Can I restrict the datasets that are available to end users accessing Domo via API?

Joe_M · December 2023

Good evening,

I have end users looking to access our data in Domo via API. At the same time, I want to restrict which datasets they have access to. I thought I'd solved this by creating DataSet Views, restricted to the user's particular slice of data (for example, there's a column called "user name" and I filter the dataset view so that "user name" equals the user in question) and then providing the users with that dataset views ID, thinking they could just query that.

Instead, it's given end users visibility into EVERY dataset EXCEPT the DataSet Views I'd created.

Any thoughts on why this might be and more, any potential solutions? At the moment it feels like I'll have to apply PDP policies to every data set to restrict access hopefully but I'm not even sure that would work.

GrantSmith · December 2023

The Domo API is authenticated as the user who creates the dataset. So if you created the Client ID and Secret, then it's emulating your user with your permissions. You'd need to create separate Client IDs and Secrets for other users with restricted access to certain datasets to allow them to only see what they would have access to.

Joe_M · December 2023

While I (admin) created the datasets, I dd not create the Client ID and Secret. The end user (participant level) did. Which makes it even weirder.

ellibot · December 2023

@Joe_M if the end-user created the Client ID and Secret, Domo should enforce PDP and access based on their user. So if they only have access to a few datasets, they'll only be able to access those datasets via API. I would also recommend doing some testing with a fake user that has limited access.

Can I restrict the datasets that are available to end users accessing Domo via API?

Answers

Categories