Set up Dremio

Configure your Dremio instance to enable Atlan to connect and crawl your data lakehouse assets. This guide covers creating roles and users, granting permissions, and setting up authentication.

Prerequisites

Before you begin, make sure you have:

• Admin access to your Dremio instance
• Dremio version 4.0 or later with REST API enabled (required for the Atlan connector to function properly)
• Valid SSL certificate configured on your Dremio instance (required for HTTPS connections)
• Network connectivity from Atlan to your Dremio instance:
  • Host: Your Dremio server hostname or IP address

Create role and grant permissions

Create a dedicated role for Atlan and grant it the necessary permissions to access Spaces, Sources, and system tables.

1. Create role in Dremio:

CREATE ROLE atlan_user_role;

2. Grant SELECT privileges on spaces:

GRANT SELECT ON ALL DATASETS IN SPACE "<space-name>" TO ROLE atlan_user_role;

• Replace <space-name> with the name of each Space you want to crawl.
• Repeat this command for each Space containing datasets you want to crawl in Atlan.

3. Grant SELECT privileges on sources:

GRANT SELECT ON ALL DATASETS IN SOURCE "<source-name>" TO ROLE atlan_user_role;

• Replace <source-name> with the name of each Source you want to crawl.
• Repeat this command for each Source containing datasets you want to crawl in Atlan.

4. Grant SELECT privileges on system tables:

GRANT SELECT ON TABLE SYS.VIEWS TO ROLE atlan_user_role;
GRANT SELECT ON TABLE SYS."TABLES" TO ROLE atlan_user_role;
GRANT SELECT ON TABLE SYS.USERS TO ROLE atlan_user_role;
GRANT SELECT ON TABLE SYS.ROLES TO ROLE atlan_user_role;

These system table privileges enable the connector to:

• Extract view metadata from SYS.VIEWS
• Extract table metadata from SYS."TABLES" (quoted because TABLES is a reserved word)
• Retrieve user information from SYS.USERS
• Retrieve role information from SYS.ROLES

Create user and grant role

Create a service account user and assign it the role you created earlier.

1. Create user with password:

CREATE USER atlan_user WITH PASSWORD '<password>';

• Replace <password> with a strong password for the service account.
• This method is suitable for development and testing environments.
• For enhanced security in production environments, you can create a Personal Access Token after creating the user. See the Choose authentication method section below for instructions.

2. Grant role to user:

GRANT ROLE atlan_user_role TO USER atlan_user;

Enable REST API access

Enable REST API access in Dremio so Atlan can connect via the API.

Navigate to Admin → Advanced → Security and enable REST API access:

• Check Enable REST API
• Set REST API Port to 443 (Dremio Cloud) or 9047 (Dremio on-premises)

Choose authentication method

Dremio supports multiple authentication methods for API access. Choose the method that best fits your security requirements:

Username/Password

Basic Authentication - Use the service account credentials directly.

1. In Dremio, navigate to Admin → Users → atlan_user
2. Verify the user account is active and has the atlan_user_role assigned
3. Use the atlan_user username and password created earlier
4. This method is suitable for development and testing environments

Personal Access Token (PAT)

Token-based Authentication - Use a Personal Access Token for enhanced security.

1. In Dremio, navigate to Admin → Users → atlan_user → Personal Access Tokens
2. Click Create Token
3. Provide a descriptive name (for example, "Atlan Connector Token")
4. Set an appropriate expiration date
5. Copy and securely store the generated token
6. Use the token instead of the password when configuring the connector in Atlan
7. This method is recommended for production environments

Next steps

• Crawl Dremio assets: Configure and run the crawler to extract metadata from Dremio