This functionality is for Dremio v16.0+ Enterprise Edition only.
The following table shows all privileges currently supported by Dremio’s access control functionality.
By default, all users have all privileges granted to them for any objects without applicable permissions. Once a specific user has been granted access to an object, access is then restricted to only users granted access. All other users no longer have access.
The manual granting of privileges is accomplished either from the SQL Editor, REST APIs, or the Privileges screen. The SQL Editor is accessible from any dataset and any commands entered here will apply to the scope supplied with the command itself.
To access the role-based access control from Dremio’s interface:
If a user has been granted a specific privilege for an object by more than one group and that privilege is revoked for one group, the user will retain that privilege until it is revoked by all groups associated with the same object(s).
|SELECT||Source, Space, Folder, VDS, PDS||Gives the ability to execute
|ALTER||System, Space, Source, Folder, PDS, VDS||Edits PDS or VDS definitions or settings of all datasets in scope. For PDSs, this includes managing metadata, such as Metadata Refresh and Forget.|
|ALTER REFLECTION||System, Source, Space, Folder||Create, edit, and view reflections on all datasets in scope. Includes granting access to all interfaces, such as the Dataset Reflection pages, Administrator Reflection pages, and any REST API endpoints.|
|VIEW REFLECTIONS||System, Source, Space, Folder||View Reflections on all datasets in the scope. Includes access to all Dremio interfaces, such as the Dataset Reflection pages, Administrator Reflection pages, and any REST API endpoints.|
|CREATE [TABLE]||System, Source, Folder||Create a table using
|MANAGE GRANTS||System, Source, Space, Folder, PDS, VDS||Modifies the privileges of all objects in the set scope. Also changes the owner of all objects within the scope.|
|EXTERNAL QUERY||System, Source||Run the [external_query table function](../../data-sources/external-queries/) on the source.|
|MODIFY||System, Source, Space||Edit and delete an object. The following conditions apply:
|VIEW JOB HISTORY||System||Give the ability to view all job history.|