How to remove access of an admin user from a dataset?

I have a dataset of which I only want to give access to some people. Right now, all admins can access this dataset (even though I have not given access to them, I believe this is how admin rights work). 

 

But I want to remove a few admins from being able to access the dataset (as it contains confidential information not pertaining to their department). 

 

How can I do this?

Comments

  • Have a look at this article and the reference articles. You may need to create a group or a custom role.

    Thanks!

  • I found that this isn't possible. I tried to do this a few months ago, but by default, Admins have access to ALL datasets. The only thing an admin can't do is use other users' credentials for datasets unless it is shared with them.

     

    The only thing I've been able to do is limit admin access to a select number of people and make everyone else privelidged. I do this because we have pay information in one dataset that only the admins have permission to see. However, this creates a lot more management work for the admin because you'll have to make sure to share datasets with everyone that needs access or else they won't be able to see it. Then to make it worse, you can't share a dataset with a user group unless a card is made from that dataset and the card is shared with a user group, but it's not feasible to make a card for every dataset.

     

    I would love to have an option to block everyone (admin or not) from a certain dataset by default, but it hasn't happened yet.

  • I didn't see an idea for this already submitted so I went ahead and made one.

    https://dojo.domo.com/t5/Ideas-Exchange/Limit-Admin-Access-to-Certain-Datasets/idi-p/46372#M7678

  • Also, I didn't see the share dataset with user groups in the idea exchange so I added it as well.

    https://dojo.domo.com/t5/Ideas-Exchange/Share-Datasets-with-User-Groups/idi-p/46374#M7679

  • Ashleigh
    Ashleigh Florida 🟢

    @hamza_123  have you created custom roles? In our instance, we only give Admin Accounts to IT. We made roles that are more precise then the ones currently provided. We have a couple of roles who have similar access as an admin but without the security features. Those roles have access to view all data but then we have another role for our Departmental Power Users who have similar access but can only see data that has been shared with them. Creating custom roles gives you much more flexibility into the access rights of a user. You can also make a read only account similar to the Participant role but limit export capability for those users without disabling it for the whole instance.

     

    Also @Figauro  you can defintely just share a dataset, if you go to the data center and click the checkbox that appears to the left of the name you can select one or multiple datasets to share. To share them go to the top right corner after you select the dataset(s) and click person with the + sign to share with multiple users or groups. You can also manage who currently has access or not in the sharing options of the dataset by clicking the export button and then the share button.

  • @Ashleigh interesting. So it allows you to share the dataset to user groups if you mass select them in the data center, but not if you are selected into a dataset and then click share. This may just be a bug or oversight.

     

    As for what @hamza_123 is trying to do, custom roles won't work unless he demotes users from being admins. By doing so, everyone within the company will have to manage sharing datasets more because other users won't be able to see them unless it is shared with them. While this is probably the right move for large companies that are segmented, my small ~130 employee company would like to give people access to every dataset except this one payroll dataset.

     

    Now that I know you can mass select and share with user groups, I'll have to select 50 datasets at a time to share and remember to share new datasets with that user group.

  • @Figauro - You can demote folks from Admin, and leverage the 'Default' sharing group.  That will help with the datasets, cards, and pages.  Non-Admins won't be able to see the dataflows of others, but it sounds like the datasets are the main concern.  There are a lot of bulk sharing techniques that can help you with that, too.  

     

     

  • Demoting people from admin might not be the most appropriate way (some people might not take it very well). 

    So from what I understand there is ccurrently no way to hide a dataset from an admin?

  • That is correct. You can not hide datasets from admins.

  • Thank you for the explanation. I now understand the issue at hand. I think the best way to deal with this would be to create custom users. 

     

    Can anyone tell me how to make them. When I go to: Admin --> Roles .   , i don't see anywhere I can create roles. 

  • MarkSnodgrass
    MarkSnodgrass Portland, Oregon 🔴

    @hamza_123 

    You have to contact support or your customer success manager as this feature is only enabled on demand, per the knowledgebase. 

    Here's a link to the article and further explanation about managing the roles.

    https://knowledge.domo.com/Administer/Controlling_Access_in_Domo/Managing_Custom_Roles