Help Center
Training
Knowledge Base
Community
Developers
Support

PDP Policy Autocreation

Domo University
  • Updated
Follow

Intro

This utility automates the creation of PDP policies.

Prerequisites

You will need the following to use the PDP utility:

  • Access Token with access to the customer instance and DataSets.
  • The name or ID of the ‘config’ DataSet. This is the DataSet that contains the values to create the polices. This is typically a user email and values.
    • The user name or group name. Multiples are separated by the pipe ‘|’ character.
    • The comparison ‘value’ in a policy, separated each value with the pipe ‘|’ character.
    • Currently only the ‘Equals’ operator is supported.
  • If you want email notifications on successes & errors, place a properties file in the same directory as the jar.
    • email.properties
      • user=user.name@host.com
      • host=smtp.comcast.com
    • application.properties
      • This file is auto-generated on a successful login. Once you have logged in successfully, you can run the utility headless.

Configuration DataSet

The following is an example of the configuration DataSet.

Note: It is very important to order this DataSet by the `target_ds` column and then the `policy_name` column. This will ensure all the actions happen on the same DataSet and the same policy.
Important: Your configuration DataSet schema should match exactly what is described below.
    • target_ds – The name or ID of the DataSet where you want to create the policies.
    • policy_name – The human readable policy name.
    • delete_options
      • All – Delete all existing PDP policies before creating any new ones.
      • Matches – Only delete the PDP policies that match by name.
      • None – Do not delete any of the existing PDP policies.
      • Update – Update the PDP policies that match by name, create new PDP policies that are not in the existing list & delete any orphaned policies.
    • policy_column – The column name that the filter will be created on.
    • user_group – The user name or group name. Multiples are separated by the pipe ‘|’ character.
    • value – The value in the filter. Multiples are separated by the pipe ‘|’ character.

PDP_Configuration.png

To add multiple filters, set the ‘policy_name’ & ‘user_group’ to the same values. Pink highlight.

The utility supports multiple target DataSet in the ‘target_ds’ column. Red & Green highlights.

To add users/groups to the ‘default’ policy set the ‘policy_column’ & ‘value’ to “All Rows". Purple highlight.

Running the PDP Utility

The PDP Utility can be run in one of two modes: standalone GUI or Command Line.

Standalone GUI

This is a wizard like interface that will walk you through the creation of the PDP Policies. Double click the PDP.jar or execute from the command line with no params.

java -Xmx1024m -jar PDP_2.0.jar

Command Line

This is a headless utility that can be scripted. Once you have logged in successfully, you can run the utility headless.

java -Xmx1024m -jar PDP_2.0.jar <domain> <config_ds>

<domain> : The customer instance
<config_ds> : The name or ID of the ‘config’ dataset. This is the dataset that contains the key value pairs to create the polices. This is typically a user email and a value.

Related articles

Comments

0 comments

Please sign in to leave a comment.