On this page


    The following are common terms used in Dremio, along with their definitions. The purpose of this glossary is to help administrators understand the context with which each term is used.


    Access. The ability to use or edit any data resource.

    Access control. The capability of assigning roles or users specific privileges to view and edit virtual or physical datasets. For more information, see Access Control.

    Administrator. A user with global privileges that assigns group and user access to view or edit specific components of your datasets.

    Audit. An official organizational review of user privileges currently in effect. This is viewed as a reliable method for locating and removing unnecessary or incorrectly-applied privileges from users or groups.


    Event. An action or the result of an action. These are logged and monitored for security purposes.


    Grant. The action by which one or more privileges are added to a user or group’s access. In other words, a user may now perform the tasks specifically associated with the newly-granted privilege.

    Group. Also referred to as a “role.” Multiple users within a single category or role with identical privileges. Groups are used to define roles and simplify access control.


    Inheritance. The principles of inheritance allow for a user or group to retain the same privileges between an assigned object and any child objects contained within. For more information, see Inheritance for access control.


    Least privilege. An information security concept where a user is given minimal levels of access, or privileges, needed to perform their job functions.


    Migration. The process of moving a company from the old access control system to the new functionality by upgrading to Dremio v15.0+. This controls how existing privileges in the old model are translated with regard to applying access to new controls.


    Object. An entity that roles are granted access to interact with or manage. Unless privileges are granted, access to the object is denied.

    Ownership. A user who can modify an object’s contents and settings, as well as the access control list for other users accessing that object. Ownership is assumed when a user creates a new object.

    Ownership Chaining. When a user creates a VDS from an existing PDS they have access to, they become the owner of the new dataset and may extend access to other users for that VDS. For more information, see Ownership Chaining in access control.


    Permission. See privilege.

    Policies. Rules or privileges that specify the correct or expected behavior of an entity.

    Privilege. The granted authority to make changes to a dataset, metadata, configuration settings, and other users. Powers granted to users or groups based on their role or identity attributes. For more information, see Privileges for access control.

    Privileged user. A user possessing specific privileges that grant them access to managing data or other users.


    Revoke. The action by which one or more privileges are removed from a user or group’s access. In other words, a user may no longer perform the revoked privilege until it has been granted back.

    Role. Also referred to as a “group.” An identity or group of users automatically assigned a series of specific privileges to perform certain user tasks.


    Scope. The objects a user or group is given access to view or manage. For more information, see Scope for access control.


    User. People whose access to corporate datasets must be managed.