Role Enterprise
Use the Role API to manage roles.
Role Object{
"id": "957a8af5-9211-4bc5-9fe5-1a44ff30304d",
"name": "Temporary Testing",
"type": "INTERNAL",
"roles": [
{
"id": "6f87a9c5-d733-4935-8331-875a4a8e09d7",
"name": "qa_team1",
"type": "INTERNAL"
},
{
"id": "f8426061-8413-46ec-a84d-1b481a97b248",
"name": "prod_testing",
"type": "INTERNAL"
}
],
"memberCount": 3,
"description": "Role for testing the new feature"
}
Role Attributes
id String (UUID)
Unique identifier of the role.
Example: 957a8af5-9211-4bc5-9fe5-1a44ff30304d
name String
User-provided name of the role.
Example: Temporary Testing
type String
Origin of the role.
INTERNAL
: Role was created in the Dremio user interface (UI) or with the Role API.EXTERNAL
: Role was imported from an external service like Microsoft Entra ID, Lightweight Directory Access Protocol (LDAP), or a System for Cross-domain Identity Management (SCIM) provider.SYSTEM
: Role was predefined in Dremio.
Example: INTERNAL
roles Array of Object
Information about the roles to which the role belongs.
Example: [{"id": "6f87a9c5-d733-4935-8331-875a4a8e09d7","name": "SELECT and CREATE","type": "INTERNAL"},{"id": "f8426061-8413-46ec-a84d-1b481a97b248","name": "VIEW","type": "INTERNAL"}]
memberCount Integer
Number of users and roles that are members of the role.
Example: 3
description String
User-provided description of the role.
Example: Role for testing the new feature
Attributes of Objects in the roles
Array
id String (UUID)
Unique identifier of the role.
Example: 6f87a9c5-d733-4935-8331-875a4a8e09d7
name String
Name of the role.
Example: SELECT and CREATE
type String
Origin of the role.
INTERNAL
: Role was created in the Dremio user interface (UI) or with the Role API.EXTERNAL
: Role was imported from an external service like Microsoft Entra ID, Lightweight Directory Access Protocol (LDAP), or a System for Cross-domain Identity Management (SCIM) provider.SYSTEM
: Role was predefined in Dremio.
Example: INTERNAL
Creating a Role
Create a Dremio role.
Method and URLPOST /api/v3/role
Parameters
name Body String
Name for the role. The role name must be unique and cannot be updated after the role is created.
Example: Temporary Testing
roles Body Array of Object Optional
Information about the roles to which the role should be assigned.
Example: [{"id": "6f87a9c5-d733-4935-8331-875a4a8e09d7"},{"id": "f8426061-8413-46ec-a84d-1b481a97b248"}]
description Body String Optional
Description for the role.
Example: Role for testing the new feature
Parameters of Objects in the roles
Array
id Body String (UUID)
Unique identifier of the role to which the role you create should be assigned.
Example: 6f87a9c5-d733-4935-8331-875a4a8e09d7
name Body String Optional
Name of the role to which the role you create should be assigned.
Example: qa_team1
Example Requestcurl -X POST 'https://{hostname}/api/v3/role' \
--header 'Authorization: Bearer <PersonalAccessToken>' \
--header 'Content-Type: application/json' \
--data-raw '{
"name": "Temporary Testing",
"roles": [
{
"id": "6f87a9c5-d733-4935-8331-875a4a8e09d7"
},
{
"id": "f8426061-8413-46ec-a84d-1b481a97b248"
}
],
"description": "Role for testing the new feature"
}'
{
"id": "957a8af5-9211-4bc5-9fe5-1a44ff30304d",
"name": "Temporary Testing",
"type": "INTERNAL",
"roles": [
{
"id": "6f87a9c5-d733-4935-8331-875a4a8e09d7",
"name": "qa_team1",
"type": "INTERNAL"
},
{
"id": "f8426061-8413-46ec-a84d-1b481a97b248",
"name": "prod_testing",
"type": "INTERNAL"
}
],
"memberCount": 0,
"description": "Role for testing the new feature"
}
Response Status Codes
200 OK
400 Bad Request
401 Unauthorized
404 Not Found
405 Method Not Allowed
Retrieving a Role by ID
Retrieve a specific role by the role's ID.
Method and URLGET /api/v3/role/{id}
Parameters
id Path String (UUID)
Unique identifier of the role you want to retrieve.
Example: 957a8af5-9211-4bc5-9fe5-1a44ff30304d
Example Requestcurl -X GET 'https://{hostname}/api/v3/role/957a8af5-9211-4bc5-9fe5-1a44ff30304d' \
--header 'Authorization: Bearer <PersonalAccessToken>' \
--header 'Content-Type: application/json'
{
"id": "957a8af5-9211-4bc5-9fe5-1a44ff30304d",
"name": "Temporary Testing",
"type": "INTERNAL",
"roles": [
{
"id": "6f87a9c5-d733-4935-8331-875a4a8e09d7",
"name": "qa_team1",
"type": "INTERNAL"
},
{
"id": "f8426061-8413-46ec-a84d-1b481a97b248",
"name": "prod_testing",
"type": "INTERNAL"
}
],
"memberCount": 3,
"description": "Role for testing the new feature"
}
Response Status Codes
200 OK
401 Unauthorized
404 Not Found
500 Internal Server Error
Retrieving a Role by Name
Retrieve a specific role by the role's name.
Method and URLGET /api/v3/role/by-name/{name}
Parameters
name Path String
Name of the role you want to retrieve. The role name is case-insensitive. If the role name includes special characters for a URL, such as spaces, use URL encoding to replace the special characters with their UTF-8-equivalent characters. For example, "Dremio University" should be Dremio%20University
in the URL path.
Example: Temporary%20Testing
Example Requestcurl -X GET 'https://{hostname}/api/v3/role/by-name/Temporary%20Testing' \
--header 'Authorization: Bearer <PersonalAccessToken>' \
--header 'Content-Type: application/json'
{
"id": "957a8af5-9211-4bc5-9fe5-1a44ff30304d",
"name": "Temporary Testing",
"type": "INTERNAL",
"roles": [
{
"id": "6f87a9c5-d733-4935-8331-875a4a8e09d7",
"name": "qa_team1",
"type": "INTERNAL"
},
{
"id": "f8426061-8413-46ec-a84d-1b481a97b248",
"name": "prod_testing",
"type": "INTERNAL"
}
],
"memberCount": 3,
"description": "Role for testing the new feature"
}
Response Status Codes
200 OK
401 Unauthorized
404 Not Found
500 Internal Server Error
Updating a Role
Update the specified role.
Method and URLPUT /api/v3/role/{id}
Parameters
id Path String (UUID)
Unique identifier of the role you want to update.
Example: 957a8af5-9211-4bc5-9fe5-1a44ff30304d
id Body String (UUID)
Unique identifier of the role you want to update.
Example: 957a8af5-9211-4bc5-9fe5-1a44ff30304d
name Body String
Name of the role.
Example: Temporary Testing
roles Body Array of Object Optional
Information about the roles to which the role should be assigned. If you omit an existing role in a PUT request, Dremio removes the role. To keep all existing roles while making other updates, include all existing roles in the PUT request.
Example: [{"id": "f8426061-8413-46ec-a84d-1b481a97b248"}]
description Body String Optional
Description to use for the role. If you omit the description in a PUT request, Dremio removes the existing description. To keep the existing description while making other updates, include the description in the PUT request.
Example: Role for viewing the new feature
Parameters of Objects in the roles
Array
id Body String (UUID)
Unique identifier of the role to which the role you update should be assigned.
Example: f8426061-8413-46ec-a84d-1b481a97b248
name Body String Optional
Name of the role to which the role you update should be assigned.
Example: prod_testing
Example Requestcurl -X PUT 'https://{hostname}/api/v3/role/957a8af5-9211-4bc5-9fe5-1a44ff30304d' \
--header 'Authorization: Bearer <PersonalAccessToken>' \
--header 'Content-Type: application/json' \
--data-raw '{
"id": "957a8af5-9211-4bc5-9fe5-1a44ff30304d",
"name": "Temporary Testing",
"roles": [
{
"id": "f8426061-8413-46ec-a84d-1b481a97b248"
}
],
"description": "Role for viewing the new feature"
}'
{
"id": "957a8af5-9211-4bc5-9fe5-1a44ff30304d",
"name": "Temporary Testing",
"type": "INTERNAL",
"roles": [
{
"id": "f8426061-8413-46ec-a84d-1b481a97b248",
"name": "prod_testing",
"type": "INTERNAL"
}
],
"memberCount": 3,
"description": "Role for viewing the new feature"
}
Response Status Codes
200 OK
400 Bad Request
401 Unauthorized
404 Not Found
405 Method Not Allowed
Add and Remove Role Members
Add and remove members (roles and users) of the specified role.
Method and URLPATCH /api/v3/role/{id}/member
Parameters
id Path String (UUID)
Unique identifier of the role for which you want to add or remove members.
Example: 957a8af5-9211-4bc5-9fe5-1a44ff30304d
op Body String
Action to take for the user or role.
Enum: add, remove
Example: add
id Body String (UUID)
Unique identifier of the user or role to add or remove.
Example: 957a8af5-9211-4bc5-9fe5-1a44ff30304d
type Body String
Type of member you want to add or remove.
Enum: role, user
Example: role
The request body is an array of objects. Each object includes the three parameters for a single user or role that you want to add or remove:
Example Requestcurl -X PATCH 'https://{hostname}/api/v3/role/957a8af5-9211-4bc5-9fe5-1a44ff30304d/member' \
--header 'Authorization: Bearer <PersonalAccessToken>' \
--header 'Content-Type: application/json' \
--data-raw '[
{
"op": "add",
"id": "f8426061-8413-46ec-a84d-1b481a97b248",
"type": "role"
},
{
"op": "add",
"id": "671cdeb8-1af9-45b6-98ee-8ca1e0543a38",
"type": "user"
},
{
"op": "remove",
"id": "6f87a9c5-d733-4935-8331-875a4a8e09d7",
"type": "role"
},
{
"op": "remove",
"id": "614a6938-7a69-4f7c-ab96-00b50addb1f9",
"type": "user"
}
]'
No response
Response Status Codes
200 OK
400 Bad Request
401 Unauthorized
404 Not Found
405 Method Not Allowed
Deleting a Role
Delete the specified role.
Method and URLDELETE /api/v3/role/{id}
Parameters
id Path String (UUID)
Unique identifier of the role that you want to delete.
It is not possible to delete a system role, like ADMIN or PUBLIC. Requests to delete a system role result in a 404 Not Found
response.
Example: 957a8af5-9211-4bc5-9fe5-1a44ff30304d
Example Requestcurl -X DELETE 'https://{hostname}/api/v3/role/957a8af5-9211-4bc5-9fe5-1a44ff30304d' \
--header 'Authorization: Bearer <PersonalAccessToken>' \
--header 'Content-Type: application/json'
No response
Response Status Codes
204 No Content
401 Unauthorized
404 Not Found
405 Method Not Allowed