Security Best Practices for Inviting External User to Domo Instance?

My organization wants to be able to collaborate with one of our customers to develop performance metrics that combine their data with our own. We are considering providing members of their technology team access to our Domo instance so that they can accomplish any of the following tasks:

  1. Create/edit datasets from their own systems (ODBC, file upload, API connector, etc.)
  2. View/edit dataflows that use the datasets they own
  3. View/edit cards and pages that use the inputs/outputs of the dataflows they have access to

It's also critical that we keep their access very limited because of the amount of proprietary data that we already have in Domo that they should not be able to see. This is my current plan for managing this initiative, but I am open to feedback or suggestions:

  1. Create a shared user for the external team using the default Editor role
  2. Add the user to a new group that includes any internal collaborators
  3. Run all relevant internal datasets through dataflows to remove sensitive information (financial information, customer names, etc.)
  4. Share the cleansed outputs of the dataflows with the group so everyone can access downstream dataflows
  5. Share any datasets created by the user with the group
  6. Create dedicated page(s) for the group to add/edit cards

I'm open to input from anyone who has had a similar situation or if I'm missing any crucial for security. We haven't had much use for custom roles or PDP, so I'm curious whether I should consider those options as well. Thanks!

Tagged:

Answers

  • MarkSnodgrass
    MarkSnodgrass Portland, Oregon πŸ₯·

    You might consider using the Dataset Copy connector. It copies a dataset between different Domo instances. This is nice because then you don't have to give anyone access to your instance. Your team can construct datasets that they want to share and then provide the dataset id to the engineering team in the other instance who would then use the Dataset Copy connector to have the resulting dataset show up in their instance. Here is a link to the KB article:

    https://domohelp.domo.com/hc/en-us/articles/360043436533-DataSet-Copy-DataSet-Connector




    **Make sure to <3 any users posts that helped you.
    **Please mark as accepted the ones who solved your issue.
  • GrantSmith
    GrantSmith Indiana πŸ₯·


    **Was this post helpful? Click Agree or Like below**

    **Did this solve your problem? Accept it as a solution!**
  • jaeW_at_Onyx
    jaeW_at_Onyx Budapest / Portland, OR 🟀

    @MichelleH

    Domo Publish would probably be the safest way to make sure you don't accidentally share content with users. Tell your AE you want to talk to Dan Hendriksen and then tell Dan, Jae W sent you ;) But also, there are commercial implications for Publish.

    You can also take a look at Publication Groups which is an older feature but does give users access to your instance of Domo (instead of spinning up a second instance, a'la Publish.)

    either way, PDP is the ONLY foolproof way to guarantee you don't accidentally share the wrong content with users, so make the time to understand it thoroughly. If you're creating a product with data shared across multiple vendors, regardless of how you implement your solution, you'll have to master PDP.

    Jae Wilson
    Check out my πŸŽ₯ Domo Training YouTube Channel πŸ‘¨β€πŸ’»

    **Say "Thanks" by clicking the ❀️ in the post that helped you.
    **Please mark the post that solves your problem by clicking on "Accept as Solution"