Update Grantee Privileges

NOTE:

This functionality is for Dremio v16.0+ Enterprise Edition only.

This API updates the privileges associated with a user/group, or granteeType.

Endpoint Syntax

PUT /api/v3/catalog/{Id}/grants

Required Privileges

All users executing this Rest API must have the MANAGE GRANTS privilege assigned to receive a comprehensive response output.

Request Parameters

granteeType id privileges

Request Input

{
 "grants": [
   {
     "privileges": [
       "ALTER",
       "SELECT"
     ],
     "granteeType": "USER",
     "id": "7f28aa49-2309-4eed-91f9-162454f94bd7"
   },
   {
     "privileges": [
       "SELECT", "ALTER"
     ],
     "granteeType": "ROLE",
     "id": "9090cda4-66db-48da-b8b7-b8c49f9fb287"
   }
 ]
}

Response Codes

  • 200 - Success.
  • 403 - The user executing the API request lacks the MANAGE GRANTS permission.
  • 404 - An object with the entityId is not found.

Example: Curl Request

curl -X PUT --location "http://localhost:9047/api/v3/catalog/c3097cb9-93b6-4cea-b2b8-754793ec1406/grants" \
    -H "Authorization: _dremion50js90mbaqdp5k227m1e7hk3u" \
    -H "Content-Type: application/json" \
    -H "Accept: application/json" \
    -d "{
          \"grants\": [
            {
              \"privileges\": [
                \"SELECT\", \"ALTER\", \"VIEW_REFLECTION\"
              ],
              \"granteeType\": \"USER\",
              \"id\": \"821b04ae-0d0d-448c-a8b1-e77151732d4d\",
              \"name\": \"dremio\",
              \"firstName\": \"a\",
              \"lastName\": \"a\",
              \"email\": \"a@b.com\"
            },
            {
              \"privileges\": [
                \"SELECT\", \"ALTER\"
              ],
              \"granteeType\": \"ROLE\",
              \"id\": \"5cdaac3f-611b-4b78-bf37-85d8a85e4a1f\",
              \"name\": \"PUBLIC\"
            }
          ]
        }"

Behaviors

Dremio access control does not allow allowCreateDrop (CTAS) for sources. However, this will not cause any errors when sent via REST APIs.