On this page

    Personal Access Tokens

    Personal access tokens (PATs) are randomly-generated tokens associated with a user. PATs are used in place of a password to log in to a service.

    note:

    Enterprise Edition only

    Note:

    You cannot create a personal access token for another user from your Dremio account. Tokens may only be used by user creating the token in Dremio. This means administrators cannot create multiple tokens to distribute to other users at an organization.

    Dremio PATs are typically used to log into the system when SSO or LDAP is implemented and REST APIs or ODBC/JDBC are used to access Dremio. In addition to logging in via REST or ODBC/JDC, PATs can also be used to login to the Dremio UI.

    Note:

    PATs can be used to reduce access permissions within a service.

    Using PATs

    When using PATs with the Dremio REST API, ODBC/JDBC, or UI:

    • With REST, use PAT as a password parameter to login.
    • With ODBC/JDBC, use PAT as a password to login.
    • With Dremio UI, use PAT as a password to login.

    Enabling PATs

    To enable personal access tokens:

    1. Log in Dremio as an admin and navigate to Settings > Support.
    2. If the associated support key has not already been added, enter auth.personal-access-tokens.enabled and then click Show.
    3. Enable the support key.

    Creating PATs

    To create a PAT:

    1. Log in on Dremio as a user.
    2. Click on your username at the top-right corner of the screen, followed by Account Settings.
    3. Select the Personal Access Tokens tab.

    Note:

    If the Personal Access Tokens tab is not visible, try refreshing the page via your browser.

    1. Click Generate Token.
    2. Provide a Label to identify the token by and enter a desired value for Lifetime.
    3. Click Generate.
    4. Copy the token string that appears on the next dialog screen.

    Note:

    Personal access tokens expire after 90 days by default. To specify a different expiration period, change the value of the auth.personal-access-token.max_lifetime_days support key. Values greater than 36525 cause tokens to expire immediately. Changes to the value do not affect existing tokens.

    Deleting PATs

    Each user can delete PATs via the Dremio UI.

    To delete your specific PAT:

    1. Navigate to UserName > Account Settings > Personal Access Tokens.
    2. Select Action for your specific PAT.
    3. From the popup, click Remove.

    To delete all of your PATs:

    1. Navigate to UserName > Account Settings > Personal Access Tokens.
    2. Select Delete all
    3. From the popup, click Remove.

    Administration

    PATs can still exist (depending on the Lifetime setting) in the system after a user is deleted.

    If users are deleted from the Dremio environment, SSO, or LDAP, ensure that all of their Personal Access Tokens (PATs) are also deleted. This accomplished via the REST API.