Skip to main content
Version: 24.3.x

Remove Duplicate Roles

If you have found duplicate LDAP groups or local roles in Dremio, you can safely remove the duplicates using the admin utility.

This topic provides usage information for the dremio-admin remove-duplicate-roles CLI command.


The dremio-admin remove-duplicate-roles CLI command is available in Dremio 20.5.0+.


  • Perform a backup before running the command (see Backup for more information).
  • Shut down all cluster nodes completely before running the command (see Startup/Shutdown for more information).


Syntax for remove-duplicate-roles command
./dremio-admin remove-duplicate-roles [args...]


Options for remove-duplicate-roles command

Perform a test run of the removal, providing a summary report of the roles that are duplicated and associated members, parents, ACLs, etc.


This section provides examples of using the dremio-admin remove-duplicate-roles CLI command.

Remove Duplicate Roles: Test Run

Remove duplicate roles test run command
./dremio-admin remove-duplicate-roles -r

The test prints out the duplicates and related information such as associated members, parents, ACLs, etc. If the test run results are acceptable, you can run the command without the -r argument.

Remove Duplicate Roles

Remove duplicate roles command
./dremio-admin remove-duplicate-roles

Running this command will remove duplicate roles as described in the test run. The command will consolidate all characteristics of the duplicated roles into a single retained role.