Security rights inheritance

1

I understand the logic of rights inheritance, and that changes to security rights for a source are not propagated down after being initially created. However, this is presenting a challenge for us.

For example, I create a new data source to an Oracle database, and on the Sharing tab I select “Specific users” with my own ID. I save it, then go back in and add other users or groups to Sharing. However, those other users won’t see any tables in the data source, unless I force a metadata reload by changing some connection parameters.

My questions are: am I approaching this the right way? Or how else can be ensure that the access rights that we see at the top level are propagated down? And, what is the purpose of a one-time initial copy of top-level rights to the lower-level tables? If access to the top-level data source is needed in order to access the tables, then why not see the access on all tables to “All users”? I suppose I could force this by initially creating the data source with security set to “All users”, let that propagate down to tables, then change the data source security to specific users, but that seems hack-ish.

2

Hi @Joe,

Right now, the “propagate down” inheritance model is not supported. As you’ve noticed, when you change the set of top-level owners of a path element those changes are not propagated down to the the child elements. This is more secure, but many users find it cumbersome, because you have to manually change permissions on the directory structure or script something with the API. So you are not missing anything here.

However, I believe Dremio will be changing this model in the near future so you’ll have the option to have the inheritance you describe. If/when this changes, we’ll do our best to alert people of Community of the release.

3

Thank you for the explanation, Ben.

Do you have any scripts that you can share with me that would do the propagation?