Summary
This article explains how to create a role in Dremio and assign permissions, such as viewing reflections or executing external queries. It also includes guidance on verifying role permissions using built-in tools and APIs.
Relevant Versions
All Versions
Troubleshooting Steps
N/A
Cause
This request typically arises when:
- A new role needs to be created and assigned specific permissions.
- Users are unsure if the role has been properly granted access.
- The "Privileges" option is not visible due to insufficient admin permissions.
Steps to Resolve
Currently, there is no direct UI method to verify if a role has a specific permission. However, the following steps can help:
1. Check Role Permissions Programmatically
You can retrieve permission details using the Catalog Privileges API
Alternatively, you can query the sys.privileges table:
SELECT * FROM sys.privileges WHERE grantee_id = '<role_id>';
This helps identify which catalog objects a role has access to.
2. Create a Role and Assign Permissions via UI
Roles can be created and managed from Settings → Roles.
Assigning Privileges to a Role:
- After creating the role, go to the source or space where access is required.
- Open the Privileges section.
- Add the role and assign necessary permissions like "View Reflection", "Select", or "External Query".
3. External Query Permissions
To enable a role or user to run external queries (e.g., through reflection refresh or BI tools), additional permissions may be needed.
Refer to the official guide: https://docs.dremio.com/cloud/sonar/data-sources/external/#enabling-users-to-perform-external-queries
Next Steps
- Confirm your role has sufficient privileges using the
sys.privilegestable. - If the "Privileges" tab is not visible, consult your Dremio admin or DevOps team to ensure your user account has the necessary rights.
- Use the Catalog API for fine-grained visibility into assigned privileges.