Domo App Studio Delivery Model¶
The client-facing Domo model should be presentation-first and scope-aware.
Delivery Options¶
| Option | Use when | Required security |
|---|---|---|
| Native Domo login | Customer users are managed directly in Domo. | Domo identity, groups, content sharing, PDP. |
| Private user-based embed | Customer users authenticate through SSO and Domo user identities. | SSO, shared cards/pages, PDP. |
| Private server/programmatic embed | Portal authenticates users and sends programmatic filters. | Portal/backend auth plus programmatic filters; LeafEnterprise must still scope backend APIs. |
| Domo presentation over LeafEnterprise extracts | Domo renders scheduled backend-published scoped datasets. | Domo PDP plus backend export policy. |
Public embed is not acceptable for PHI/client-specific dashboards because it does not require viewer login and does not support PDP.
LeafEnterprise-Published Dataset Shape¶
Domo-facing datasets or extracts should include enough entitlement columns for PDP:
| Column family | Purpose |
|---|---|
| customer/account ids | PDP customer scoping. |
| group ids/names | group-specific dashboard views. |
| contract/pricing scope ids | contract-specific access. |
| reporting period | period access and dashboard filters. |
| output lineage | backend run id, artifact id, evidence status, refresh timestamp. |
| presentation-safe metrics | scoped KPIs, sections, rankings, and statuses. |
Avoid publishing raw source fields that are not necessary for the dashboard. Sensitive row-level details should stay in LeafEnterprise artifacts or backend APIs unless explicitly approved for Domo presentation.
Dashboard UX Rule¶
Client selectors, filters, and dropdowns are allowed for usability. They must sit on top of already scoped data. A client selector must never be the first or only line of defense.