Skip to main content
Version: current [26.x]

User Management

Dremio allows for the management of users locally as well as through third-party solutions like OAuth, LDAP, and Microsoft Entra ID. It is from the user screen that you can view assigned roles and change account details.

Internal Users

By default, Dremio allows you to add and manage users directly from the application, or locally. These users' credentials are managed through Dremio by an administrator.

External Users

External users are those created and managed by an external application like an OpenID identity provider. These user accounts are not created manually in Dremio, but rather are added automatically when a user logs into Dremio for the first time using login information from an integrated credentials manager. Likewise, user credentials may not be changed from the Dremio interface as these are controlled by the credential manager.

Externally-managed users will not have their information stored locally in the users KVStore. Dremio communicates directly with the external system to fetch and validate users as needed. The username stored in Dremio and shown from the Users screen when editing a user account will display the username provided by the external service.

If a user is removed from Dremio or their access to Dremio is revoked in your external identity provider, you must also manually delete the user in Dremio.

Using SCIM

System for Cross-domain Identity Management (SCIM) is used to integrate an OpenID Connect (OIDC) provider with Dremio for user provisioning. When properly configured, your OIDC provider automatically sends the credentials of assigned users securely via SCIM to your Dremio server, automatically creating user accounts. These new users may then log in on Dremo according to the policies set by your credential manager.

Dremio currently supports the following functionality regarding SCIM:

  • Nested Roles (Groups)
  • User activation/deactivation
  • Synchronized passwords without external authentication configured

The following functionality is not supported:

  • Search filters beyond equal filter by username
  • Microsoft Entra ID
  • Etag
tip

You cannot reset or change an external user's password from Dremio as this is governed by your organization's identity manager. If you delete an external user from Dremio, your OIDC provider will re-add their account the next time that user attempts to log in. To properly revoke access to Dremio, you must delete the user in your OIDC provider.

Users Screen

This screen displays all existing users with access to your instance of Dremio. These may be managed externally or locally depending on your organization's needs.

The Users screen can be reached by navigating to Settings > Users.

All user accounts will display here in table format.

  • To add one or more new users locally, click the Add User button at the top-right corner of the screen. This launches the Add Users modal.
  • To edit an existing user account, click on the user name or the Edit button (pencil) under the Actions column for the desired account. This launches the screen for editing a user account.
  • To delete or remove a local or external user, click the Delete icon (red circle) under the Actions column for the desired account. Dremio will prompt you to confirm this action. If this is an externally-managed account, it will automatically be created again when they log into Dremio next.

Dremio allows for the creation and management of two types of users: local and external. Both types of users may exist simultaneously from the same instance of Dremio.

Adding Users

This modal appears when the Add User button is selected. It is from here that all local users are added by entering usernames (not email addresses).

  • Usernames - An alphanumeric entry for each user account being created locally, separating each username with a comma, space, or line break. These are case-sensitive.
  • Dremio Role - The role each user account will be associated with automatically upon creation. You may only select one role from the drop-down menu at this time. Additional roles may be assigned to each user after creation from the Users screen by selecting the user name or Edit button.

To create accounts associated with the usernames entered here, click the Save button. These will now appear in the table of users on the Users screen.

Editing User

From this screen you can change user account details, view assigned roles, and add roles.

Details Tab

  • First Name - The first name of the associated user.

  • Last Name - The last name of the associated user.

  • Username - The username associated with the account, used when logging into Dremio. Once this has been set upon creating an account locally or externally, it cannot be changed.

  • Password - The password for a user account may be set from here. Any existing password will not display for security purposes. If this is a new account, you must set a password for the user to be able to access their account.

    note

    You can use special characters for any character in the password except the first character. If you use a special character for the first character in the password, the password will fail.

Changes made here are not permanent until you click Save. So if you find you've made a mistake or wish to revert back to the previous state, simply click Cancel.

Roles Tab

All roles created from the Roles screen that a user is a member of will display here. To add roles to a user, you may select and add them individually via the drop-down menu, or you may use the search bar to search for specific roles. Simply select the checkbox next to each role to add it to the user's account. Any privileges associated with these roles will be granted to the user once the changes are committed.

tip

Changes made here are not permanent until you click Save. So if you find you've made a mistake or wish to revert back to the previous state, simply click Cancel.