Skip to main content

Users

Use the Users API to create, retrieve, update, and delete users, and manage role membership for users.

Dremio Cloud supports two user types:

  • Regular users — Human users who authenticate with their email address. Creating a regular user sends an email invitation.
  • Service users — Non-human identities used for automated processes. Service users are created directly without an email invitation.
User Object 
{
  "id": "f47ac10b-58cc-4372-a567-0e02b2c3d479",
  "active": true,
  "name": "john.doe@example.com",
  "firstName": "John",
  "lastName": "Doe",
  "identityType": "REGULAR_USER"
}

User Attributes

id String (UUID)

The unique identifier of the user.

Example: f47ac10b-58cc-4372-a567-0e02b2c3d479

active Boolean

Whether the user is active.

Example: true

name String

For regular users, the user's email address. For service users, the service user name.

Example: john.doe@example.com

identityType String

The type of user.

Enum: REGULAR_USER, SERVICE_USER

Example: REGULAR_USER

firstName String

The user's first name. Applies to regular users only.

Example: John

lastName String

The user's last name. Applies to regular users only.

Example: Doe

description String

A description for the user. Applies to service users only.

Example: Service account for ETL pipeline

oauthClientId String (UUID)

The OAuth client ID associated with the service user. Applies to service users only.

Example: c3d4e5f6-7890-1234-abcd-567890abcdef

List Users

List all users in the organization.

Method and URL 
GET /v0/users

Parameters

filter Query   String   Optional

A CEL expression to filter results. Filterable attributes: name, firstName, lastName, id, identityType. Supported operators: ==, &&, ||. Supported functions: startsWith, contains.

Example: firstName.contains('John')

maxResults Query   Integer   Optional

Maximum number of results to return per page. Minimum: 1. Maximum: 1000.

Example: 100

pageToken Query   String   Optional

Token specifying which page to return. Do not change other query parameters when using pageToken.

orderBy Query   String   Optional

Attribute to order results by. Defaults to ascending order. For descending order, prefix the attribute name with -.

Example: firstName

Example Request 
curl -X GET 'https://api.dremio.cloud/v0/users' \
-H 'Authorization: Bearer <access token>' \
-H 'Content-Type: application/json'
Example Response 
{
  "data": [
    {
      "id": "f47ac10b-58cc-4372-a567-0e02b2c3d479",
      "active": true,
      "name": "john.doe@example.com",
      "firstName": "John",
      "lastName": "Doe",
      "identityType": "REGULAR_USER"
    },
    {
      "id": "c3d4e5f6-7890-1234-abcd-567890abcdef",
      "active": true,
      "name": "service-user-1",
      "description": "Service user 1",
      "identityType": "SERVICE_USER"
    }
  ],
  "nextPageToken": "eyJwYWdlIjogMn0=",
  "totalResults": 42
}

Response Status Codes

200   OK

400   Bad Request

401   Unauthorized

403   Forbidden

500   Internal Server Error

Create a User

Create a user in the organization.

For regular users, an invitation email is sent to the specified email address. The user is initially inactive until they complete the invitation flow. Calling this endpoint again for an already invited user resends the invitation email. Sending too many invitations in a short period results in a 429 error.

For service users, the user is created directly with no email invitation required.

Method and URL 
POST /v0/users

Parameters

name Body   String

For regular users, the user's email address. For service users, the service username.

Example: john.doe@example.com

identityType Body   String   Optional

The type of user to create. Defaults to REGULAR_USER if not provided.

Enum: REGULAR_USER, SERVICE_USER

Example: REGULAR_USER

description Body   String   Optional

A description for the user. Applies to service users only.

Example: Service account for ETL pipeline

Example Request 
curl -X POST 'https://api.dremio.cloud/v0/users' \
-H 'Authorization: Bearer <access token>' \
-H 'Content-Type: application/json' \
-d '{"name": "john.doe@example.com", "identityType": "REGULAR_USER"}'
Example Response 
{
  "id": "f47ac10b-58cc-4372-a567-0e02b2c3d479",
  "active": false,
  "name": "john.doe@example.com",
  "identityType": "REGULAR_USER"
}

Response Status Codes

201   Created

400   Bad Request

401   Unauthorized

403   Forbidden

409   Conflict

429   Too Many Requests

500   Internal Server Error

Retrieve a User by Name

Get a user by name.

Method and URL 
GET /v0/users/names/{userName}

Parameters

userName Path   String

The name of the user to retrieve. For regular users, this is the user's email address.

Example: john.doe@example.com

Example Request 
curl -X GET 'https://api.dremio.cloud/v0/users/names/john.doe@example.com' \
-H 'Authorization: Bearer <access token>' \
-H 'Content-Type: application/json'
Example Response 
{
  "id": "f47ac10b-58cc-4372-a567-0e02b2c3d479",
  "active": true,
  "name": "john.doe@example.com",
  "firstName": "John",
  "lastName": "Doe",
  "identityType": "REGULAR_USER"
}

Response Status Codes

200   OK

400   Bad Request

401   Unauthorized

403   Forbidden

404   Not Found

500   Internal Server Error

Retrieve a User by ID

Get a user by ID.

Method and URL 
GET /v0/users/{userId}

Parameters

userId Path   String (UUID)

The ID of the user to retrieve.

Example: f47ac10b-58cc-4372-a567-0e02b2c3d479

Example Request 
curl -X GET 'https://api.dremio.cloud/v0/users/f47ac10b-58cc-4372-a567-0e02b2c3d479' \
-H 'Authorization: Bearer <access token>' \
-H 'Content-Type: application/json'
Example Response 
{
  "id": "f47ac10b-58cc-4372-a567-0e02b2c3d479",
  "active": true,
  "name": "john.doe@example.com",
  "firstName": "John",
  "lastName": "Doe",
  "identityType": "REGULAR_USER"
}

Response Status Codes

200   OK

400   Bad Request

401   Unauthorized

403   Forbidden

404   Not Found

500   Internal Server Error

Update a User

Update a user. For regular users, only firstName and lastName are updatable.

Method and URL 
PUT /v0/users/{userId}

Parameters

userId Path   String (UUID)

The ID of the user to update.

Example: f47ac10b-58cc-4372-a567-0e02b2c3d479

id Body   String (UUID)

The unique identifier of the user. This should be the same as the userId.

Example: f47ac10b-58cc-4372-a567-0e02b2c3d479

active Body   Boolean

Whether the user is active.

Example: true

name Body   String

For regular users, the user's email address. For service users, the service username. This should be the same as the current username.

Example: john.doe@example.com

firstName Body   String   Optional

The user's first name. Applies to regular users only.

Example: John

lastName Body   String   Optional

The user's last name. Applies to regular users only.

Example: Doe

identityType Body   String

The type of user. This should be the same as the existing identityType.

Enum: REGULAR_USER, SERVICE_USER

Example: REGULAR_USER

Example Request 
curl -X PUT 'https://api.dremio.cloud/v0/users/f47ac10b-58cc-4372-a567-0e02b2c3d479' \
-H 'Authorization: Bearer <access token>' \
-H 'Content-Type: application/json' \
-d '{
  "id": "f47ac10b-58cc-4372-a567-0e02b2c3d479",
  "active": true,
  "name": "john.doe@example.com",
  "firstName": "John",
  "lastName": "Doe",
  "identityType": "REGULAR_USER"
}'
Example Response 
{
  "id": "f47ac10b-58cc-4372-a567-0e02b2c3d479",
  "active": true,
  "name": "john.doe@example.com",
  "firstName": "John",
  "lastName": "Doe",
  "identityType": "REGULAR_USER"
}

Response Status Codes

200   OK

400   Bad Request

401   Unauthorized

403   Forbidden

404   Not Found

500   Internal Server Error

Delete a User

Delete a user.

Method and URL 
DELETE /v0/users/{userId}

Parameters

userId Path   String (UUID)

The ID of the user to delete.

Example: f47ac10b-58cc-4372-a567-0e02b2c3d479

Example Request 
curl -X DELETE 'https://api.dremio.cloud/v0/users/f47ac10b-58cc-4372-a567-0e02b2c3d479' \
-H 'Authorization: Bearer <access token>' \
-H 'Content-Type: application/json'
Example Response 
No response

Response Status Codes

204   No Content

400   Bad Request

401   Unauthorized

403   Forbidden

404   Not Found

500   Internal Server Error

List Parent Roles for a User

List the roles the user is a direct member of. This does not include transitive role memberships.

Method and URL 
GET /v0/users/{userId}/parent-roles

Parameters

userId Path   String (UUID)

The ID of the user.

Example: f47ac10b-58cc-4372-a567-0e02b2c3d479

maxResults Query   Integer   Optional

Maximum number of results to return per page. Minimum: 1. Maximum: 1000.

Example: 100

pageToken Query   String   Optional

Token specifying which page to return. Do not change other query parameters when using pageToken.

Example Request 
curl -X GET 'https://api.dremio.cloud/v0/users/f47ac10b-58cc-4372-a567-0e02b2c3d479/parent-roles' \
-H 'Authorization: Bearer <access token>' \
-H 'Content-Type: application/json'
Example Response 
{
  "data": [
    {
      "id": "a1b2c3d4-e5f6-7890-abcd-ef1234567890",
      "name": "DATA_ENGINEER",
      "type": "INTERNAL",
      "description": "Data Engineers"
    }
  ],
  "totalResults": 1
}

Response Status Codes

200   OK

400   Bad Request

401   Unauthorized

403   Forbidden

500   Internal Server Error

Add a Parent Role to a User

Add a role to the user's list of parent roles.

Method and URL 
POST /v0/users/{userId}/parent-roles

Parameters

userId Path   String (UUID)

The ID of the user.

Example: f47ac10b-58cc-4372-a567-0e02b2c3d479

id Body   String (UUID)

The ID of the role to add.

Example: a1b2c3d4-e5f6-7890-abcd-ef1234567890

Example Request 
curl -X POST 'https://api.dremio.cloud/v0/users/f47ac10b-58cc-4372-a567-0e02b2c3d479/parent-roles' \
-H 'Authorization: Bearer <access token>' \
-H 'Content-Type: application/json' \
-d '{"id": "a1b2c3d4-e5f6-7890-abcd-ef1234567890"}'
Example Response 
{
  "id": "a1b2c3d4-e5f6-7890-abcd-ef1234567890"
}

Response Status Codes

201   Created

400   Bad Request

401   Unauthorized

403   Forbidden

404   Not Found

500   Internal Server Error

Update Parent Roles for a User

Add and remove parent roles for a user in a single request.

Method and URL 
PATCH /v0/users/{userId}/parent-roles

Parameters

userId Path   String (UUID)

The ID of the user.

Example: f47ac10b-58cc-4372-a567-0e02b2c3d479

addRoles Body   Array of String (UUID)   Optional

List of role IDs to add to the user's parent roles.

Example: ["a1b2c3d4-e5f6-7890-abcd-ef1234567890"]

removeRoles Body   Array of String (UUID)   Optional

List of role IDs to remove from the user's parent roles.

Example: ["b2c3d4e5-f6a7-8901-bcde-f23456789012"]

Example Request 
curl -X PATCH 'https://api.dremio.cloud/v0/users/f47ac10b-58cc-4372-a567-0e02b2c3d479/parent-roles' \
-H 'Authorization: Bearer <access token>' \
-H 'Content-Type: application/json' \
-d '{
  "addRoles": ["a1b2c3d4-e5f6-7890-abcd-ef1234567890"],
  "removeRoles": ["b2c3d4e5-f6a7-8901-bcde-f23456789012"]
}'
Example Response 
{
  "addedRoles": ["a1b2c3d4-e5f6-7890-abcd-ef1234567890"],
  "removedRoles": ["b2c3d4e5-f6a7-8901-bcde-f23456789012"]
}

Response Status Codes

200   OK

400   Bad Request

401   Unauthorized

403   Forbidden

404   Not Found

500   Internal Server Error

Remove a Parent Role from a User

Remove a role from the user's list of parent roles.

Method and URL 
DELETE /v0/users/{userId}/parent-roles/{parentRoleId}

Parameters

userId Path   String (UUID)

The ID of the user.

Example: f47ac10b-58cc-4372-a567-0e02b2c3d479

parentRoleId Path   String (UUID)

The ID of the parent role to remove.

Example: a1b2c3d4-e5f6-7890-abcd-ef1234567890

Example Request 
curl -X DELETE 'https://api.dremio.cloud/v0/users/f47ac10b-58cc-4372-a567-0e02b2c3d479/parent-roles/a1b2c3d4-e5f6-7890-abcd-ef1234567890' \
-H 'Authorization: Bearer <access token>' \
-H 'Content-Type: application/json'
Example Response 
No response

Response Status Codes

204   No Content

400   Bad Request

401   Unauthorized

403   Forbidden

404   Not Found

500   Internal Server Error