Skip to content

Creating and Managing Principals in Dremio Connector

This section describes how to create and manage principals in Dremio.

The Dremio Connector allows you to create and manage principals in Dremio. Principals are users, groups and roles in the Dremio that can be granted permissions to access resources in the Dremio. This feature is optional and can be configured to manage only users, only groups, only roles or all three types of principals in the Dremio.

Setup

The default setting for creating and managing principals in Dremio is false. However, it is recommended to explicitly set this property to either true or false in the connector configuration file. Explicit configuration ensures consistent connector behavior, even if the default value changes in future releases. This setting controls whether the Privacera Dremio connector is permitted to create users and groups in Dremio.

  • Set the value to true to allow the connector to create the corresponding principal if it does not already exist.

By default, principal names are converted to lowercase when they are created. However, there are configuration options available to retain the original case of the principal names if required.

  • When case sensitivity is retained (true): Principal names (users, groups, roles) are stored and managed exactly as provided, preserving the original casing—including both uppercase and lowercase letters.

  • When case sensitivity is not retained (false, default behavior): Principal names are automatically converted to lowercase in Dremio.

  1. SSH to the instance where Privacera Manager is installed.

  2. Run the following command to open the .yml file to be edited.

    If you have multiple connectors, then replace instance1 with the appropriate connector instance name.

    Bash
    1
    vi ~/privacera/privacera-manager/config/custom-vars/connectors/dremio/instance1/vars.connector.dremio.yml

  3. Configure the following properties to enable PolicySync to create a Dremio user and a corresponding user role for each user retrieved from the portal: user fetched from the portal:

    YAML
    1
2
    CONNECTOR_DREMIO_CREATE_USER: "true"
CONNECTOR_DREMIO_CREATE_USER_ROLE: "true"

  4. Set the following properties to set a password for each new Dremio user created by the Connector, and to set a corresponding user role for every user fetched from the portal:

    YAML
    1
    CONNECTOR_DREMIO_DEFAULT_USER_PASSWORD: "StrongPassword"

  5. To customize the role name prefix, set the following properties:

    YAML
    1
2
3
    CONNECTOR_DREMIO_USER_ROLE_PREFIX: "priv_user_dev"
CONNECTOR_DREMIO_GROUP_ROLE_PREFIX: "priv_group_dev"
CONNECTOR_DREMIO_ROLE_ROLE_PREFIX: "priv_role_dev"

  6. To retain the case of the principal names, set the following properties:

    YAML
    1
2
3
    CONNECTOR_DREMIO_USER_NAME_PERSIST_CASE_SENSITIVITY: "true"
CONNECTOR_DREMIO_GROUP_NAME_PERSIST_CASE_SENSITIVITY: "true"
CONNECTOR_DREMIO_ROLE_NAME_PERSIST_CASE_SENSITIVITY: "true"

  7. Once the properties are configured, run the following commands to update your Privacera Manager platform instance:

    Step 1 - Setup which generates the helm charts. This step usually takes few minutes.

    Bash
    1
2
    cd ~/privacera/privacera-manager
./privacera-manager.sh setup
    Step 2 - Apply the Privacera Manager helm charts.
    Bash
    1
2
    cd ~/privacera/privacera-manager
./pm_with_helm.sh upgrade
    Step 3 - Post-installation step which generates Plugin tar ball, updates Route 53 DNS and so on.

    Bash
    1
2
    cd ~/privacera/privacera-manager
./privacera-manager.sh post-install

Comments