Dremio Cloud
Dremio Software
 
On this page

    GRANT TO ROLE

    Access to Dremio objects can be managed by granting privileges to roles. privilege is the right to perform a specific action on an object.

    Syntax 
    GRANT { objectPrivilege | ALL } ON { <object_type> <object_name> }
TO ROLE <role_name>
    objectPrivilege 
    -- On Organizations
{ CONFIGURE SECURITY | CREATE CATALOG | CREATE CLOUD | CREATE PROJECT | MANAGE GRANTS | OWNERSHIP } [, ...]
-- On Clouds
{ MANAGE GRANTS | MODIFY | MONITOR | OWNERSHIP } [, ...]
-- On Projects
{ ALTER | ALTER REFLECTION | CREATE TABLE | DROP | EXTERNAL QUERY | MANAGE GRANTS | MODIFY | MONITOR | OPERATE | OWNERSHIP | SELECT | USAGE | VIEW JOB HISTORY | VIEW REFLECTION } [, ...]
-- On Engines
{ MODIFY | MONITOR | OPERATE | OWNERSHIP | USAGE } [, ...]
-- On Identity and Token Providers
{ MODIFY | MONITOR | OPERATE | USAGE } [, ...]
-- On Sources
{ ALTER | ALTER REFLECTION | CREATE TABLE | DROP | EXTERNAL QUERY | MANAGE GRANTS | MODIFY | OWNERSHIP | SELECT } [, ...]
-- On Spaces
{ ALTER | ALTER REFLECTION | MANAGE GRANTS | MODIFY | OWNERSHIP | SELECT } [, ...]
-- On Folders
{ ALTER | ALTER REFLECTION | CREATE TABLE | DROP | MANAGE GRANTS | OWNERSHIP | SELECT } [, ...]
-- On Tables
{ ALTER | MANAGE GRANTS | OWNERSHIP } [, ...]
-- On Views
{ ALTER | MANAGE GRANTS | OWNERSHIP } [, ...]
-- On Roles
{ ALTER | MANAGE GRANTS | OWNERSHIP } [, ...]
-- On Users
{ ALTER | MANAGE GRANTS | OWNERSHIP } [, ...]

    Parameters

    <objectPrivilege>

    String

    The privilege(s) to be granted to the role. A comma-separated list of privileges can be specified. For more information, read all supported privileges.

    <object_type>

    String

    The name of the type of object on which the specified privilege is being granted.

    EnumORG, CLOUD, PROJECT, ENGINE, SOURCE, SPACE, IDENTITY PROVIDER, EXTERNAL TOKEN, FOLDER, PDS, VDS

    <object_name>

    String

    The name of the object on which the privilege is being granted. Object names need to be qualified with the path if they are nested.

    note:

    For <object_type> ORG or PROJECT, the <object_name> is inferred and should be omitted from the statement.

    <role_name>

    String

    The name of the role to which the privilege is being granted.

    Examples

    Grant CREATE PROJECT and CREATE CLOUD privileges on the organization to a role 
    GRANT CREATE PROJECT, CREATE CLOUD
ON ORG
TO ROLE "DATA_ENGINEER"
    Grant MODIFY privilege on a cloud to a role 
    GRANT MODIFY, MONITOR
ON CLOUD "Default Cloud"
TO ROLE "DATA_ENGINEER"
    Grant OPERATE privilege on an engine to a role 
    GRANT OPERATE
ON ENGINE "reflections_engine"
TO ROLE "DATA_ENGINEER"