Access Management Enterprise

Dremio allows for the implementation of granular-level privileges, which defines a user/role’s access privilege and available actions for specific objects, such as a dataset, project, or cloud. This is called access management, and gives administrators the ability to restrict access to any object in Dremio.

The following features are available:

• Privileges: Privileges enable users to perform explicit operations on objects in Dremio. Additionally, privileges may be set on individual datasets (tables or views) or whole schemas, allowing for a simplified configuration with larger catalogs.
• Row-access and column-masking policies: Row-access and column-masking policies enable you to grant users access to particular rows or columns.
• Flexible Management: Privileges can be easily configured using SQL Commands, REST APIs, and an intuitive and easy-to-use user interface.
• Ownership: An object-oriented model allows for a clearly-defined and transferable owner for all aspects in Dremio, including source and space configuration.
• Local Users & Roles: Administrators may create and manage identities in Dremio alongside identities from corporate LDAP or IdP, including standards-based synchronization (SCIM).

The following topics cover the various aspects of access management, along with instructions for how to apply privileges via Dremio:

• Access Management Structure
• Apache Ranger: Row-Level Filtering & Column-Masking
• Dremio-Native: Row-Access & Column-Masking Policies
• Integrating Dremio with Okta
• Privileges
• Roles
• Users
• Best Practices

The following APIs are available for managing access control:

• Grants APIs
• Privileges APIs
• Roles APIs
• Users APIs

The following SQL commands may be used from the SQL Runner:

• Privileges SQL Commands
• Roles SQL Commands
• Users SQL Commands