Personal Access Tokens
Personal access tokens (PATs) are randomly-generated tokens associated with a user that are used in place of a password to log in to a service, and they can last up to 180 days until they expire.
PATs provide an easy way for an individual to connect to Dremio Cloud. Users can only create a PAT for themselves, they cannot create a PAT for other users. This means administrators cannot create multiple PATs to distribute to other users at an organization.
Dremio PATs are typically used for logging in with REST APIs or ODBC/JBDC into the system when SSO or LDAP is implemented. Also, PATs can be used for logging in to the Dremio UI and to reduce access permissions within a service.
Using a PAT
Depending on the tool or service used, users may need to use $token as the username and then enter the PAT in the password field.
To use PATs with:
- The REST API, use the PAT as a password parameter to log in.
- ODBC/JDBC connections, use the PAT as a password to log in.
- The Dremio web application, use the PAT as a password to log in.
Viewing All PATs
To view all PATs you have created:
-
Hover over the User icon (user initials) on the side navigation bar and select Account Settings.
-
Select Personal Access Tokens from the account settings sidebar.
The Personal Access Tokens page shows all PATs, active and expired, for your account.
Creating a PAT
A PAT's expiration or lifespan cannot be altered once it is created. PATs can still exist (depending on the Lifetime setting) in the system after a user is deleted. If a user is deleted from Dremio, SSO, or LDAP, ensure that all of their PATs are deleted using the REST API.
To create a PAT:
-
Click the User icon (user initials) on the side navigation bar and select Account Settings.
-
Select Personal Access Tokens in the account settings sidebar.
-
On the Personal Access Tokens page, click the Generate Token button at the top-right corner of the screen.
-
In the Generate Token dialog, for Label, add an identifier to describe what the PAT is for.
-
For Lifetime, enter the number of days the PAT will be valid for. The default PAT lifetime is 30 days and the maximum lifetime is 180 days.
-
Click Generate.
-
Copy the generated PAT and save it to a secure location on your computer.
Be sure you save the generated PAT because it cannot be accessed again after closing the Generate Token dialog.
Deleting a PAT
Each user can delete PATs in their own account.
To delete an existing PAT:
-
Click the User icon (user initials) on the side navigation bar and select Account Settings.
-
Select Personal Access Tokens in the account settings sidebar.
-
On the Personal Access Tokens page, click the Delete icon for the PAT that you want to delete.
-
In the Delete Token dialog, click Delete to confirm. The PAT is deleted and cannot be retrieved.
Deleting All PATs
Any user can delete all PATs from their own account.
To delete all PATs for your account:
-
Click the User icon (user initials) on the side navigation bar and select Account Settings.
-
Select Personal Access Tokens in the account settings sidebar.
-
On the Personal Access Tokens page, click the Delete All button at the top-right corner of the screen.
-
In the Delete All Tokens dialog, click Delete to confirm that you want to delete all PATs in the list. After a PAT has been deleted, it cannot be retrieved.
Admins cannot delete PATs on behalf of other users.