Skip to main content

Role Management

Roles are a set of privileges that can be assigned to users as needed. Roles can also be assigned to roles to create a child-role hierarchy. Roles are used to organize privileges at scale rather than managing privileges for each individual user (also called members).

You can define roles based on the types of users in your organization. For example, Analyst and Security_Admin roles can be created to manage privileges for users with different job functions within an organization.

System Roles

Dremio has two predefined system roles (ADMIN and PUBLIC) that can be used to manage privileges. In Dremio Standard Edition (SE), these are the only roles available because custom roles aren't included in SE.

1) ADMIN

The ADMIN role is designed for administrative users that require superuser/global access. Users who are assigned this role are granted every privilege across all objects and resources in an organization. The privileges for the ADMIN role are immutable by users.

note

The first user in an organization is automatically assigned the ADMIN role.

2) PUBLIC

The PUBLIC role is assigned by default to all new users added to the organization and cannot be revoked from any user.

This role grants the following privileges to its members:

SELECT and ALTER privileges are not granted for any sources and must be manually assigned by a user with the ADMIN role.

Furthermore, additional privileges can be granted to the PUBLIC role.

Custom Roles Enterprise

Custom roles can be created by any user/role that has the CREATE ROLE privilege, or by members of the ADMIN role.

You can assign a custom role to users, or other roles (to create a child-role). The custom role can then be assigned a set of privileges.

Viewing All Roles

To view all roles in an organization:

  1. Click the Organization This is the icon that represents the Organization settings. icon in the side navigation bar.
  2. Click the Settings This is the icon that represents the Organization settings. icon at the top of the Organization page.
  3. Select Roles in the organization settings sidebar.

Creating a Custom Role

To create a custom role:

  1. Click the Organization This is the icon that represents the Organization. icon in the side navigation bar.
  2. Click the Settings This is the icon that represents the Organization settings. icon at the top of the Organization page.
  3. Select Roles in the organization settings sidebar.
  4. Click the Create Role button at the top-right corner of the screen.
  5. In the Add Role dialog, for Name, enter the name to associate with the role, such as the position title or employee type that will be associated with the role.
  6. (Optional) For Description, provide any details regarding the purpose of the role or its associated privileges.
  7. Click Add.

Editing a Custom Role

To edit a custom role:

  1. Click the Organization This is the icon that represents the Organization. icon in the side navigation bar.
  2. Click the Settings This is the icon that represents the Organization settings. icon at the top of the Organization page.
  3. Select Roles in the organization settings sidebar.
  4. On the Roles page, hover over the role and click the Edit Role This is the icon that represents the Edit Role settings. icon that appears next to the role.
  5. On the Roles page, make any desired changes, such as adding or removing a child role and adding or removing a member.
  6. Click Save.

Removing a Custom Role

To remove a custom role:

  1. Click the Organization This is the icon that represents the Organization. icon in the side navigation bar.
  2. Click the Settings This is the icon that represents the Organization settings. icon at the top of the Organization page.
  3. Select Roles in the organization settings sidebar.
  4. On the Roles page, hover over the row of the role and click the Delete This is the icon that represents the Delete settings. icon that appears next to the role.
  5. Confirm that you want to delete the role. Once confirmed, the role is deleted and cannot be retrieved.

Adding a Child Role

Perform the following steps to add a child role to an existing role:

  1. Click the Organization This is the icon that represents the Organization. icon in the side navigation bar.
  2. Click the Settings This is the icon that represents the Organization settings. icon at the top of the Organization page.
  3. Select Roles in the organization settings sidebar.
  4. On the Roles page, hover over the role and click the Edit Role This is the icon that represents the Edit Role settings. icon that appears next to the role.
  5. Click the Roles tab.
  6. Click the drop-down multi-select field and either select the desired role listed or enter a value to search for.
  7. Click the Add button when you have selected the desired entry/entries. When a sub-role is added, it will display below the drop-down in a list.
  8. Click Save. The child role appears in the table along the left side of the screen.

Removing a Child Role

Perform the following steps to remove a child role from an existing role:

  1. Click the Organization This is the icon that represents the Organization. icon in the side navigation bar.
  2. Click the Settings This is the icon that represents the Organization settings. icon at the top of the Organization page.
  3. Select Roles in the organization settings sidebar.
  4. On the Roles page, hover over the role and click the Edit Role This is the icon that represents the Edit Role settings. icon that appears next to the role.
  5. Click the Roles tab.
  6. On the Roles page, hover over the row of the role and click the Delete This is the icon that represents the Delete settings. icon that appears next to the role.
  7. Click Save.

Adding a Member

Perform the following steps to add a member to an existing role:

  1. Click the Organization This is the icon that represents the Organization. icon in the side navigation bar.
  2. Click the Settings This is the icon that represents the Organization settings. icon at the top of the Organization page.
  3. Select Roles in the organization settings sidebar.
  4. On the Roles page, hover over the role and click the Edit Role This is the icon that represents the Edit Role settings. icon that appears next to the role.
  5. Click the Members tab.
  6. Click the drop-down multi-select field and either select the desired user (listed by email address) or enter an email address to search for.
  7. Click the Add button when you have selected the desired entry/entries. When a member is added, it will display below the drop-down in a list.
  8. Click Save.

Removing a Member

Perform the following steps to remove a member from an existing role:

  1. Click the Organization This is the icon that represents the Organization. icon in the side navigation bar.
  2. Click the Settings This is the icon that represents the Organization settings. icon at the top of the Organization page.
  3. Select Roles in the organization settings sidebar.
  4. On the Roles page, hover over the role and click the Edit Role This is the icon that represents the Edit Role settings. icon that appears next to the role.
  5. Click the Members tab.
  6. On the Members page, hover over the row of the member and click the Remove This is the icon that represents the Remove User settings. icon that appears next to the member.
  7. Click Save.

This removes them as a member of this role, and they will no longer possess the privileges associated with that role. However, the user still retains privileges associated with any other roles they've been added as members to.

note

Users cannot remove themselves from the ADMIN role. If you are a member of the ADMIN role and wish to be removed from it, another user who has the necessary privileges must remove you.