Using the API to manage Users and PDP Policies
Use Case:
We needed to be able to give access to a large number of users, each of whom needs access to a small part of a dataset. PDP policies allow us to give appropriate access, but it would be a large manual undertaking to build and maintain these policies.
Solution:
Create a script that uses API endpoints to automate the creation of users and PDP policies as defined in a Domo dataset.
For this solution we interact with two Domo datasets:
- Card Data - The actual data used to build cards. PDP policies will be applied to this dataset.
- Policy Definitions - A dataset containing records that define to what data a user should have access.
It isn't important what methods are used to get these datasets into Domo. Once they are there, we can use API calls to interact with them as necessary.
The process looked like this:
- Authenticate with Domo using Client ID and Client Secret. Store Access token for use in subsequent calls. This is done for each scope needed (user, data)
- POST https://api.domo.com/oauth/token
- Developer documentation: https://developer.domo.com/docs/domo-apis/authentication#Obtaining%20an%20Access%20Token
- Retrieve list of existing Domo users
- GET https://api.domo.com/v1/users
- Developer documentation: https://developer.domo.com/docs/domo-apis/users#API%20-%20List%20Users
- Retrieve Policy Definitions from Policy Definitions dataset in Domo
- GET https://api.domo.com/v1/datasets/[Policy Definitions dataSetID]
- Developer documentation: https://developer.domo.com/docs/domo-apis/data#API%20-%20Export%20Data
- Compare users referenced in Policy Definitions to existing users.
- Add users in Policy Definitions that aren't in existing users.
- POST https://api.domo.com/v1/users
- Developer documentation: https://developer.domo.com/docs/domo-apis/users#API%20-%20List%20Users
- Retrieve updated list of Domo users in order to have IDs for all users reference in PDP policies
- GET https://api.domo.com/v1/users
- Developer documentation: https://developer.domo.com/docs/domo-apis/users#API%20-%20List%20Users
- Retrieve list of PDP policies for Card Data dataset
- GET https://api.domo.com/v1/datasets/[Card Data dataSetID]/policies
- Developer documentation: https://developer.domo.com/docs/domo-apis/data#API%20-%20List%20Personalized%20Data%20Policies%20(PDP)
- Compare policies in Policy Definitions to existing policies
- Add PDP policies that aren't in existing policies
- POST https://api.domo.com/v1/datasets/[Card Data dataSetID]/policies
- Developer documentation: https://developer.domo.com/docs/domo-apis/data#API%20-%20List%20Personalized%20Data%20Policies%20(PDP)
- Update existing policies in case the definition has changed
- PUT https://api.domo.com/v1/datasets/[Card Data dataSetID]/policies
- Developer documentation: https://developer.domo.com/docs/domo-apis/data#API%20-%20List%20Personalized%20Data%20Policies%20(PDP)
The resulting script can then be run whenever there is a need to synchronize users and PDP policies in Domo with the Policy Definitions.
Categories
- All Categories
- 1.4K Product Ideas
- 1.4K Ideas Exchange
- 1.4K Connect
- 1.1K Connectors
- 278 Workbench
- 4 Cloud Amplifier
- 4 Federated
- 2.7K Transform
- 89 SQL DataFlows
- 557 Datasets
- 2K Magic ETL
- 3.3K Visualize
- 2.3K Charting
- 571 Beast Mode
- 11 App Studio
- 28 Variables
- 579 Automate
- 141 Apps
- 414 APIs & Domo Developer
- 23 Workflows
- 1 DomoAI
- 28 Predict
- 12 Jupyter Workspaces
- 16 R & Python Tiles
- 352 Distribute
- 92 Domo Everywhere
- 258 Scheduled Reports
- 2 Software Integrations
- 92 Manage
- 89 Governance & Security
- 9 Product Release Questions
- Community Forums
- 42 Getting Started
- 28 Community Member Introductions
- 88 Community Announcements
- 4.8K Archive