Using the API to manage Users and PDP Policies
Use Case:
We needed to be able to give access to a large number of users, each of whom needs access to a small part of a dataset. PDP policies allow us to give appropriate access, but it would be a large manual undertaking to build and maintain these policies.
Solution:
Create a script that uses API endpoints to automate the creation of users and PDP policies as defined in a Domo dataset.
For this solution we interact with two Domo datasets:
- Card Data - The actual data used to build cards. PDP policies will be applied to this dataset.
- Policy Definitions - A dataset containing records that define to what data a user should have access.
It isn't important what methods are used to get these datasets into Domo. Once they are there, we can use API calls to interact with them as necessary.
The process looked like this:
- Authenticate with Domo using Client ID and Client Secret. Store Access token for use in subsequent calls. This is done for each scope needed (user, data)
- POST https://api.domo.com/oauth/token
- Developer documentation: https://developer.domo.com/docs/domo-apis/authentication#Obtaining%20an%20Access%20Token
- Retrieve list of existing Domo users
- GET https://api.domo.com/v1/users
- Developer documentation: https://developer.domo.com/docs/domo-apis/users#API%20-%20List%20Users
- Retrieve Policy Definitions from Policy Definitions dataset in Domo
- GET https://api.domo.com/v1/datasets/[Policy Definitions dataSetID]
- Developer documentation: https://developer.domo.com/docs/domo-apis/data#API%20-%20Export%20Data
- Compare users referenced in Policy Definitions to existing users.
- Add users in Policy Definitions that aren't in existing users.
- POST https://api.domo.com/v1/users
- Developer documentation: https://developer.domo.com/docs/domo-apis/users#API%20-%20List%20Users
- Retrieve updated list of Domo users in order to have IDs for all users reference in PDP policies
- GET https://api.domo.com/v1/users
- Developer documentation: https://developer.domo.com/docs/domo-apis/users#API%20-%20List%20Users
- Retrieve list of PDP policies for Card Data dataset
- GET https://api.domo.com/v1/datasets/[Card Data dataSetID]/policies
- Developer documentation: https://developer.domo.com/docs/domo-apis/data#API%20-%20List%20Personalized%20Data%20Policies%20(PDP)
- Compare policies in Policy Definitions to existing policies
- Add PDP policies that aren't in existing policies
- POST https://api.domo.com/v1/datasets/[Card Data dataSetID]/policies
- Developer documentation: https://developer.domo.com/docs/domo-apis/data#API%20-%20List%20Personalized%20Data%20Policies%20(PDP)
- Update existing policies in case the definition has changed
- PUT https://api.domo.com/v1/datasets/[Card Data dataSetID]/policies
- Developer documentation: https://developer.domo.com/docs/domo-apis/data#API%20-%20List%20Personalized%20Data%20Policies%20(PDP)
The resulting script can then be run whenever there is a need to synchronize users and PDP policies in Domo with the Policy Definitions.
Categories
- All Categories
- 1.8K Product Ideas
- 1.8K Ideas Exchange
- 1.6K Connect
- 1.2K Connectors
- 300 Workbench
- 6 Cloud Amplifier
- 9 Federated
- 2.9K Transform
- 102 SQL DataFlows
- 626 Datasets
- 2.2K Magic ETL
- 3.9K Visualize
- 2.5K Charting
- 754 Beast Mode
- 61 App Studio
- 41 Variables
- 693 Automate
- 178 Apps
- 456 APIs & Domo Developer
- 49 Workflows
- 10 DomoAI
- 38 Predict
- 16 Jupyter Workspaces
- 22 R & Python Tiles
- 398 Distribute
- 115 Domo Everywhere
- 276 Scheduled Reports
- 7 Software Integrations
- 130 Manage
- 127 Governance & Security
- 8 Domo Community Gallery
- 38 Product Releases
- 11 Domo University
- 5.4K Community Forums
- 40 Getting Started
- 30 Community Member Introductions
- 110 Community Announcements
- 4.8K Archive