Skip to main content
Version: current [24.3.x]

Personal Access Tokens Enterprise

Personal access tokens (PATs) are randomly-generated tokens associated with a user that are used in place of a password to log in to a service.

PATs provide an easy way for an individual to connect to Dremio and they can last up to 180 days until they expire. You cannot create a PAT for another user, because you can use a PAT only that you created. This means administrators cannot create multiple PATs to distribute to other users at an organization.

Dremio PATs are typically used for logging in with REST APIs or ODBC/JBDC into the system when SSO or LDAP is implemented. Also, PATs can be used for logging in to the Dremio UI and to reduce access permissions within a service.

Using a PAT

note

Depending on the tool or service used, users may need to use $token as the username and then enter the PAT in the password field.

To use PATs with:

  • The REST API, use the PAT as a password parameter to log in.
  • ODBC/JDBC connections, use the PAT as a password to log in.
  • The Dremio application, use the PAT as a password to log in.

Enabling the Use of PATs

You can enable or disable the use of PATs in Dremio with the auth.personal-access-tokens.enabled support key:

  1. Log in to Dremio as an admin.

  2. Click the Settings (gear) icon on the side navigation bar.

  3. Select Support from the settings sidebar.

  4. On the Support Settings page, complete one of the following:

    a. If the auth.personal-access-tokens.enabled key has not been added under Support Keys, enter the key name in the search box, then click Show. Toggle the slider to enable the setting, then click Save.

    b. If the auth.personal-access-tokens.enabled key has already been added, toggle the slider to enable the setting, then click Save.

Viewing All PATs

To view all PATs you have created:

  1. Click the User icon (user initials) on the side navigation bar and select Account Settings.

  2. Select Personal Access Tokens from the settings sidebar.

    The Personal Access Tokens page shows all PATs, active and expired, for your account. If you are logged in as a user with the ADMIN role, you can view PATs for all users.

    note

    If the Personal Access Tokens settings are not visible, ensure the PATs Support Key is enabled and try refreshing the page in your browser.

Creating a PAT

note

A PAT's expiration or lifespan cannot be altered after it is created. PATs can still exist (depending on the Lifetime setting) in the system after a user is deleted. If a user is deleted from Dremio, SSO, or LDAP, ensure that all of their PATs are deleted using the Token API.

To create a PAT:

  1. Click the User icon (user initials) on the side navigation bar and select Account Settings.

  2. Select Personal Access Tokens from the settings sidebar.

  3. On the Personal Access Tokens page, click the Generate Token button at the top-right corner of the screen.

  4. In the Generate Token dialog, for Label, add an identifier to describe what the PAT is for.

  5. For Lifetime, enter the number of days that you want the PAT to be valid before it expires.

    note

    The default PAT lifetime is 30 days and the maximum lifetime is 180 days. To specify a different maximum lifetime, change the value of the auth.personal-access-token.max_lifetime_days support key. Changing the value of this support key does not affect existing tokens.

  6. Click Generate.

  7. Copy the generated PAT and save it to a secure location on your computer.

    caution

    Be sure you save the generated PAT because it cannot be accessed again after closing the Generate Token dialog.

Deleting a PAT

Each user can delete PATs in their own account.

To delete an existing PAT:

  1. Click the User icon (user initials) on the side navigation bar and select Account Settings.

  2. Select Personal Access Tokens from the settings sidebar.

  3. On the Personal Access Tokens page, click the Delete (trash) icon for the PAT that you want to delete.

  4. In the Delete Token dialog, click Delete to confirm. The PAT is deleted and cannot be retrieved.

Deleting All PATs

Any user can delete all PATs from their own account.

To delete all PATs for your account:

  1. Click the User icon (user initials) on the side navigation bar and select Account Settings.

  2. Select Personal Access Tokens from the settings sidebar.

  3. On the Personal Access Tokens page, click the Delete All button at the top-right corner of the screen.

  4. In the Delete All Tokens dialog, click Delete to confirm that you want to delete all PATs in the list. After a PAT has been deleted, it cannot be retrieved.

note

Admins cannot delete PATs on behalf of other users.