API POST PDP Creation - Managed Attribute

DK2
DK2 Member
in APIs & Domo Developer

Hey Everyone,

I am having a hard time creating a PDP policy on a managed attribute.

Expected Result:
I create a managed attribute PDP policy where a user's department' must match the department listed in a dataset.

Actual Result:

I create a simple file PDP policy that is filtering the column for the string, "domo.policy.managed_user_department".

I am using R for this, so the syntax looks like the following on the body of my POST. What am I doing wrong?

image.png


image.png
Tagged:

Best Answer

  • brycec
    brycec Contributor
    Answer ✓

    This might be helpful though. The R SDK has the file pdp_create.Rd:

    \name{pdp_create}
    
\alias{pdp_create}
    
\title{Create a new PDP policy}
    
\usage{
    
pdp_create(ds, policy_def)
    
}
    
\arguments{
    
\item{ds}{Data set id from Domo.}

    
\item{policy_def}{List object with parameters as given in documentation.}
    
}
    
\value{
    
List with all policy properties plus the id assigned by Domo.
    
}
    
\description{
    
This function creates a new PDP policy on the given data set. The PDP policy is constructed as a list object and the function will convert that list to a JSON string before creating the policy.
    
}
    
\references{
    
API Documentation: \url{https://developer.domo.com/docs/dataset-api-reference/dataset#Create\%20a\%20Personalized\%20Data\%20Permission\%20(PDP)\%20policy}
    
}

    Was this comment helpful? Click Agree or Like below.
    Did this comment solve your problem? Accept it as the solution!

Answers

  • brycec
    brycec Contributor

    Not exactly sure, because I ever use R. But the object keys are almost identical to using the Product API endpoint https://<your_instance>.domo.com/api/query/v1/data-control/<dataset_id>/filter-groups. For that, a "type" key is used with a value of "DYNAMIC" to achieve the result you are looking for. I'd trying adding and messing around with that, as it seems the missing declaration of Access Type is what is causing the API call to default to the default of Simple Filter.

    Was this comment helpful? Click Agree or Like below.
    Did this comment solve your problem? Accept it as the solution!

  • DK2
    DK2 Member

    @brycec I had a feeling something like that was needed, but I couldn't find any documentation on it. My first few tries haven't worked (they still make the PDP policy, but remain a simple filter).

    Any chance you could screenshot or paste the code to what one of your dynamic PDP filters looks like?

  • brycec
    brycec Contributor

    Probably won't be much help, since it is not the SDK and you already tried just adding "type", but here it is as cURL generated from my HTTP Postman request:

    curl --location 'https://<instance>.domo.com/api/query/v1/data-control/<datasetIid>/filter-groups' \
    
--data '{
    
    "name": "Pod Owners",
    
    "dataSourceId": "<datasetIid>",
    
    "userIds": [],
    
    "virtualUserIds": [],
    
    "groupIds": [
    
        "<group_id>"
    
    ],
    
    "dataSourcePermissions": false,
    
    "parameters": [
    
        {
    
            "type": "DYNAMIC",
    
            "name": "Pod Owner ID",
    
            "values": [
    
                "domo.policy.managed_employee_id"
    
            ],
    
            "operator": "EQUALS",
    
            "ignoreCase": false
    
        }
    
    ]
    
}'

    Was this comment helpful? Click Agree or Like below.
    Did this comment solve your problem? Accept it as the solution!

  • brycec
    brycec Contributor
    Answer ✓

    This might be helpful though. The R SDK has the file pdp_create.Rd:

    \name{pdp_create}
    
\alias{pdp_create}
    
\title{Create a new PDP policy}
    
\usage{
    
pdp_create(ds, policy_def)
    
}
    
\arguments{
    
\item{ds}{Data set id from Domo.}

    
\item{policy_def}{List object with parameters as given in documentation.}
    
}
    
\value{
    
List with all policy properties plus the id assigned by Domo.
    
}
    
\description{
    
This function creates a new PDP policy on the given data set. The PDP policy is constructed as a list object and the function will convert that list to a JSON string before creating the policy.
    
}
    
\references{
    
API Documentation: \url{https://developer.domo.com/docs/dataset-api-reference/dataset#Create\%20a\%20Personalized\%20Data\%20Permission\%20(PDP)\%20policy}
    
}

    Was this comment helpful? Click Agree or Like below.
    Did this comment solve your problem? Accept it as the solution!

  • DK2
    DK2 Member

    I appreciate you passing along this information @brycec. I have seen that documentation as well unfortunately it is too vague, at least for me, regarding managed user roles. For example, it doesn't describe what should be a system vs. user type policy.

    When I manually set up a PDP policy the way that I want to and then GET the PDP policy it says the type = user and the value is what I have listed.

  • DK2
    DK2 Member

    @brycec, your help got me on the right track and I was able to figure it out. The managed user PDP policies are not supported by Domo. So the 'secret' API call that you reference is the way to go and I was able to put in place a solution.

    I very much appreciate your help!

Categories