On this page

    Update Grantee Privileges

    Note:

    This functionality is for Dremio v16.0+ Enterprise Edition only.

    This API updates the privileges associated with a user/group, or granteeType.

    Endpoint Syntax

    PUT /api/v3/catalog/{Id}/grants
    

    Required Privileges

    All users executing this Rest API must have the MANAGE GRANTS privilege assigned to receive a comprehensive response output.

    Request Parameters

    granteeType id privileges

    Request Input

    {
     "grants": [
       {
         "privileges": [
           "ALTER",
           "SELECT"
         ],
         "granteeType": "USER",
         "id": "7f28aa49-2309-4eed-91f9-162454f94bd7"
       },
       {
         "privileges": [
           "SELECT", "ALTER"
         ],
         "granteeType": "ROLE",
         "id": "9090cda4-66db-48da-b8b7-b8c49f9fb287"
       }
     ]
    }
    

    Response Codes

    • 200 - Success.
    • 403 - The user executing the API request lacks the MANAGE GRANTS permission.
    • 404 - An object with the entityId is not found.

    Example: Curl Request

    curl -X PUT --location "http://localhost:9047/api/v3/catalog/c3097cb9-93b6-4cea-b2b8-754793ec1406/grants" \
        -H "Authorization: _dremion50js90mbaqdp5k227m1e7hk3u" \
        -H "Content-Type: application/json" \
        -H "Accept: application/json" \
        -d "{
              \"grants\": [
                {
                  \"privileges\": [
                    \"SELECT\", \"ALTER\", \"VIEW_REFLECTION\"
                  ],
                  \"granteeType\": \"USER\",
                  \"id\": \"821b04ae-0d0d-448c-a8b1-e77151732d4d\",
                  \"name\": \"dremio\",
                  \"firstName\": \"a\",
                  \"lastName\": \"a\",
                  \"email\": \"a@b.com\"
                },
                {
                  \"privileges\": [
                    \"SELECT\", \"ALTER\"
                  ],
                  \"granteeType\": \"ROLE\",
                  \"id\": \"5cdaac3f-611b-4b78-bf37-85d8a85e4a1f\",
                  \"name\": \"PUBLIC\"
                }
              ]
            }"
    

    Behaviors

    Dremio access control does not allow allowCreateDrop (CTAS) for sources. However, this will not cause any errors when sent via REST APIs.