Skip to main content
Version: current [24.3.x]

Access Management

note

This functionality is for Dremio v16.0+ Enterprise Edition only. If you’re using earlier than v16.0+, then view the previous access control functionality at the Users, Groups, and Roles and Sharing and Permissions pages.

Dremio allows for the implementation of granular-level privileges, which defines a user/role’s access privilege and available actions for specific objects, such as a dataset, project, or cloud. This is called access management, and gives administrators the ability to restrict access to any object in Dremio.

The following features are available:

  • Privileges: Privileges enable users to perform explicit operations on objects in Dremio. Additionally, privileges may be set on individual datasets (tables or views) or whole schemas, allowing for a simplified configuration with larger catalogs.
  • Row-access and column-masking policies: Row-access and column-masking policies enable you to grant users access to particular rows or columns.
  • Flexible Management: Privileges can be easily configured using SQL Commands, REST APIs, and an intuitive and easy-to-use user interface.
  • Ownership: An object-oriented model allows for a clearly-defined and transferable owner for all aspects in Dremio, including source and space configuration.
  • Local Users & Roles (18.0+): Administrators may create and manage identities in Dremio alongside identities from corporate LDAP or IdP, including standards-based synchronization (SCIM).

The following topics cover the various aspects of access management, along with instructions for how to apply privileges via Dremio:

The following APIs are available for managing access control:

The following SQL commands may be used from the SQL Runner: