Documentation

API Data Connection

Create Personalized Data Permissions (PDP)

Personalized Data Permissions (PDP) allow you to create a customized experience for each Domo user through the definition of Entitlement Policies. Using Entitlement Policies, you can filter data in a DataSet for specified users and/or groups. In other words, the same DataSet can have a card displayed to three different users and display a filtered visual of information based on the user viewing the cards.

PDP policies are applied almost anywhere in Domo that data from this DataSet is used, including the following:

  • Cards. If a KPI or Sumo card is powered by a DataSet with PDP policies applied, affected users and groups see only data in the card that applies to them.
  • Alerts. An alert’s PDP policies filter the alert data and control which users can subscribe.

You cannot add input DataSets to a DataFlow if you are restricted by PDP policies; however, you can add policies to the output DataSets generated by the DataFlow.

If you share PDP-affected cards with users who aren’t members of the PDP policy, they cannot see the content. However, they can click a button on the card to request that they be added to the policy.

 

Creating a Personalized Data Permission (PDP) policy

In order to create a personalized data permission policy you will need to have both the dataset_id of the dataset that you would like to apply a filter as well as the user_ids or group_ids that will have access applied.

Once you have a dataset_id and either auser_id or group_id, choose filter.columns within the DataSet to apply filters. Each filter will need a filter.value and a filter.operator as seen in the example below.

Sample Request

See it in your language

See this sample request in Java, Python.
POST https://api.domo.com/v1/datasets/4405ff58-1957-45f0-82bd-914d989a3ea3/policies
Content-Type: application/json
Accept: application/json
Authorization: bearer <your-valid-oauth-access-token>

{
  "name": "Only Show Attendees",
  "filters": [ {
    "column": "Attending",
    "values": [ "TRUE" ],
    "operator": "EQUALS"
  } ],
  "users": [ 27 ]
}

Domo will return a subset of the DataSet object specific to the data permission policy.

Sample Response

HTTP/1.1 201 Created
Content-Type: application/json

{
  "id" : 8,
  "type": "user",
  "name": "Only Show Attendees",
  "filters": [ {
    "column": "Attending",
    "values": [ "TRUE" ],
    "operator": "EQUALS",
    "not": false
  } ],
  "users": [ 27 ],
  "groups": [ ]
}

Listing all PDP policies applied to a DataSet

It is useful to see what existing permission policies have already been applied to the DataSet.  This information can be used as a reference to mirror similar group or user access when creating new policies with other DataSets. 

The dataset_id is required to retrieve all of a Dataset's policies as seen below.

Sample Request

See it in your language

See this sample request in Java, Python.
GET https://api.domo.com/v1/datasets/4405ff58-1957-45f0-82bd-914d989a3ea3/policies
Accept: application/json
Authorization: bearer <your-valid-oauth-access-token>

Domo will return all PDP policies that are applied to the DataSet specified in request.

HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 234

[ {
  "id" : 8,
  "type" : "user",
  "name" : "Only Show Attendees",
  "filters" : [ {
    "column" : "Attending",
    "values" : [ "TRUE" ],
    "operator" : "EQUALS",
    "not" : false
  } ],
  "users" : [ 27 ],
  "groups" : [ ]
} ]

Updating a PDP policy

Because users and groups change so frequently in addition to data, programmatically updating a DataSet policy can ensure better accuracy and timeliness when managing access rights to sensitive data.

In order to update a DataSet Personalized Data Permission (PDP), you will need both the dataset_id and the policy_id.

Sample Request

See it in your language

See this sample request in Java, Python.
PUT https://api.domo.com/v1/datasets/4405ff58-1957-45f0-82bd-914d989a3ea3/policies/8
Content-Type: application/json
Accept: application/json
Authorization: bearer <your-valid-oauth-access-token>

{
  "name" : "Not Attending",
  "filters" : [ {
    "column" : "Attending",
    "values" : [ "TRUE" ],
    "operator" : "EQUALS",
    "not" : true
  } ]
}

Domo will return a subset of the DataSet object specific to the data permission policy.

HTTP/1.1 200 OK
Content-Type: application/json;charset=UTF-8

{
  "id" : 8,
  "type" : "user",
  "name" : "Not Attending",
  "filters" : [ {
    "column" : "Attending",
    "values" : [ "TRUE" ],
    "operator" : "EQUALS",
    "not" : true
  } ],
  "users" : [ 27 ],
  "groups" : [ ]
}

Next steps

Congrats!  You’ve learned how to manage data permissions in Domo with Personalized Data Permission (PDP) policies. Learn about other ways you can leverage the DataSet API:

DataSet Quickstart

Import and Export Data

Manage DataSets

DataSet API Reference

Have additional questions?

No problem, we'd love to help. Explore our documentation, answers to frequently asked questions, or join other developers in Domo's Developer Forum.  For further help, feel free to email us or contact our sales team.