Skip to main content
Version: 24.3.x

Users

Dremio allows for the management of users locally as well as through third-party solutions like OAuth, LDAP, and Azure AD. It is from the user screen that you can view assigned roles and change account details.

Types of Users

Internal

By default, Dremio allows you to add and manage users directly from the application, or locally. These users' credentials are managed through Dremio by an administrator.

External

External users are those created and managed by an external application like Okta. These user accounts are not created manually in Dremio, but rather are added automatically when a user logs into Dremio for the first time using login information from an integrated credentials manager. Likewise, user credentials may not be changed from the Dremio interface as these are controlled by the credential manager.

Externally-managed users will not have their information stored locally in the users KVStore. Dremio communicates directly with the external system to fetch and validate users as needed. The username stored in Dremio and shown from the Users screen when editing a user account will display the username provided by the external service.

If a user is removed from Dremio or their access to Dremio is revoked in your external identity provider, you must also manually delete the user in Dremio.

Using SCIM

System for Cross-domain Identity Management (SCIM) is used to integrate Okta with Dremio for user provisioning. When properly configured, Okta automatically sends the credentials of assigned users securely via SCIM to your Dremio server, automatically creating user accounts. These new users may then log in on Dremo according to the policies set by your credential manager.

Dremio currently supports the following functionality regarding SCIM:

  • Nested Roles (Groups)
  • User activation/deactivation
  • Synchronized passwords without external authentication configured

The following functionality is not supported:

  • Search filters beyond equal filter by username
  • Azure AD
  • Etag
note

You cannot reset or change an external user's password from Dremio as this is governed by your organization's identity manager.

If you delete an external user from Dremio, Okta will re-add their account the next time that user attempts to log in. To properly revoke access to Dremio, follow these steps.

To integrate OKTA with Dremio, see the Integrating Dremio with Okta help topic. This outlines how to set up SCIM using Okta, link the service with Dremio, and assign or revoke users.

Users Screen

This screen displays all existing users with access to your instance of Dremio. These may be managed externally or locally depending on your organization's needs.

The Users screen can be reached by navigating to Settings > Users.

All user accounts will display here in table format.

  • To add one or more new users locally, click the Add User button at the top-right corner of the screen. This launches the Add Users modal.
  • To edit an existing user account, click on the user name or the Edit button (pencil) under the Actions column for the desired account. This launches the screen for editing a user account.
  • To delete or remove a local or external user, click the Delete icon (red circle) under the Actions column for the desired account. Dremio will prompt you to confirm this action. If this is an externally-managed account, it will automatically be created again when they log into Dremio next.

Dremio allows for the creation and management of two types of users: local and external. Both types of users may exist simultaneously from the same instance of Dremio.

Adding Users

This modal appears when the Add User button is selected. It is from here that all local users are added by entering usernames (not email addresses).

  • Usernames - An alphaneumeric entry for each user account being created locally, separating each username with a comma, space, or line break. These are case-sensitive.
  • Dremio Role - The role each user account will be associated with automatically upon creation. You may only select one role from the drop-down menu at this time. Additional roles may be assigned to each user after creation from the Users screen by selecting the user name or Edit button.

To create accounts associated with the usernames entered here, click the Save button. These will now appear in the table of users on the Users screen.

Editing User

From this screen you can change user account details, view assigned roles, and add roles.

Known Issue:

For companies with Dremio v19.0, administrators may encounter an Incorrect password error if they try to save changes to a user's details, such as first and last name or email address. To work around this, they must either enter the edited user's current password or enter a new one to save changes. This issue will be resolved in an upcoming maintenance release.

Details Tab

  • First Name - The first name of the associated user.
  • Last Name - The last name of the associated user.
  • Username - The username associated with the account, used when logging into Dremio. Once this has been set upon creating an account locally or externally, it cannot be changed.
  • Password - The password for a user account may be set from here. Any existing password will not display for security purposes. If this is a new account, you must set a password for the user to be able to access their account.
note

Changes made here are not permanent until you click Save. So if you find you've made a mistake or wish to revert back to the previous state, simply click Cancel.

Roles Tab

All roles created from the Roles screen that a user is a member of will display here. To add roles to a user, you may select and add them individually via the drop-down menu, or you may use the search bar to search for specific roles. Simply select the checkbox next to each role to add it to the user's account. Any privileges associated with these roles will be granted to the user once the changes are committed.

note

Changes made here are not permanent until you click Save. So if you find you've made a mistake or wish to revert back to the previous state, simply click Cancel.