Personal Access Tokens

Personal access tokens (PATs) are randomly-generated tokens associated with a user. PATs are used in place of a password to log in to a service.

Enterprise Edition only

Dremio PATs are typically used to log into the system when SSO or LDAP is implemented and REST APIs or ODBC/JDBC are used to access Dremio. In addition to logging in via REST or ODBC/JDC, PATs can also be used to login to the Dremio UI.

Note

PATs can be used to reduce access permissions within a service.

Using PATs

When using PATs with the Dremio REST API, ODBC/JDBC, or UI:

  • With REST, use PAT as a password parameter to login.
  • With ODBC/JDBC, use PAT as a password to login.
  • With Dremio UI, use PAT as a password to login.

Enabling PATs

To enable personal access tokens:

  1. Log in Dremio as an admin and navigate to Settings > Support.
  2. If the associated support key has not already been added, enter auth.personal-access-tokens.enabled and then click Show.
  3. Enable the support key.

Creating PATs

To create a PAT:

  1. Log in on Dremio as a user.
  2. Click on your username at the top-right corner of the screen, followed by Account Settings.
  3. Select the Personal Access Tokens tab.

Note

If the Personal Access Tokens tab is not visible, try refreshing the page via your browser.

  1. Click Generate Token.
  2. Provide a Label to identify the token by and enter a desired value for Lifetime.
  3. Click Generate.
  4. Copy the token string that appears on the next dialog screen.

NOTE:

Personal access tokens expire after 90 days by default. To specify a different expiration period, change the value of the auth.personal-access-token.max_lifetime_days support key. Values greater than 36525 cause tokens to expire immediately. Changes to the value do not affect existing tokens.

Deleting PATs

Each user can delete PATs via the Dremio UI.

To delete your specific PAT:

  1. Navigate to UserName > Account Settings > Personal Access Tokens.
  2. Select Action for your specific PAT.
  3. From the popup, click Remove.

To delete all of your PATs:

  1. Navigate to UserName > Account Settings > Personal Access Tokens.
  2. Select Delete all
  3. From the popup, click Remove.

Administration

PATs can still exist (depending on the Lifetime setting) in the system after a user is deleted.

If users are deleted from the Dremio environment, SSO, or LDAP, ensure that all of their Personal Access Tokens (PATs) are also deleted. This accomplished via the REST API.