Hello,
I am creating a source using drem API’s. I followed the documentation provided by dremio. I would like to be able to create/assign a user group to a particular source through API as well that way i am limiting the scope of who can access this source.
Can you please let me know how to do it? I don’t see an option to pass in a user information in the API. I am not sure if it has to be a separate API.
Please let me know.
Thank you
Shailendar
can someone please help me with this?
This is only possible in Enterprise Edition and can be done using our Catalog REST API.
Hello Doron,
Thank you for responding back!!
we are using enterprise version. Can you please lead me to an example or tell me where to mention a user information?
I am reading the documentation here - Source Container - Dremio
I did not find a spot to specify user info.
Thank you
Sure, it looks like our documentation on the subject isn’t clear, will open a ticket to improve this.
For every catalog entity, you can add a accessControlList object, for example:
{
"entityType": "source",
"config": {
"accessKey": "",
"secure": false,
"externalBucketList": [
"samples.dremio.com"
],
"rootPath": "/",
"credentialType": "NONE",
"enableAsync": true,
"compatibilityMode": false,
"isCachingEnabled": true,
"maxCacheSpacePct": 100,
"requesterPays": false,
"enableFileStatusCheck": true
},
"id": "070f32f7-6aa2-478a-a657-739a235c014c",
"tag": "pxGbrDXhXFc=",
"type": "S3",
"name": "Samples",
"createdAt": "2021-12-01T22:55:50.188Z",
...
"accessControlList": {
"users": [
{
"id": "132b3d19-7d2f-48aa-a909-f3fcc0e65421",
"permissions": [
"SELECT",
"ALTER"
]
}
],
"roles": [
{
"id": "883e023f-b067-4f7f-a04f-2187db65a90d",
"permissions": [
"SELECT"
]
}
]
}
}
In this case, the user with id 132b3d19-7d2f-48aa-a909-f3fcc0e65421 is given SELECT and ALTER on this source and the role with id 883e023f-b067-4f7f-a04f-2187db65a90d is also given SELECT.
As a python example, this is how you would create a source with preset access control:
import requests
url = "http://localhost:9047/api/v3/catalog/"
payload = {
"entityType": "source",
"config": {
"accessKey": "",
"secure": False,
"externalBucketList": ["samples.dremio.com"],
"rootPath": "/",
"credentialType": "NONE",
"enableAsync": True,
"compatibilityMode": False,
"isCachingEnabled": True,
"maxCacheSpacePct": 100,
"requesterPays": False,
"enableFileStatusCheck": True
},
"type": "S3",
"name": "Samples",
"metadataPolicy": {
"authTTLMs": 60000,
"namesRefreshMs": 3600000,
"datasetRefreshAfterMs": 3600000,
"datasetExpireAfterMs": 10800000,
"datasetUpdateMode": "PREFETCH_QUERIED",
"deleteUnavailableDatasets": True,
"autoPromoteDatasets": False
},
"accelerationGracePeriodMs": 10800000,
"accelerationRefreshPeriodMs": 3600000,
"accelerationNeverExpire": False,
"accelerationNeverRefresh": True,
"allowCrossSourceSelection": False,
"disableMetadataValidityCheck": False,
"accessControlList": {
"users": [
{
"id": "132b3d19-7d2f-48aa-a909-f3fcc0e65421",
"permissions": ["SELECT", "ALTER"]
}
],
"roles": [
{
"id": "883e023f-b067-4f7f-a04f-2187db65a90d",
"permissions": ["SELECT"]
}
]
}
}
headers = {
"Authorization": "insert your auth token",
"Content-Type": "application/json"
}
response = requests.request("POST", url, json=payload, headers=headers)
print(response.text)