Roles

Roles are groups of privileges that can be applied to users as needed. Roles are used to organize privileges at scale rather than managing privileges for each individual user (also called members). You can define roles based on the types of users in your organization. For example, an Analyst and Security_Admin roles can be created to manage privileges for a users with different functions.

Predefined Roles

Dremio has predefined roles that can be used to manage privileges. The privileges for these roles are immutable by users.

ADMIN

The ADMIN role is designed for administrative users that require super/global access. Users who are assigned this role are granted every privilege across all objects.

note:

The first user in an organization is automatically assigned the ADMIN role.

PUBLIC

The PUBLIC role is assigned by default to all new users added to the organization. This role grants the following privileges:

• USAGE on a project
• USAGE on all engines
• USAGE on any predefined [OAuth apps](/cloud/security/authentication/oauth-apps/) and [token providers](/cloud/security/authentication/external-token/)

SELECT and ALTER privileges are not granted for any sources and must be manually assigned by a user with the ADMIN role.

Viewing All Roles

To view all roles in an organization:

1. Click the Organization icon in the side navigation bar.
2. Click the Settings icon at the top of the Organization page.
3. Select Roles in the organization settings sidebar.

Creating a Custom Role

To create a custom role:

1. Click the Organization icon in the side navigation bar.
2. Click the Settings icon at the top of the Organization page.
3. Select Roles in the organization settings sidebar.
4. Click the Create Role button at the top-right corner of the screen.
5. In the Add Role dialog, for Name, enter the name to associate with the role, such as the position title or employee type that will be associated with the role.
6. (Optional) For Description, provide any details regarding the purpose of the role or its associated privileges.
7. Click Add.

Editing a Custom Role

To edit a custom role:

1. Click the Organization icon in the side navigation bar.
2. Click the Settings icon at the top of the Organization page.
3. Select Roles in the organization settings sidebar.
4. On the Roles page, hover over the role and click the Edit Role icon that appears next to the role.
5. On the Roles page, make any desired changes, such as adding or removing a child role and adding or removing a member.
6. Click Save.

Removing a Custom Role

To remove a custom role:

1. Click the Organization icon in the side navigation bar.
2. Click the Settings icon at the top of the Organization page.
3. Select Roles in the organization settings sidebar.
4. On the Roles page, hover over the row of the role and click the Delete icon that appears next to the role.
5. Confirm that you want to delete the role. Once confirmed, the role is deleted and cannot be retrieved.

Adding a Child Role

Perform the following steps to add a child role to an existing role:

1. Click the Organization icon in the side navigation bar.
2. Click the Settings icon at the top of the Organization page.
3. Select Roles in the organization settings sidebar.
4. On the Roles page, hover over the role and click the Edit Role icon that appears next to the role.
5. Click the Roles tab.
6. Click the drop-down multi-select field and either select the desired role listed or enter a value to search for.
7. Click the Add button when you have selected the desired entry/entries. When a sub-role is added, it will display below the drop-down in a list.
8. Click Save. The child role appears in the table along the left side of the screen.

Removing a Child Role

Perform the following steps to remove a child role from an existing role:

1. Click the Organization icon in the side navigation bar.
2. Click the Settings icon at the top of the Organization page.
3. Select Roles in the organization settings sidebar.
4. On the Roles page, hover over the role and click the Edit Role icon that appears next to the role.
5. Click the Roles tab.
6. On the Roles page, hover over the row of the role and click the Delete icon that appears next to the role.
7. Click Save.

Adding a Member

Perform the following steps to add a member to an existing role:

1. Click the Organization icon in the side navigation bar.
2. Click the Settings icon at the top of the Organization page.
3. Select Roles in the organization settings sidebar.
4. On the Roles page, hover over the role and click the Edit Role icon that appears next to the role.
5. Click the Members tab.
6. Click the drop-down multi-select field and either select the desired user (listed by email address) or enter an email address to search for.
7. Click the Add button when you have selected the desired entry/entries. When a member is added, it will display below the drop-down in a list.
8. Click Save.

Removing a Member

Perform the following steps to remove a member from an existing role:

1. Click the Organization icon in the side navigation bar.
2. Click the Settings icon at the top of the Organization page.
3. Select Roles in the organization settings sidebar.
4. On the Roles page, hover over the role and click the Edit Role icon that appears next to the role.
5. Click the Members tab.
6. On the Members page, hover over the row of the member and click the Remove icon that appears next to the member.
7. Click Save.

This removes them as a member of this role, and they will no longer possess the privileges associated with that role. However, the user still retains privileges associated with any other roles they've been added as members to.