Hi,
when configuring an external token provider in Dremio, there is currently an option to define a User Claim Mapping. During authentication (for example, via Keycloak), the Dremio username is mapped to a specific JWT claim, and the user inherits the permissions associated with that Dremio user.
Why is there not a similar option in the external token provider Roles Claim Mapping that does the same but for roles. This would then map the configured JWT claim (e.g. roles) to Dremio roles, provided those roles already exist in Dremio.
That way you would not have to manage user permissions individually, that would be very helpful in conjunction with for example dremio-mcp where there is the potential for many users with very similar permissions.
Is there a reason this capability doesn’t exist yet, or are there recommended workarounds?