View as user or view as role

JasonAltenburg
JasonAltenburg Contributor
edited August 21 in Domo Developer Ideas

As an Admin / Major Domo

I want to view my Domo Instance from the perspective of a selected user or role

In order to ensure their experience aligns with what is expected. (Dashboards, cards, pages, features, etc. that they should see are there, and those they should not see are not visible.)

73
Up
73 votes

In Review · Last Updated

We are evaluating the set of tasks that would be enabled by 'view as' to determine the right approach.

Comments

  • MichelleH
    MichelleH Coach

    This is a great idea! This would be helpful for validating PDP policies

  • Stefano
    Stefano Member

    OMG… yes, that would be huge. I would even ask to take it a step further and as an admin be able to mirror or impersonate an individual user.

  • thampton10
    thampton10 Member

    This would be a great addition - my IT team has been in contact with Domo regarding this same feature.

  • reydeler
    reydeler Member

    This feature is extremely important to the successful adoption of Domo within our company. It would provide the ability to validate our security policies, greatly reduce the time spent trouble-shooting access related issues, and improve the user's overall experience.

  • Omaurya
    Omaurya Member

    Great idea. This will make content creator's life so much easier when they know what their user would see.

  • DomoDork
    DomoDork Contributor

    I'm working through PDP automation as a new customer and this is exactly what I struggle with. Since I can't impersonate other users as Admin, it's extremely difficult to verify and audit that PDP is working as expected. This would be HUGE and very much needed.

  • user078903
    user078903 Member

    100%.

    Trust and a more positive user experience will come from our Dev team being able to catch authorization issues. Whether that’s seeing if PDP works correctly to have card/page access set correctly.

  • TheLookout
    TheLookout Contributor

    DomoSupport can already do this. Making it available to customers would be fantastic.

  • arashhemmasian_2023
    arashhemmasian_2023 Member

    I need this. has this updated yet?

  • TheLookout
    TheLookout Contributor

    @arashhemmasian_2023 as of yet, no.

  • swagner
    swagner Contributor

    @JasonAltenburg great idea! I have a [email protected] account I use for this specific thing, but it's limited. Would be so much better if we could do as you describe.

  • ColemenWilson
    ColemenWilson Coach

    This would be huge for us. We have tried to do as @swagner recommended but it is limited and time consuming.

    If I solved your problem, please select "yes" above

  • elena_jones
    elena_jones Member

    This would be great!!!. What I do know is to create a temporary password and log in to see how the user's dashboard is looking.

  • Ritwik
    Ritwik Member

    +1

  • JordanJensen
    JordanJensen Admin
    edited November 8

    Our initial investigations on impersonating a user generated a few feasibility questions related to security risks from allowing someone to impersonate someone else and possibly take actions as a proxy. Impersonating a user bypasses the access controls and policies applied to the user who is impersonating and we need additional research on viable options. To help us find the right long term and potential short term workarounds, can you all help me confirm the below 'jobs to be done' that we should be solving?

    • Governance / Access Control
      • validating PDP
      • validating access/security policies
      • troubleshooting access related issues
      • validate data sharing methods
    • User Experience
      • validating user experience aligns with what is expected
      • understand current experience of user and what they see
      • discovery to improve user overall experience

  • JasonAltenburg
    JasonAltenburg Contributor

    @JordanJensen Those jobs all look correct to me.

    The security aspect is a fair note. I think in this regard, the key word is View. I would think that in the view as experience, you would have READ access to cards and dashboards, no create update or delete privileges as the other user. Possibly a blend of restrictions could be considered where the MOST restrictive of the two users policies would take effect. I think this would be a Superuser / Instance Admin type of grant to be able to use such a tool.

    I think in my experience as Majordomo, I was looking for what falls under the User Experience bullets.

  • ColemenWilson
    ColemenWilson Coach

    As a Domo admin I can see everything anyway so I am not sure why it would be a security issue. Agree with @JasonAltenburg that it should be a grant related to the admin role.

    If I solved your problem, please select "yes" above

  • JordanJensen
    JordanJensen Admin

    @ColemenWilson I apologize for any confusion. The security concern was not related to being able to see everything as to your point, you can see that as an admin. It was the concern with you taking action as another user. We will need to ensure we engineer the ability to track when you took an action as a user you are impersonating.

    @JasonAltenburg I think I am following. Your suggestion of 'Possibly a blend of restrictions could be considered where the MOST restrictive of the two users policies would take effect' is interesting and am wondering what impact that would have on your ability to validate their experience. Is there any value in making setting up a dummy user like '[email protected]' easier? Or, do you need to validate the experience as a real user?

  • ColemenWilson
    ColemenWilson Coach

    Oh no, that would not be secure at all. All we are looking for is a view as user or view as role - "view" being the key word.

    If I solved your problem, please select "yes" above

Categories