I am new to dremio and work at an organization considering using the open source version. We work in a health care environment with health data. Does the logging function within dremio capture when new users are added to dremio, when an existing user shares their space with another user, or what a data a user places within their space? I am looking to be able to audit user access to restricted types of information.
Thanks!
Hi @Susan_Glick community version doesn’t include the ability to restrict access to data sources or spaces. All users can view and edit source and space configurations, as well as access all the datasets.
However, you do have the capability to track and monitor what datasets each user accesses using the query logging capabilities.
Thanks. So, let me make sure I understand correctly. Dremio open source will not track/log when a user is logged or logged out of dremio. But the query logs will tell me which user accessed which dataset. And by access I specifically mean place the dataset into their space. I assume a user can not view a dataset without putting the dataset into their space. And, when someone is a user in dremio open source, that user has access to all sources of data sitting in the lake. Community dremio can not confine a data user to a specific dataset within the lake, nor can it give access to a user to just some of the datasets in the lake.
Just want to make sure I understand correctly.
Thanks
Sure, responses in-line:
But the query logs will tell me which user accessed which dataset. And by access I specifically mean place the dataset into their space.
Yes query logs tell you dataset access for all users. It doesn’t matter which data source or space the dataset is located under, as long as it’s available in Dremio.
I assume a user can not view a dataset without putting the dataset into their space. And, when someone is a user in dremio open source, that user has access to all sources of data sitting in the lake.
In community edition, all datasets can be viewed by any user, regardless where they live. No need to “share” a space or a dataset, because it’ll already be accessible for all users. Of course, datasets need to be accessible from Dremio first – meaning it needs to be added as a data source or uploaded into a user’s home space.
Community dremio can not confine a data user to a specific dataset within the lake, nor can it give access to a user to just some of the datasets in the lake.
Correct.
Dremio open source will not track/log when a user is logged or logged out of dremio.
I need to double check on this, not sure how what we exactly log for different scenarios: UI logins, JDBC/ODBC authentications, etc. What is your main audit focus here – UI logins or other connectivity?
Hi , I had create a new user with dremio UI. But I can not access to the hive data source.
log says : Access denied reading dataset xxxxxxxx
Any updates on this, facing the same issue.