Skip to main content

Personal Access Tokens

Personal access tokens (PATs) are randomly generated tokens associated with a user that are used in place of a password to authenticate with Dremio. PATs can last up to 180 days before they expire and provide a secure way to enable programmatic access, automation, and CI/CD workflows.

When using a PAT, you have the same privileges and roles as the user who created the token. This means a PAT can only access what the user can access.

When to Use PATs

Dremio recommends using OAuth access tokens for most use cases, as they provide enhanced security through shorter lifespans and centralized management. PATs should primarily be used in scenarios where OAuth tokens are not supported or practical.

PATs may be appropriate for:

  • Legacy systems: Applications that cannot support OAuth authentication flows.
  • Simple scripts: Quick automation tasks where OAuth setup overhead is not justified.
  • Development and testing: Temporary access for development workflows.
  • ODBC/JDBC connections: When OAuth is not supported by the client application.

Create a PAT

To create a PAT:

  1. Click the User icon (user initials) on the side navigation bar and select Account Settings.
  2. Select Personal Access Tokens in the account settings sidebar.
  3. On the Personal Access Tokens page, click Generate Token in the top-right corner of the screen.
  4. In the Generate Token dialog, for Label, add a descriptive identifier explaining what the PAT is for (e.g., "CI Pipeline - Data Tests" or "Tableau Integration").
  5. For Lifetime, enter the number of days the PAT will be valid. The default PAT lifetime is 30 days, and the maximum lifetime is 180 days.
  6. Click Generate.
  7. Important: Copy the generated PAT immediately and save it to a secure location. The token is shown only once and cannot be retrieved later.

Manage PATs

View PAT Metadata

A PAT is shown only once during creation. However, you can view the token ID, label, creation date, and expiration status for all PATs in your account.

To view the metadata for all the PATs you have created:

  1. Click the User icon (user initials) on the side navigation bar and select Account Settings.
  2. Select Personal Access Tokens from the settings sidebar.

The Personal Access Tokens page displays all the metadata for PATs, both active and expired, for your account.

Delete a PAT

Each user can delete PATs in their own account.

To delete an existing PAT:

  1. Click the User icon (user initials) on the side navigation bar and select Account Settings.
  2. Select Personal Access Tokens in the account settings sidebar.
  3. On the Personal Access Tokens page, click Delete for the PAT that you want to delete.
  4. In the Delete Token dialog, click Delete to confirm. The PAT is deleted and cannot be retrieved.

Delete All PATs

Any user can delete all PATs from their own account. ADMIN users cannot delete PATs on behalf of other users.

To delete all PATs for your account:

  1. Click the User icon (user initials) on the side navigation bar and select Account Settings.
  2. Select Personal Access Tokens in the account settings sidebar.
  3. On the Personal Access Tokens page, click Delete All in the top-right corner of the screen.
  4. In the Delete All Tokens dialog, click Delete to confirm that you want to delete all PATs in the list. After a PAT has been deleted, it cannot be retrieved.

Use PATs

PATs can be used to authenticate with various Dremio interfaces:

  • REST API: Use PATs for programmatic access and automation.
  • JDBC: Connect applications using JDBC drivers.
  • ODBC: Connect applications using ODBC drivers.
  • Dremio web application: Use your PAT as a password to log in.

For specific connection details and examples, see the documentation for each connection method.

Limits and Considerations

  • Self-service only: Users can only create and manage PATs for themselves—even ADMIN users cannot create or manage PATs on behalf of other users.
  • User permissions: PATs are tied to user accounts—if a user is deactivated, their PATs stop working.
  • No privilege restriction: PATs cannot be scoped to fewer privileges than the user has.
  • Token management: Use descriptive labels and set appropriate expiration times for each token.