Admin Menu


Your Matillion ETL instance can be administrated through the Admin Menu found at the top-right of the page. Note that only administrators will be able to view and access this menu.

Selecting this option will give access to the following administrative tools:

  • Download Server Log
  • Matillion ETL Updates
  • Security Configuration
  • SSL
  • Restart Server
  • Manage Backups
  • Audit
Note: For users running HA (Clustered) Instances, some options will be unavailable. Security Configuration is unavailable as LDAP is used by default for HA instances. Restart Server and Manage Backups are also unavailable as there is no single machine to restart or backup.

Download Server Log

Tomcat Catalina server logs of your Matillion ETL instance are available. Selecting the 'Download Server Log' option from the admin menu will download a 'catalina.out' file that contains the servlet's logs in plain text.

Server logs record only for a finite time and size so it is likely your download will contain only recent history. For this reason, if an error is encountered, it is recommended that users attempt to reproduce the error then immediately download the log file.

Matillion ETL Updates

We describe here the Update function of the Admin menu. However, users wanting to update their instance are strongly recommended to read the Updates documentation.

Note: In rare cases, it may be required that a user performs a manual update. Details of this procedure can be found here.

Warning: The update process does NOT automatically back up your instance. It is STRONGLY recommended that you perform a backup before upgrading the instance. (This can also be performed manually.)

Selecting the 'Matillion ETL Updates' option from the Admin menu will open a new dialog box. You may check for software updates using the Check for Updates button. Available updates are listed in the console and the Update button will become available if these can be installed.

Selecting 'Update' will download any updated packages and apply them - once applied the server will be restarted, which will disconnect any users and abort any running tasks.

User Configuration

Note: Controlling user access to the Matillion ETL instance comes in 2 forms; Internal and External.
Note: Passwords used here are given in Plaintext but are stored as SHA512 hashes. If you are manually editing a password either by manually editing the database or via the API, you must supply the desired password as a SHA512 hash. Plaintext passwords are never recoverable by any means.


The 'Internal' option uses an internal (instance-side) database of username, passwords and privileges. You can add remove and modify users in the Security Configuration section.

To change the user's password: select the padlock icon by the appropriate username.

To Remove a user: click the X icon by the appropriate username. A removed user is forced to log out and disconnect from the instance.

To add a user, click the + icon underneath the list of usernames; this will create a new 'Add User' dialog box. Enter a username and password for the user (required) and select any Roles they are allowed (optional).


The 'External' option is used for linking to an existing directory server (e.g. OpenLDAP (Lightweight Directory Access Protocol) or Microsoft Active Directory).

Note: Opting to use External Security will prevent logins using the existing users in Internal Security.


Completing the 'Set Realm Parameters' form will allow you to use LDAP to grant and prevent access to users on your Matillion ETL instance. Sample values below are for an Active Directory server running for the realm EXAMPLE.COM.

Parameter Description
Connection Name The name of a user to make the initial bind to the directory.

For active directory, that will include a realm using the form "user@REALM"

Connection Password The password for the user to make the initial bind to the directory.
Encryption Key A list of KMS keys that the user has access to that are used to encrypt connection passwords.
Connection URL

The location of the directory server, using one of the forms below:

For non SSL - ldap://<hostname>:389
For SSL - ldaps://<hostname>:636
User Base The part of the directory tree to begin searching for users.
User Search The attribute to search for user names.
Role Base The part of the directory tree to begin searching for groups/roles - often the same place as users.
Role Name The name of the attribute containing the role name.
Role Search

How to find all the roles for a user.

METL Role Name The role a user must be a member of to gain access to the Matillion ETL application.
METL Admin Role Name The role a user must be a member of to gain access to the Matillion ETL administration page - this can be different to the METL Role Name but is not required to be.

Once the configuration is Saved, you will need to restart the server to take effect - use the Restart Server button on the top-right of the screen.


Remove User: Any user that logs into this Matillion ETL instance is stored in the Access Control List and will persist there even after logging out. To remove a user from the ACL, use the X button beside that user's name. If currently logged in, the removed user will be forced to log out and disconnect from the instance.

To revert from an External to an Internal security configuration, please consult our guidelines.




Matillion ETL can listen for HTTP (port 80) requests, HTTPS (port 443) requests, or both, as in the below image.

Note: By default, Matillion only listens for HTTP requests (port 80).


Selecting either the HTTPS or BOTH options enables SSL. If SSL is enabled, you may optionally upload SSL certificates to allow clients to validate the identity of the server.


You can provide a certificate and key file using the Upload Certificates button once you have chosen the appropriate files.

Note: Clients using HTTPS will receive a certificate validation error until a valid certificate is provided.

Finally, pressing OK saves any changes in this section but does not immediately apply it. For the changes to take effect, you must restart the server. Doing this will disconnect any connected client sessions and abort any currently running jobs.

Note: SSL key files must be in PEM format. Do not use password-encrypted keys.

In order to Enable and Disable SSL, please refer to the documentation on Securing Matillion ETL. Note that SSL is enabled by default with Matillion ETL.


Restart Server

Allows admins to restart the Matillion ETL instance without going through the Amazon EC2 console.

Manage Backups

Allows the user to test and schedule automatic backups of the instance. See Manage Backups for more...

While not yet available through the in-client Admin menu, Matillion ETL can be backed up easily from your GCP Console. See here for more...


Audit Logs

The Audit Log shows a list of significant activity within a Matillion ETL Instance. Most actions by users are logged here in detail such that they are accountable for any changes made. See here for more information on the Audit feature.

Note that the Audit Log is an Enterprise-Only feature and so is only available on m4.large and m4.xlarge instances.