Domo Administration approach

Olga

Hi all,

we have been using Domo for 3 years and struggle a lot with the administration functionality. We are very much behind the idea of having one source of truth for everyone in the company.

But between PDP, dataset sharing, groups, publication groups, card and page sharing as well as roles, we haven't found a good way of setting permissions and giving people access to the right functionality.

One of our main struggles for example is having users who can edit their content, but not content that was shared with them. 

Also when we try to give users access to some admin level functionality (because they can't do their job otherwise) - they end up seeing all the content in Domo and this leads to them being able to search any content and ask tons of questions about other people's cards and not knowing which content to use.

Also phasing out content has been a hot topic for us  since we accumulated a lot of outdated cards over the years and those popup in search as well.

 

I am curious if somebody can share some best practice solutions from their experience of how they used these different permission instruments in their organisation. 

Thanks!

AS

We're going on 4 years now and have had both success and struggles with the same.

As far as sharing content goes, we've moved almost exclusively to PDPs and away from publication groups. The consistency helps on an organization level, and it's more secure. The challenge is making sure policies are consistent across datasets. 

We're also using custom security roles, which I believe may still be beta. It definitely helps for those "in between" users. With custom roles you can also push some of the PDP administration down to the department level, where they're usually more familiar with who should have access to what.

We also use groups to help determine page and PDP access. Add a person to the group, the group has access to pages and PDPs in various places. With one user group grant, access propogates across the entire instance. Even if the group only has a few members, adding one person to a group and being done sure beats adding a single person to all sorts of pages and datasets individually. Additionally, we use an external PDP tool to manage the data and push policies up to Domo.  This was a tool Domo put together and is available upon request.

Phasing out content is a very deliberate task. A good project manager helps in situations like this.  We recently overhauled an entire department's data and page structure. Like a software release, there was a project with the details, as well as a communication plan for affected users. Old cards, pages, and datasets were marked for deletion and at the appointed time, were removed.  There were some surprises, but careful planning make it successful.

The keys to it all are communication and planning.  Hope that helps!

Nick_Bertz

Hello,

 

We maintain our user hierarchy as follows: 92% are Participants, 7% are editors, 1% are Admins.

 

We make sure to use 'Locking' on all cards and pages.  This helps to ensure that non-owners cannot modify others work once it is shared. 

 

Admins of course can do everything, but our admins are true administrators who have a background in SDLC and datamodeling etc.

 

Our select 'Editors' are highly trained and capable in data models and systems, so they create and own a majority of content that is shared.

 

Editors and admins create and own the majority of shared content, and we don't have problems with anyone stepping on anyone else's toes.

 

I hope that helps ?