System Settings
System Settings is the control-plane view for platform configuration that is
safe to inspect or change from the Qarion UI. Open it from Administration ->
System Settings or go directly to /admin/system.
Most sections are available only to superadmins. Some settings are read-only because they come from deployment configuration, while editable values are saved as database overrides and take precedence over environment defaults.
Admin Route Map
| Route | Section | Use it for |
|---|---|---|
/admin/system | Overview | Review all system setting areas and jump to a section. |
/admin/system/core | Core | Worker mode, Redis status, database summary, and email runtime settings. |
/admin/system/security | Security | Platform-wide security switches such as package vulnerability scanning. |
/admin/system/authoring | Authoring Network | Shared network policy for generated-code, transform, and notebook authoring runtimes. |
/admin/system/pipeline_authoring | Pipeline Authoring | Generated-code validation, dependency fetch policy, package source, and dedicated code-writer routing. |
/admin/system/transform_authoring | Transform Authoring | dbt/SQLMesh package fetch behavior and transform authoring package sources. |
/admin/system/notebook_authoring | Notebook Authoring | Notebook package fetch behavior and notebook worker resource classes. |
/admin/system/knowledge | Knowledge | Data question summaries, analysis link suggestions, ticket automation, search, and documentation indexing. |
/admin/system/storage | Storage | Default attachment storage and artifact-family storage for Python packages, OCI blobs, and model artifacts. |
/admin/system/maps | Maps | Embedded map style preset, custom style URL, and place-search provider. |
/admin/system/git | Git Sync | Analysis Git/Gitea health, connection checks, repository repair, and project repository defaults. |
/admin/system/ai | AI | LLM provider profiles, routing, and task budgets. |
/admin/system/embeddings | Embeddings | Semantic embedding provider, test embedding, index version, and reindex actions. |
If a section is missing, confirm that you are in the control-plane admin view, that your account has superadmin access, and that the relevant feature is enabled for the deployment.
Working With Settings
The System Settings UI shows each setting with its effective value. Values can come from deployment defaults, database overrides, or a masked secret value.
Use this workflow before changing settings:
- Open
/admin/systemand select the section that owns the setting. - Check whether the value is editable, overridden, or locked.
- Save only the specific field or section you intend to change.
- Use the section's test, reindex, or repair action when one exists.
- Watch the related operational view, such as AI Ops, jobs, repository status, or documentation search, for follow-up errors.
Read-only rows usually mean the setting must be changed in deployment configuration. Secret rows show only whether a value is set; leave the edit field blank if you want to keep the current secret.
Core, Security, And Authoring
The Core section groups worker, Redis, database, and email settings. Worker mode indicates whether background jobs run embedded with the web process or through an external worker. Production deployments should use external workers.
Security and authoring sections control shared runtime behavior:
- Security includes platform-wide enforcement switches, including package vulnerability scan behavior.
- Authoring Network controls the shared proxy-backed network policy for generated-code runtimes.
- Pipeline Authoring controls validation package fetch policy, public index access, Qarion package base URL, code-writer routing, and dependency smoke validation.
- Transform Authoring controls dbt, SQLMesh, adapter, and package fetch behavior.
- Notebook Authoring controls notebook package fetch behavior and notebook worker resource classes.
For workflow details, see Pipeline Authoring, Transform Models, and Notebook Workers.
Knowledge And Documentation
The Knowledge section combines settings that affect discoverability and assistant context:
- Data question summary generation.
- Analysis link suggestion behavior.
- Ticket issue-detection and tagging behavior.
- Search connection settings.
- Documentation index reindexing.
Use Documentation Search for the detailed documentation indexing workflow.
Storage
Storage settings separate the default attachment target from artifact-family targets:
- Default attachments and files.
- Python package repository files.
- OCI registry blobs.
- Model repository artifacts.
Artifact-family storage can inherit the default target unless a family override is set. New writes use the current target, while existing files keep their recorded backend and URI.
See Storage Configuration for backend-specific fields and Artifact Repositories for repository workflow guidance.
Git Sync
The Git Sync section shows Analysis Git/Gitea configuration status and repository health. Use it to:
- Confirm base URL, internal URL, callback URL, organization prefix, service account, Git LFS, token presence, and webhook secret presence.
- Review total, synced, errored, and provisioning repository counts.
- Run Test Connection against the configured Git provider.
- Run Repair Repositories to reconcile Qarion-owned repository settings and protected branches.
- Set default project repository access and merge-request approval rules.
- Inspect recent Analysis Git repository errors.
Deploy-managed Git secrets are not shown and are not edited from this page. See Analyses for repository user workflows and the Repositories API for automation details.
AI And Embeddings
The AI and Embeddings sections configure model providers, model routes, task budgets, embedding providers, embedding tests, and reindex actions. These settings affect Copilot, classification, authoring assistance, semantic search, documentation search, and standards search.
See AI Ops for operational guidance and the AI Operations API for payloads.
Troubleshooting
| Symptom | What to check |
|---|---|
| The System Settings tab is not visible. | Confirm you are a superadmin and are using a control-plane admin route. |
| A field has a lock icon. | The setting is read-only in the UI and must be changed through deployment configuration. |
| A secret appears as set but cannot be read. | This is expected. Secret values are masked; enter a new value only when rotating the secret. |
| A saved setting does not change behavior. | Confirm the specific runtime has reloaded the setting and check whether an instance-level override applies. |
| Storage changes do not move old files. | Existing files keep their recorded storage URI. The new target applies to new writes. |
| Git Sync test fails. | Check deployment Git provider URLs, admin token, webhook secret, service account, and network reachability. |
| AI or embedding tests fail. | Check provider credentials, base URL, model name, enabled state, and instance override behavior. |