Performing administrative management

Suggest edits

Manage user accounts, access controls, and system-wide settings from the Management panel on the left sidebar. Use these administrative actions to oversee account security, define permission tiers, and configure core integration parameters.

Important

Access to this panel is restricted to users with the Admin role privilege. Non-admin users who navigate to a restricted page receive a 403 access denied page. Destructive actions prompt for confirmation before proceeding.

Managing the user lifecycle

Monitor account status and provision new access credentials with the WEM Users tab.

  • Check the header cards for Total Users, Active Users, Locked Users, and Admin Users. A non-zero Locked Users count indicates that users have exceeded the failed login threshold. Investigate potential security incidents or assist users with password resets.
  • Provision new users by selecting the Add WEM User button. In the Database Authentication section, link the WEM account to an existing WHPG user by selecting from the WarehousePG Username dropdown, or create a new WHPG identity by entering a username directly.
  • Assign users to one of the three built-in profiles:
    • Admin: Full system control.
    • Operator: Operational dashboard access, including query management and cancellation.
    • Viewer: Read-only access to metrics.
  • Use the Active toggle when editing or creating a user to revoke access immediately without deleting the account's history.
  • Regularly review the Admin Users count. Keeping the number of high-privileged accounts to a minimum is a core security best practice.

Managing profiles

Review the built-in profiles and their user assignments with the Profiles tab. The Profiles table lists each profile's name, description, and the number of users currently assigned to it.

Defining role-based access control

Control what your team can see and do within the platform with the Permissions tab.

  • Enable or disable access to specific WEM panels for each profile using the Tab, Admin, Operator, and Viewer columns.
  • If permissions become misconfigured, use the Reset to Defaults button to revert the access control matrix to the factory-recommended state for all profiles.

Auditing administrative actions

Maintain a chronological record of every administrative action performed in the system with the Audit Log tab.

  • Filter by time range (Last 24 hours, Last 7 days, Last 30 days, Last 90 days) and by action type to narrow results.
  • Filter by Failed Login to identify potential brute-force attempts. Filter by Login and Logout to verify user activity during specific incident windows.
  • Apply the Update User and Create User filters to see who modified accounts or security flags.

Configuring system integration settings

Perform configuration changes to your existing WEM installation with the Settings tab.

  • Configure the WarehousePG database connection in the WHPG Database Connection section by editing the coordinator host name, port, database name, and credentials.
  • Configure WEM's own state database in the WEM Database Connection section.
Note

Changes to database connection settings or the application port require a restart of the WEM service to take effect.

  • Input your Prometheus, Loki, and Alertmanager URLs to enable real-time metric graphs, integrated log streaming, and real-time notifications. If these fields are left empty, the corresponding panels in the dashboard will remain disabled.
  • Adjust the value of Log Min Duration Statement to define what constitutes a slow query in milliseconds. This setting directly controls which queries are captured for performance analysis.
  • URL, integer, and duration fields are validated inline. Navigating away or closing the browser with unsaved changes triggers a warning. Changes to critical connectivity settings (database host, port, or credentials) require an additional confirmation before saving.

Scheduling proactive health checks

Define automated probes to verify the end-to-end integrity of your cluster with the Canary Checks tab.

  • Create a Connectivity check to verify that the database is accepting new session requests.
  • Select the Query type to run specific SQL statements (SELECT count(*) FROM sales;) at set intervals. Define warning and critical latency thresholds to trigger alerts if performance degrades.
  • Configure Segment Health and Replication checks to monitor for hardware failures or synchronization lag between primary and mirror segments.
  • The Source column indicates whether a check is System-defined or User-defined. System checks are protected and can't be edited or deleted.

Could this page be better? Report a problem or suggest an addition!