Skip to main content
waffle.svg
Domo Knowledge Base

PDP Policy Autocreation

Intro

This utility automates the creation of PDP policies.

Prerequisites

You will need the following to use the PDP utility:

  • Access Token with access to the customer instance and data sources.

  • The name or ID of the "config" DataSet. This is the DataSet containing the values to create the policies. This typically consists of a user email address and values, as follows:

    • The user name or group name. Separate multiple names using the pipe (|) character.

    • The comparison value in a policy. Separate multiple values using the pipe (|) character.
       Currently only the "equals" operator is supported.  

  • The application.properties file, which is auto-generated upon a successful login. Once you have logged in, you can run the utility headless.

If you want email notifications on successes and errors, place a properties file in the same directory as the .jar file, as follows:

email.properties

  • user=user.name@host.com

  • host=smtp.comcast.com

Configuration Data Source

The following is an example of the configuration data source. Your configuration DataSet schema should match exactly what is described below. 

Important: Make sure you order the DataSet first by the "target_ds" column and then by the "policy_name" column. This will ensure that all the actions happen on the same DataSet and same policy. 
  • target_ds – The name or ID of the data source in which you want to create the policies.

  • policy_name – The human readable policy name.

  • delete_options 

    • All – Delete all existing PDP policies before creating any new ones.

    • Matches – Only delete the PDP policies that match by name.

    • None – Do not delete any of the existing PDP policies.

    • Update – Update the PDP policies that match by name, create new PDP policies that are not in the existing list, and delete any orphaned policies.

  • policy_column – The column name that the filter will be created on.

  • user_group – The user name or group name. Separate multiple names using the pipe (|) character.

  • value – The value in the filter. Separate multiple values using the pipe (|) character.

To add multiple filters, set the ‘policy_name’ & ‘user_group’ to the same values (shown in pink in the preceding screenshot).

The utility supports multiple target data sources in the 'target_ds' column (shown in red and green in the preceding screenshot).

To add users/groups to the ‘default’ policy set the ‘policy_column’ & ‘value’ to All Rows (shown in purple in the preceding screenshot).

Running the PDP Utility

The PDP Utility can be run in one of three modes: standalone GUI, Command Line or via a configuration file.

Standalone GUI

This is a wizard-like interface that walks you through the creation of the PDP Policies. Double-click the PDP.jar or execute from the command line with no parameters.

java -Xmx1024m -jar PDP_2.0.jar

Command Line

This is a headless utility that can be scripted. Once you have logged in once, you can run the utility headless.

java -Xmx1024m -jar PDP_2.0.jar <domain> <config_ds>

<domain> : The customer instance.

<config_ds> : The name or ID of the "config" DataSet. This is the DataSet that contains the key value pairs to create the polices. This is typically a user email and a value.