Administrator Guide

The admin guide covers everything an operator needs to run QRY: provisioning a tenant, managing users and access control, wiring external services, deploying changes, and answering compliance questions.

The user guide assumes a working tenant; this guide is how it gets there and stays there.

Who this is for

Tenant administrators — set up users, datasources, and the catalogue of features your team can use.
Platform operators — provision new tenants, manage upgrades, watch dashboards, respond to alerts.
Compliance / security owners — audit logs, GDPR requests, retention policies, ABAC enforcement.

You don't need to read it linearly. Use the sections below as references when a specific task lands on your desk.

Sections

Users and groups

Provision accounts, organise them into groups, assign tenant-level roles. Where users come from (direct, OAuth, invitation), the standard role bundle, and the user-removal lifecycle.

Datasources

How user-facing data gets into QRY, and how it stays governed.

Connecting databases — Postgres, BigQuery, Snowflake, Starburst, Databricks, SAP HANA, Oracle, SQL Server, Redshift, Cloudera, Salesforce. Credential encryption (Fernet via JWT_SECRET_KEY), schema cache, query timeouts.
SAP module integration — the extra module level for HANA. Why it matters: LLM context budget, RBAC granularity, custom-table focus.
Pre-processed profiling — background column-statistics so the LLM gets richer context without exploratory queries.

Access control

Three layers, each solving a different problem. They compose.

RBAC — role-based access at datasource / catalog / schema / table.
ABAC — tag-based row-level security, two-layer defense (LLM instruction + sqlglot validator).
DAC — discretionary access for owner-managed assets (conversations, dashboards, notebooks, workspaces).

System

Integrations and tenant-wide settings.

LLM providers — Claude, Gemini, OpenAI. Per-feature routing, fallback, cost controls.
Embedding configuration — text-only vs. multimodal. The worker-restart gotcha.
Speech-to-text providers — what powers the mic icon.
GitHub integration — bidirectional issue sync.
License management — GCP service-account-backed licenses, 24h grace, 180-day rotation.

Operations

The runbook side: provision, upgrade, monitor.

Multi-tenant provisioning — provision_tenant.sh end to end.
PostgreSQL upgrades — major-version PG upgrades with PVC reset.
External Spark cluster — Lakeflow / DataFlow delegation for >10 GB transfers.
Monitoring and health — health probes, Grafana dashboards, alert groups.

Audit and compliance

Audit log, soft-delete retention model, GDPR data-subject requests, encryption posture, tenant data isolation.

If a topic isn't covered here, the Features reference has the deep technical view of every QRY feature.

Who this is for​

Sections​

Users and groups​

Datasources​

Access control​

System​

Operations​

Audit and compliance​