> For the complete documentation index, see [llms.txt](https://docs.ovaledge.com/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://docs.ovaledge.com/release8.2/askedgi/administration-and-governance/admin-and-configuration-guide.md).

# Admin and Configuration Guide

This article explains how administrators configure and manage askEdgi. It describes role-based access control, system settings, API key management, Marketplace administration, workspace data download controls, purge policies, and data reload capabilities.

The article also explains how administrators secure and maintain the askEdgi environment by configuring user access, managing operational settings, controlling data downloads, optimizing workspace storage, and ensuring reliable system performance.

## Role Configuration and Access Control

askEdgi integrates with OvalEdge role based access control.

### Enabling askEdgi Access

Configuration Steps

1. Navigate to **System Settings.**
2. Search for **askedgi.metadata.analytics.role**
3. Select the appropriate role.
4. Enable askEdgi access.
5. Save configuration.

### Recommended Role Assignments

| Edition            | Intended Users                        |
| ------------------ | ------------------------------------- |
| Metadata Analytics | Governance and discovery teams        |
| Data Analytics     | Business analysts and data scientists |
| Public Edition     | Enabled by default via subscription   |

## System Settings Overview

askEdgi includes multiple system-level configurations. These settings control behavior related to AI usage, Marketplace access, usage limits, and operational thresholds. Detailed configuration options are documented separately under askEdgi System Settings and Configurations.

## API Key Management for Enterprise SaaS

### OvalEdge Provided API Key

| Attribute           | Behavior     |
| ------------------- | ------------ |
| Monthly Quota       | $100         |
| Alert Threshold     | 80 %         |
| Hard Stop           | 100 %        |
| Admin Configuration | Not required |

### Customer Provided API Key

**Configuration Steps**

1. Generate an **OpenAI API key**
2. Navigate to **AI settings**
3. Select **customer provided key**
4. Paste the **key** for encrypted storage
5. Save configuration

**Administrative Responsibilities**

* Monitor usage and spend
* Rotate keys periodically
* Manage budgets

### API Key Security Controls

| Control    | Enforcement                     |
| ---------- | ------------------------------- |
| Encryption | Encrypted at rest               |
| Logging    | Never logged or displayed       |
| Isolation  | Tenant isolated OpenAI projects |

## Marketplace Management in Public Edition

### Recipe Review Workflow

**Workflow Sequence**

1. User submits a recipe
2. Admin notification is generated
3. Documentation is reviewed
4. Policy compliance is validated
5. Execution behavior is verified
6. Recipe is approved or rejected
7. Approved recipes are published

### Revoking Marketplace Recipes

**Recipes may be revoked to:**

* Remove public visibility
* Block new subscriptions
* Preserve existing executions

## Scheduled Jobs and Automation

### Background Jobs

| Job Name                | Frequency |
| ----------------------- | --------- |
| Trial Reminder          | Daily     |
| Spend Limit Check       | Hourly    |
| Billing Reset           | Monthly   |
| Subscription Validation | Daily     |
| Cleanup Service         | Daily     |

## Workspace State Management

| State        | Description           |
| ------------ | --------------------- |
| Connected    | Workspace active      |
| Restarting   | Workspace reloading   |
| Disconnected | Workspace unavailable |

### Administrative Recovery Actions

* Review workspace logs
* Restart workspace
* Monitor CPU and memory usage
* Upgrade workspace container

### Workspace Container Sizes

| Container | Capacity                   |
| --------- | -------------------------- |
| Standard  | Default                    |
| Medium    | 2 times compute and memory |
| Large     | 4 times compute and memory |

## Troubleshooting Operational Issues

| Issue                      | Resolution                                                |
| -------------------------- | --------------------------------------------------------- |
| Cannot add catalog objects | Verify connector and permissions                          |
| Recipe execution failure   | Validate datasets and edition compatibility               |
| Slow workspace             | Restart workspace, reduce dataset size, upgrade container |
| Budget exceeded            | Review usage, increase quota, switch API key              |

## Security Hardening Controls

**Administrators must enforce:**

* SSO and MFA
* Audit log retention and export
* Data masking policies
* Network segmentation
* API key rotation
* Encrypted connector credentials

## Backup and Disaster Recovery

| Asset               | Strategy                           |
| ------------------- | ---------------------------------- |
| Catalog Metadata    | OvalEdge database backups          |
| Workspace Artifacts | Ephemeral by design                |
| Recipes             | Stored and backed up with metadata |
| Audit Logs          | Export before retention expiry     |

### Workspace Data Download Control

askEdgi supports controlled data download across all workspace objects. This capability enables users to download datasets generated or accessed within the workspace while ensuring enforcement of role-based access control and consistent behavior across all interaction points.

**Download Availability Across Workspace**

Data download is supported for all types of workspace objects, irrespective of their origin. This includes:

* Catalog tables
* Non-catalog tables
* AI-generated datasets
* Uploaded files
* Derived or transformed datasets created during analysis

Download functionality is consistently available across the following views:

* Workspace object list
* Analysis results (tabular outputs)
* Chat / askEdgi responses where data is rendered
* Recipe execution outputs

This ensures a uniform experience for users working across different analysis and interaction modes within askEdgi.

#### **Role-Based Access Control**

askEdgi provides controlled access to data download within the workspace using a role-based configuration. This ensures that only authorized users can download data while maintaining consistent behavior across all areas where data is displayed, including analysis outputs, chat responses, and recipe results.

#### Role Evaluation and Access Control

The system evaluates the roles assigned to the logged-in user before enabling the download capability.

* A configurable list of roles is maintained at the system level.
* During runtime, the user’s assigned roles are compared against this configured list.

If the user has at least one matching role:

* Download functionality is enabled

If the user does not have any matching role:

* Download functionality is restricted

This evaluation is performed dynamically for every relevant data view to ensure that access is always aligned with the latest role configuration.

**Consistency Across askEdgi Views**

The download control is applied uniformly across all areas where data is rendered within askEdgi. This ensures a consistent and predictable user experience.

The same access logic is enforced for:

* Workspace object list (tables, files, datasets)
* Analysis result tables generated from queries or prompts
* Chat / askEdgi responses where tabular data is displayed
* Outputs generated from recipe execution

Regardless of how the data is generated (catalog, non-catalog, or AI-generated), the download behavior remains consistent.

**User Interface**

The visibility and state of the download option are dynamically controlled based on the user’s access.

**For users with download permission:**

* The download option is visible in the UI
* The option is enabled and actionable
* Users can initiate a download through:
  * Context menu (three-dot menu), or
  * Action icons (where applicable in the workspace)

**For users without download permission:**

* The download option is not exposed in the UI (preferred behavior), or
* It is displayed in a disabled state with a tooltip indicating restricted access

This ensures that unauthorized users are clearly restricted without ambiguity.

**Configuration**

Download access is controlled through a system configuration.

<table><thead><tr><th width="201.27276611328125">Field</th><th>Value</th></tr></thead><tbody><tr><td>Module Group</td><td>OVALEDGE_APP</td></tr><tr><td>Configuration Type</td><td>SECURITY</td></tr><tr><td>Key</td><td>askEdgi.workspace.download.allowed.roles</td></tr><tr><td>Value</td><td>&#x3C;role_list></td></tr><tr><td>Description</td><td>Configure which roles are allowed to download data from the askEdgi workspace, including analysis and chat outputs</td></tr></tbody></table>

<div align="left"><figure><img src="/files/jPP7A793YrmT7t9RLkXa" alt=""><figcaption></figcaption></figure></div>

The configuration defines which roles are authorized to download data from askEdgi, including all analysis outputs and chat-based results.

### Purge Policy

When datasets are imported into the workspace from the Data Catalog, Recipes execution, manual upload, or other supported sources. Over time, these datasets can consume significant storage even when they are no longer actively used.

To optimize workspace storage, askEdgi automatically removes inactive data after a configurable retention period. When data is purged, only the physical dataset stored in the workspace is removed. Metadata, catalog references, and chat history remain available.

**Retention Configuration**

Administrators can configure retention periods using the following system settings:

| Configure Parameter                       | Description                                     | Default Value |
| ----------------------------------------- | ----------------------------------------------- | ------------- |
| askedgi.workspace.data.retention\_days    | Retention period for workspace datasets         | 30 days       |
| askedgi.workspace.results.retention\_days | Retention period for temporary analysis results | 5 days        |

These values can be adjusted to align with organizational standards and governance requirements.

**How Purging Works**

When a dataset is added to the workspace, the retention timer starts.

The retention period is refreshed when:

* The dataset is imported again.
* A Recipe execution refreshes the dataset.
* The dataset is reloaded from its source.

When the retention period expires:

<div align="left"><img src="/files/L0Y24xmeGsMpQLL7ZHIO" alt="" height="283" width="624"></div>

* The dataset is automatically purged from workspace storage.
* The object remains visible in the workspace.
* A **Purged** indicator is displayed on the object.
* Users cannot perform new analysis on the purged data until it is reloaded.

No notifications are generated when data is purged. Instead, users can identify purged objects through the status indicatordisplayed in the workspace.

**Example**

* A sales table is imported into the workspace on January 1.
* The workspace retention period is set to 30 days.
* If the table is not refreshed or re-imported, askEdgi automatically removes the physical dataset from workspace storage on January 31.
* The Sales Orders object remains visible in the workspace and a Purged indicator appears next to it.
* Users must reload the dataset before using it for analysis again.

### Data Reload

Data Reload allows users to restore or refresh existing datasets directly from their original catalog source without manually adding them again. When a catalog-sourced dataset is purged, users can click the Reload icon displayed next to the object. askEdgi retrieves the latest available data from the source system and restores it to the workspace.&#x20;

Reload can also be used to refresh existing datasets when new data becomes available in the source system.

<div align="left"><img src="/files/EQgOQxsh2WmnrL6aOA9n" alt="" height="283" width="624"></div>

Upon clicking on the Data Reload icon , it displays:&#x20;

<div align="left"><img src="/files/wZieOg12PMqOTICukKIF" alt="" height="283" width="624"></div>

* Dataset status&#x20;
* Source connection details&#x20;
* Last imported timestamp
* Reload availability

**Example:**&#x20;

* A user imports the OE Column dataset into the workspace.
* Later, new metadata is crawled into the source system. Instead of removing and importing the dataset again, the user clicks Reload.
* askEdgi refreshes the dataset using the latest source data, and subsequent analyses use the updated information.

**Objects Excluded from Purging and Reload**

The following object types are not automatically purged or reloaded:

* Local file uploads (CSV, XLSX, JSON, and similar files)
* AI-generated outputs
* Recipe-generated outputs
* Live connection datasets

These objects are not linked to a catalog source and therefore cannot be restored automatically. If they become unavailable, they must be recreated or uploaded again.

***

Copyright © 2026, OvalEdge LLC, Peachtree Corners, GA USA


---

# Agent Instructions
This documentation is published with GitBook. GitBook is the documentation platform designed so that both humans and AI agents can read, navigate, and reason over technical content effectively. Learn more at gitbook.com.

## Querying This Documentation
If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter, and the optional `goal` query parameter:

```
GET https://docs.ovaledge.com/release8.2/askedgi/administration-and-governance/admin-and-configuration-guide.md?ask=<question>&goal=<endgoal>
```

`ask` is the immediate question: it should be specific, self-contained, and written in natural language.
`goal` is optional and describes the broader end goal you are ultimately trying to accomplish on behalf of the user. GitBook uses it to tailor the answer towards what is most useful for that goal.

The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.
