Extended Review	120 h	For complex changes.
Compliance Review	240 h	Long horizon for audits.

Policies attach to workflow definitions through policy assignments — a workflow can pick a different SLA per step, or fall back to the default. See Workflows.

Workflows admin — design the approval flow¶

/admin/workflows

Visual builder for the platform's approval workflows. Each definition picks the entity type (glossary term, metric, insight, contract, …), the trigger statuses, the steps and their assignee rules, and the SLA policy.

Definitions are versioned; only the active version is in force. Existing instances continue under the version they started on. See Workflows for the user-facing side (Tasks inbox, Submit for Review modal, workflow progress on detail pages).

Fiscal calendars¶

/admin/fiscal-calendars

Define your organisation's fiscal year, quarters, and periods. Metrics that use YTD / QTD / MTD / fiscal-year time grains resolve against the calendar attached to the metric definition. Most tenants need one calendar; multinational tenants can register several and pick per-metric.

Result caches — operational levers for query speed¶

Page	Module	What it does
`/admin/cache`	Metric query cache	View, search, and purge cached metric query results. Filter by metric, by version, by user, by warehouse. Useful when a backing table changes and you want fresh numbers.
`/admin/insights-cache`	Insights query cache	Same idea for Insights cards.

Both caches are also auto-invalidated on common signals (definition edits, archive, contract version changes). The admin page is the manual escape hatch.

Branding — make it your platform¶

/admin/branding

Per-tenant visual identity:

Theme colour — preset orange, neutral grayscale, or a custom hex (validated for contrast in light + dark mode).
Logo (light / dark) — full wordmark on the sidebar and login page.
Icon (light / dark) — favicon and app icon.
AI agent identity — name and avatar for HERC.
Regional defaults — date format (DD-MM-YYYY default), time format (24h default).
Page descriptions — admin-editable header copy on top-level pages.

Brand assets are stored in the database (so they survive container restarts).

Defaults — tenant-wide preferences¶

/admin/defaults

Tenant-wide defaults that users inherit and can optionally override per-account at /account:

Number locale (BCP-47, e.g. nl-NL) — drives Intl.NumberFormat: thousands separator, decimal separator, currency formatting.
Default currency (ISO 4217, e.g. EUR).
Insights chart palette — up to 5 hex colours for the default chart series.

Fresh deployments ship with nl-NL and EUR; admins can change.

Organisation profile — context for the AI¶

/admin/organization-profile

Mission, vision, strategy, and free-form profile text — plus a list of organisational goals and targets. This isn't decorative: HERC and the agent system read this content when answering open-ended questions ("are we on track to hit X?") so the answers are grounded in your strategy, not generic.

The PUT is partial — only changed fields are sent — so unset fields stay null rather than being overwritten with empty strings.

Users — accounts and identity¶

/users

User accounts in the tenant. Add users, edit profile fields, deactivate. Roles are not assigned per user — they're assigned by membership in role groups.

Organisation roles — the hats people wear¶

/orgroles

Organisational roles describe positions (CFO, Data Steward of Finance, …) — distinct from platform permissions. They feed:

Workflow assignment rules (role_based, auto_route_domain_steward).
Task routing.
HERC's reasoning about who's responsible for what.

A user can hold multiple org roles.

Role groups — bundles of platform permissions¶

/rolegroups

This is the central permission lever. A role group is a named bundle of platform roles (e.g. Administrator, MetricSteward, AI.Editor). Users get permissions by being added to one or more role groups.

Each platform role string follows the convention module.resource.action (e.g. metric.read, dashboards.manage). The matching frontend constants live in roles.ts and the sidebar / page guards consult them.

Built-in role groups cover common personas; tenants typically add a handful of custom groups (e.g. EMEA Finance Reader, Data Catalog Steward).