Dremio Community

Personal Access Tokens

Personal access tokens (PATs) are randomly-generated tokens associated with a user. PATs are used in place of a password to log in to a service.

Enterprise Edition only

Dremio PATs are typically used to log into the system when SSO or LDAP is implemented and REST APIs or ODBC/JDBC are used to access Dremio. In addition to logging in via REST or ODBC/JDC, PATs can also be used to login to the Dremio UI.

Note

PATs can be used to reduce access permissions within a service.

Using PATs

When using PATs with the Dremio REST API, ODBC/JDBC, or UI:

  • With REST, use PAT as a password parameter to login.
  • With ODBC/JDBC, use PAT as a password to login.
  • With Dremio UI, use PAT as a password to login.

Enabling PATs

To enable PATS:

  1. Login to Dremio UI as Admin.
  2. Navigate to Admin > Cluster > Support > Support Keys.
  3. Add the auth.personal-access-tokens.enabled key and click Show.
  4. Ensure that the key is enabled.

Creating PATs

To create a PAT:

  1. Login to Dremio UI as a user.
  2. Navigate to UserName > Account Settings. The following screenshot shows the UserName as ruth.
  3. Select Personal Access Tokens under Account Settings and click New Token.
  4. Provide a token label and lifetime (time to be active before expiring) and click generate.
  5. As this point, you copy your token for future use and close the popup. Click Copy and Close.

The following screenshot shows a generated PAT for the user, Ruth:

Note

Personal access tokens expire after 90 days by default. To specify a different expiration period, set the auth.personal-access-token.max_lifetime_days support key to the desired number of days. Only tokens generated after the change are affected.

Deleting PATs

Each user can delete PATs via the Dremio UI.

To delete your specific PAT:

  1. Navigate to UserName > Account Settings > Personal Access Tokens.
  2. Select Action for your specific PAT.
  3. From the popup, click Remove.

To delete all of your PATs:

  1. Navigate to UserName > Account Settings > Personal Access Tokens.
  2. Select Delete all
  3. From the popup, click Remove.

Administration

PATs can still exist (depending on the Lifetime setting) in the system after a user is deleted.

If users are deleted from the Dremio environment, SSO, or LDAP, ensure that all of their Personal Access Tokens (PATs) are also deleted. This accomplished via the REST API.