This functionality is for Dremio v16.0+ Enterprise Edition only. If you’re using earlier than v16.0+, then view the previous access control functionality at the Users, Groups, and Roles and Sharing and Permissions pages.
Dremio allows for the implementation of granular-level privileges, which defines a user/role’s access privilege and available actions for specific objects, such as a dataset, project, or cloud. This is called access management, and gives administrators the ability to restrict access to any object in Dremio.
The following features are available:
- Privileges: Privileges enable users to perform explicit operations on objects in Dremio. Additionally, privileges may be set on individual datasets (tables or views) or whole schemas, allowing for a simplified configuration with larger catalogs.
- Row-access and column-masking policies: Row-access and column-masking policies enable you to grant users access to particular rows or columns.
- Flexible Management: Privileges can be easily configured using SQL Commands, REST APIs, and an intuitive and easy-to-use user interface.
- Ownership: An object-oriented model allows for a clearly-defined and transferable owner for all aspects in Dremio, including source and space configuration.
- Local Users & Roles (18.0+): Administrators may create and manage identities in Dremio alongside identities from corporate LDAP or IdP, including standards-based synchronization (SCIM).
The following topics cover the various aspects of access management, along with instructions for how to apply privileges via Dremio:
- Access Management Structure
- Apache Ranger: Row-Level Filtering & Column-Masking
- Dremio-Native: Row-Access & Column-Masking Policies
- Integrating Dremio with Okta
- Best Practices
The following APIs are available for managing access control:
The following SQL commands may be used from the SQL Runner: