Trusted Attribute PDP Filters That Allow "Contains" Logic

It is a manual and time consuming process to manage personalized data permissions (PDPs) today, especially if you have multiple data sets and a large organization.

That doesn't have to be the case.

The end-to-end process of adding data permissions could be almost 100% automated with one small change to the current setup of PDPs.


1) Build an entitlements table leveraging your employee hierarchy or something like your territory hierarchy from Salesforce. This table would have some ID that connects into your data with all people allowed to see a row of data. You could then join this table with every table that requires PDPs to be applied

2) On the data set, filter by Trusted Attribute and select the De-Duped column and the Email attribute


Unfortunately, the filter is set to EQUAL TO instead of CONTAINS, meaning you can't do this

3) Add a dynamic group to the policy row containing all Domo users. Only those who are listed in the De-Duped Email List column will have the ability to see data


Update the filter logic for Trusted Attributes on PDPs to CONTAINS instead of EQUAL TO (or, make it an option to toggle between).

6 votes

Active · Last Updated