On this page

    Access Management

    Note:

    This functionality is for Dremio v16.0+ Enterprise Edition only. If you’re using earlier than v16.0+, then view the previous access control functionality at the Users, Groups, and Roles and Sharing and Permissions pages.

    Dremio allows for the implementation of granular-level privileges, which defines a user/role’s access privilege and available actions for specific objects, such as a dataset, project, or cloud. This is called access management, and gives administrators the ability to restrict access to any object in Dremio.

    The following features are available:

    • Privileges: Privileges enable users to perform explicit operations on objects in Dremio. Additionally, privileges may be set on individual datasets (tables or views) or whole schemas, allowing for a simplified configuration with larger catalogs. To learn more about the Dremio object model, see Objects in Dremio Cloud.
    • Row-access and column-masking policies: Row-access and column-masking policies enable you to grant users access to particular rows or columns.
    • Flexible Management: Privileges can be easily configured using SQL Commands, REST APIs, and an intuitive and easy-to-use user interface.
    • Ownership: An object-oriented model allows for a clearly-defined and transferable owner for all aspects in Dremio, including cloud and engine configuration. Users with ownership over an object will automatically retain all privileges necessary to modify the object and read/write its data.
    • Users & Roles: Administrators may create and manage identities in Dremio or using external identity providers (IdP).
    • Privileges: Privileges enable users to perform explicit operations on objects in Dremio. Additionally, privileges may be set on individual datasets (tables or views) or whole schemas, allowing for a simplified configuration with larger catalogs.
    • Row-access and column-masking policies: Row-access and column-masking policies enable you to grant users access to particular rows or columns.
    • Flexible Management: Privileges can be easily configured using SQL Commands, REST APIs, and an intuitive and easy-to-use user interface.
    • Ownership: An object-oriented model allows for a clearly-defined and transferable owner for all aspects in Dremio, including source and space configuration.
    • Local Users & Roles (18.0+): Administrators may create and manage identities in Dremio alongside identities from corporate LDAP or IdP, including standards-based synchronization (SCIM).

    The following topics cover the various aspects of access management, along with instructions for how to apply privileges via Dremio:

    The following APIs are available for managing access control:

    The following SQL commands may be used from the SQL Runner: