Skip to main content
Domo Knowledge Base

PDP Policy Autocreation

Version 19



This utility automates the creation of PDP policies.


You will need the following to use the PDP utility:

  • Access Token with access to the customer instance and DataSets.

  • The name or ID of the "config" DataSet. This is the DataSet containing the values to create the policies. This typically consists of a user email address and values, as follows:

    • The user name or group name. Separate multiple names using the pipe (|) character.

    • The comparison value in a policy. Separate multiple values using the pipe (|) character.
       Currently only the "equals" operator is supported.  

  • The file, which is auto-generated upon a successful login. Once you have logged in, you can run the utility headless.

If you want email notifications on successes and errors, place a properties file in the same directory as the .jar file, as follows:



Configuration DataSet

The following is an example of the configuration DataSet. Your configuration DataSet schema should match exactly what is described below. 

  • target_ds – The name or ID of the data source in which you want to create the policies.

  • policy_name – The human readable policy name.

  • policy_column – The column name that the filter will be created on.

  • user_group – The user name or group name. Separate multiple names using the pipe (|) character.

  • value – The value in the filter. Separate multiple values using the pipe (|) character.

Example Policies Definition DataSet

The utility supports multiple target DataSets in the ‘target_ds’ column (shown in orange and brown in the preceding screenshot).

To add multiple filters, set the ‘policy_name’ and ‘user_group’ to the same values (shown in pink in the preceding screenshot).

To add users/groups to the ‘default’ policy, set the ‘policy_column’ & ‘value’ to All Rows (shown in dark blue in the preceding screenshot).

To add a dynamic policy, set the ‘policy_column’ and ‘value’  to the appropriate “Trusted Attribute” (shown in green in the preceding screenshot). You can get a list of “Trusted Attributes” in Admin Settings > Security > Trusted

To add a dynamic policy ignoring case, add :ignore_case to the end of the “Trusted Attribute” (shown in light blue in the preceding screenshot).

When there are duplicate policy names, the utility creates a single policy with multiple rules. If duplicate policy names exist on the dataset, they will all be replaced by a single policy.

Running the PDP Utility

The PDP Utility can be run in one of three modes: standalone GUI, Command Line or via a configuration file.

Standalone GUI

This is a wizard-like interface that walks you through the creation of the PDP Policies. Double-click the PDP.jar or execute from the command line with no parameters.

java -jar pdputil-3.1.0.jar

Command Line

This is a headless utility that can be scripted. Once you have logged in once, you can run the utility headless.

java -jar pdputil-3.1.0.jar <domain> <config_ds>

<domain> : The customer instance.

<config_ds> : The name or ID of the "config" DataSet. This is the DataSet that contains the key value pairs to create the polices. This is typically a user email and a value.