Explaining ADMIN Model
Central Set’s core administrative model β defines users, roles, permissions, menus, applications, security layers, dashboards, scheduled jobs, Arrow Flight exposure, and dynamic UI generation.
The ADMIN_MODEL is the foundational metadata model of Central Set.
It defines:
- the security model (users β’ roles β’ permissions β’ row/column access)
- application & menu structure
- UI generation rules (forms β’ datatables β’ layouts β’ custom components)
- dashboards
- scheduled jobs
- environment variables
- Arrow Flight / data service exposure
- access tokens
- translation & custom metadata
Everything lives inside one Markdown + YAML file β the single source of truth.
central-set --init --model admin_model.md
or
central-set --update-metadata --model admin_model.md
π§ Philosophy of the ADMIN Model
Central Set follows a strong model-driven architecture.
Instead of hand-writing:
- database tables
- CRUD endpoints
- RBAC rules
- forms & datagrids
- navigation menus
- dashboards
- background jobs
- data service endpoints
β¦ you declare the desired system in declarative YAML blocks inside Markdown.
The runtime then:
- creates / updates schema
- generates metadata entries
- builds REST-like APIs
- expose every table as OData v4 API
- renders admin UI automatically
- enforces multi-layer security
- exposes Arrow Flight endpoints (if configured)
π¦ High-Level Structure
ADMIN_MODEL.md
βββ Model metadata (name, connection, behavior flags)
βββ cs_app β applications & menu groups
βββ Core tables β lang, role, users, user_role, app, menu, ...
βββ Security tables β role_app, role_app_menu, role_app_menu_table, row_level_access, ...
βββ UI & metadata tables β table, table_schema, menu_table, custom_table, custom_form, ...
βββ Dashboard tables β dashboard, dashboard_comment
βββ Arrow Flight β arrow_flight, arrow_flight_table, arrow_flight_table_scope, ...
βββ Jobs & logging β cron, cron_log, user_log
βββ Integration & utils β access_key, env, translate_table, translate_table_field
βοΈ Model Header
name: ADMIN
description: CS ADMIN Model
runs_as: MODEL
conn: '@DB_DRIVER_NAME:@DB_DSN'
create_all: checkfirst
_drop_all: checkfirst
update_table_metadata: true
active: true
Most important flags:
| Field | Typical value | Meaning |
|---|---|---|
conn | @DB_β¦ | Database connection string (env vars) |
create_all | checkfirst | Create tables if missing |
update_table_metadata | true | Refresh table & table_schema entries |
active | true | Load this model on startup |
𧩠Application & Menu Structure (cs_app)
cs_app:
Dashboards:
menu_icon: document-report
menu_order: 1
active: true
tables:
- dashboard
Admin:
menu_icon: user-group
menu_order: 2
tables:
- app
- menu
- role
- users
## β¦
This block automatically creates:
- sidebar menu groups
- icons & ordering
- associated tables (shown as sub-items or default views)
π Security Layers
Central Set implements four levels of access control:
- Application access β
role_app - Menu access β
role_app_menu - Table / CRUD access β
role_app_menu_table(create/read/update/delete/share) - Row Level Access (RLA) β
role_row_level_access/row_level_access
Typical flow:
User β Role(s) β App permission β Menu permission β Table CRUD permission β Row filter
π₯οΈ Automatic UI Generation
Every table can carry UI hints:
columns:
username:
type: varchar(50)
unique: true
nullable: false
form_display: true
table_display: true
form_size: 4
order: 1
Common UI properties:
| Property | Effect |
|---|---|
form_display | Show in create/update forms |
table_display | Show as column in list view |
form_size | Bootstrap column width (1β12) |
form_long_text | Use textarea instead of input |
form_code | markdown, json, sql, β¦ β code editor mode |
form_att | File / attachment upload |
Form layout control:
form_layout:
tabs_steps: tabs
form_in_popup: false
size: 9
ποΈ Custom UI Extensions
Via table_extra_options:
table_extra_options:
- {size: 12, component: EvidenceDash, label: dashboard, intercept_r: true}
- {size: 12, component: AdminApps, label: permissions, icon: key, pop_up: true}
Popular built-in components:
EvidenceDashβ renders markdown dashboardsAdminAppsβ permission matrix / role editorAccessKeyβ token generation & display
π Dashboards
Dashboards are stored as markdown + configuration:
dashboard_conf: { type: text, form_code: markdown }
The EvidenceDash component interprets this field and can embed:
- SQL query results
- charts
- ETLX results
- external API data
- markdown content
π Arrow Flight / Data Service Exposure
arrow_flight:
flight_schema: adm
startup_sql: "ATTACH 'database/ADMIN.db' AS adm (TYPE SQLITE);"
main_sql: "USE adm;"
Allows Central Set to act as an Arrow Flight server, exposing selected tables/scopes to:
- Python (pyarrow)
- R
- BI tools with Arrow Flight support
- Datafusion, Polars, β¦
β±οΈ Scheduled Jobs (cron)
cron:
cron: "0 0 * * *"
api: "etlx/name/daily-backup"
active: true
Central Set comes with a built-in cron runner that calls internal APIs.
π Access Keys & Environment Variables
access_keyβ bearer tokens for machine-to-machine accessenvβ centrally managed environment variables (usable via@ENV_NAME)
Summary β Why one big model?
By keeping everything in one declarative Markdown/YAML file you get:
- Git-versioned infrastructure
- Reproducible environments
- Self-documenting schema
- Automatic security & UI generation
- Easy auditing & review
- LLM-assisted modifications possible
The ADMIN_MODEL is effectively the constitution of your Central Set instance.
Feel free to extend it β every new table, role, menu group or dashboard added here immediately becomes part of the live system.
Last updated 20 Mar 2026, 09:11 -01 .