KSQL Lab Overview
Kadeck’s KSQL Lab enables data and analytics teams to interact with streaming data using KSQL in a familiar, data warehouse–like environment. Queries are stored in worksheets, similar to modern cloud data warehouses, and can be organized by business domain.
Kadeck enforces the same topic-level access controls for KSQL that apply across the rest of the platform. In addition, you can define dedicated KSQL permissions for query execution (including permanent statements) and at the ksqlDB cluster level to keep teams and environments properly separated.
Data ownership transparency built in Every KSQL statement has operational consequences. KSQL Lab surfaces the topics a statement depends on and connects them to ownership context (domains, teams, and related metadata). This enables faster coordination, clearer accountability, and safer changes—especially in shared streaming environments. The data dependencies can be found under "Data dependencies" in an active worksheet.
Use cases
Use KSQL Lab for:
- Ad-hoc exploration: Query streams and tables with SQL to understand live data.
- Stream processing development: Prototype and test statements before promoting them to permanent queries.
- Data quality checks: Validate schemas, constraints, and invariants against live traffic.
- Real-time analytics: Build operational BI on streaming data without moving it into a separate warehouse.
Key features
Worksheets and domains
Queries are saved in worksheets, providing a persistent workspace for SQL scripts. Worksheets can be organized by business domain, allowing teams to group related streaming logic and manage access collaboratively.
Resource autocompletion
The editor provides suggestions for ksqlDB resources, including:
- Streams
- Tables
- Topics (the underlying Kafka topics used by the ksqlDB cluster)
Multi-cluster support
Switch between multiple ksqlDB clusters from the same interface—useful for separating teams or business units.
Permissions
Kadeck applies a layered security model for KSQL:
Worksheet visibility
Worksheets have a visibility scope:
- USER (default): only visible to the author
- DOMAIN: visible to members of the worksheet’s domain
- PUBLIC: visible to all users
Important: Worksheet visibility does not grant access to the underlying data. A user must still have access to all referenced topics to run a query—even if the worksheet is PUBLIC.
Data access
Users can only see and query ksqlDB resources (Streams, Tables, Topics) if they have TopicAccessRead permission for the underlying Kafka topic.
Query execution permissions
Running statements requires KSQL permissions on the target cluster:
SqlAccessQueryfor interactive queriesSqlAccessCreatefor permanent operations (statements that modify cluster state, such asCREATE STREAM)SqlAccessAllconvenience permission that includes bothSqlAccessQueryandSqlAccessCreate
Configuration
Before users can use KSQL Lab, an administrator must connect one or more ksqlDB clusters and assign permissions.
Step 1: Add a ksqlDB cluster
- Go to Connections and open an existing connection (or create a new one).
- Open the ksqlDB tab and click Add cluster.
- Enter the cluster details (URL, authentication) and click Test connection.
- Click Save cluster and note the Cluster ID (used for permission assignment).
Step 2: Grant permissions
- Go to Administration → Roles and open the role you want to update.
- Add the required KSQL permissions for the specific connection and Cluster ID (for example:
SqlAccessQuery,SqlAccessCreate, orSqlAccessAll). - Ensure users also have
TopicAccessReadfor any Kafka topics referenced by their queries.
Step 3: Verify access
- Open KSQL Lab and switch to the Data tab.
- Streams and tables from the connected cluster should appear.
How it works
- Statement extraction: Kadeck identifies the active statement at the cursor and executes only that statement.
- Dependency awareness: Kadeck detects topic dependencies referenced by the statement to provide visibility into impacted data and ownership.
- Security filtering: Before showing suggestions or executing commands, Kadeck verifies topic access and cluster permissions.
- Real-time results: Query results stream into the results pane for immediate feedback.