Welcome to Dremio Cloud Documentation - Dremio > > > >

Grants enterprise

Use the Catalog API to grant user and role privileges on specific catalog objects.

note:

Use the Privileges endpoint to retrieve lists of the privileges that are available on each type of catalog object.

Grants Object

{
  "id": "7f1c4660-cd7b-40d0-97d1-b8a6f431cbda",
  "availablePrivileges": [
    "ALTER",
    "DELETE",
    "INSERT",
    "MANAGE_GRANTS",
    "SELECT",
    "TRUNCATE",
    "UPDATE"
  ],
  "grants": [
    {
      "privileges": [
        "ALTER",
        "SELECT",
        "MANAGE_GRANTS"
      ],
      "granteeType": "USER",
      "id": "27937a63-e7e5-4478-8d3c-4ad3f20d43c0",
      "name": "jeansmith",
      "firstName": "Jean",
      "lastName": "Smith",
      "email": "jean_smith@example.com"
    },
    {
      "privileges": [
        "ALTER",
        "SELECT"
      ],
      "granteeType": "ROLE",
      "id": "0f2d94e0-bb5e-4c03-8c6f-62d379d10889",
      "name": "examplerole"
    }
  ]
}

Grants Attributes

Unique identifier of the Dremio catalog object.

Example 7f1c4660-cd7b-40d0-97d1-b8a6f431cbda

List of available privileges on the catalog object. For more information, read Privileges.

Example [ "ALTER", "DELETE", "INSERT", "MANAGE_GRANTS", "SELECT", "TRUNCATE", "UPDATE" ]

Information about the privileges and grantees for the catalog object. If the grants array is empty, there are no explicit grants for the object.

Note:

An empty grants array does not mean no users have access to the object at all. For example, admin users implicitly have all privileges on all catalog objects, owners implicitly have all privileges on everything they own, and children objects inherit the grants for their parent objects.

Example [ { "privileges": [ "ALTER", "SELECT", "MANAGE_GRANTS" ], "granteeType": "USER", "id": "27937a63-e7e5-4478-8d3c-4ad3f20d43c0", "name": "jeansmith", "firstName": "Jean", "lastName": "Smith", "email": "jean_smith@example.com" }, { "privileges": [ "ALTER", "SELECT" ], "granteeType": "ROLE", "id": "0f2d94e0-bb5e-4c03-8c6f-62d379d10889", "name": "examplerole" } ]

grants

List of privileges granted to the user or role. For more information, read Privileges.

Example [ "ALTER", "SELECT", "MANAGE_GRANTS" ]

Type of grantee.

Enum USER , ROLE

Example USER

Unique identifier of the user or role.

Example 27937a63-e7e5-4478-8d3c-4ad3f20d43c0

Name of the user or role.

Example jeansmith

For users, the user's first name. Not included for roles.

Example Jean

For users, the user's last name. Not included for roles.

Example Smith

For users, the user's email address. Not included for roles.

Example jean_smith@example.com

Creating or Updating Privilege Grants on a Catalog Object

Create or update the privileges granted to users and roles on the specified catalog object.

note:

You must have the MANAGE GRANTS privilege to create or update privilege grants on catalog objects.

Method and URL

PUT /api/v3/catalog/{id}/grants

Parameters

Array of objects that specify which users and roles should have privileges on the catalog object, as well as each user's and role's specific privileges. May include objects for users, roles, or both.

Example [ { "privileges": [ "ALTER", "SELECT", "MANAGE_GRANTS" ], "granteeType": "USER", "id": "27937a63-e7e5-4478-8d3c-4ad3f20d43c0" }, { "privileges": [ "SELECT", "ALTER" ], "granteeType": "ROLE", "id": "0f2d94e0-bb5e-4c03-8c6f-62d379d10889" } ]

grants

List of privileges to grant to the user or role. Use the Privileges endpoint to retrieve a list of available privileges on the catalog object type. For more information, read Privileges.

Example [ "ALTER", "SELECT", "MANAGE_GRANTS" ]

Type of grantee.

Enum USER , ROLE

Example USER

Unique identifier of the user or role.

Example 27937a63-e7e5-4478-8d3c-4ad3f20d43c0

Example Request

curl -X PUT 'https://{hostname}/api/v3/catalog/7f1c4660-cd7b-40d0-97d1-b8a6f431cbda/grants' \
--header 'Authorization: _dremio{tokenstring}' \
--header 'Content-Type: application/json' \
--data-raw '{
  "grants": [
    {
      "privileges": [
        "ALTER",
        "SELECT",
        "MANAGE_GRANTS"
      ],
      "granteeType": "USER",
      "id": "27937a63-e7e5-4478-8d3c-4ad3f20d43c0"
    },
    {
      "privileges": [
        "SELECT",
        "ALTER"
      ],
      "granteeType": "ROLE",
      "id": "0f2d94e0-bb5e-4c03-8c6f-62d379d10889"
    }
  ]
}'

Example Response

No response

Response Status Codes

Retrieving Privileges and Grantees on a Catalog Object

Retrieve information about the privileges granted to users and roles on the specified catalog object.

note:

You must have the MANAGE GRANTS privilege to retrieve privilege grants on catalog objects.

Method and URL

GET /api/v3/catalog/{id}/grants

Parameters

Unique identifier of the object whose privilege grants you want to retrieve.

Example 7f1c4660-cd7b-40d0-97d1-b8a6f431cbda

Example Request

curl -X GET 'https://{hostname}/api/v3/catalog/7f1c4660-cd7b-40d0-97d1-b8a6f431cbda/grants' \
--header 'Authorization: _dremio{tokenstring}' \
--header 'Content-Type: application/json'

Example Response

{
  "id": "7f1c4660-cd7b-40d0-97d1-b8a6f431cbda",
  "availablePrivileges": [
    "ALTER",
    "DELETE",
    "INSERT",
    "MANAGE_GRANTS",
    "SELECT",
    "TRUNCATE",
    "UPDATE"
  ],
  "grants": [
    {
      "privileges": [
        "ALTER",
        "SELECT",
        "MANAGE_GRANTS"
      ],
      "granteeType": "USER",
      "id": "27937a63-e7e5-4478-8d3c-4ad3f20d43c0",
      "name": "jeansmith",
      "firstName": "Jean",
      "lastName": "Smith",
      "email": "jean_smith@example.com"
    },
    {
      "privileges": [
        "ALTER",
        "SELECT"
      ],
      "granteeType": "ROLE",
      "id": "0f2d94e0-bb5e-4c03-8c6f-62d379d10889",
      "name": "examplerole"
    }
  ]
}

Response Status Codes

Was this page helpful?

Glad to hear it! Thank you for your feedback. Sorry to hear that. Thank you for your feedback.