Using the API to manage Users and PDP Policies

Options
zcameron
zcameron Domo Employee

Use Case:

 

We needed to be able to give access to a large number of users, each of whom needs access to a small part of a dataset. PDP policies allow us to give appropriate access, but it would be a large manual undertaking to build and maintain these policies.

 

Solution:

 

Create a script that uses API endpoints to automate the creation of users and PDP policies as defined in a Domo dataset.

 

For this solution we interact with two Domo datasets:

 

  1. Card Data - The actual data used to build cards. PDP policies will be applied to this dataset.
  2. Policy Definitions - A dataset containing records that define to what data a user should have access.

 

It isn't important what methods are used to get these datasets into Domo. Once they are there, we can use API calls to interact with them as necessary.

 

 

 

The process looked like this:

 

  1. Authenticate with Domo using Client ID and Client Secret. Store Access token for use in subsequent calls. This is done for each scope needed (user, data)
  2. Retrieve list of existing Domo users
  3. Retrieve Policy Definitions from Policy Definitions dataset in Domo
  4. Compare users referenced in Policy Definitions to existing users. 
  5. Add users in Policy Definitions that aren't in existing users.
  6. Retrieve updated list of Domo users in order to have IDs for all users reference in PDP policies 
  7. Retrieve list of PDP policies for Card Data dataset
  8. Compare policies in Policy Definitions to existing policies
  9. Add PDP policies that aren't in existing policies
  10. Update existing policies in case the definition has changed

 

 

The resulting script can then be run whenever there is a need to synchronize users and PDP policies in Domo with the Policy Definitions.

This discussion has been closed.