Skip to content

LeafEnterprise Backend Enforcement

Domo PDP does not automatically protect calls to LeafEnterprise, AKS workers, Cloudflare-protected APIs, generated artifacts, AI summaries, or backend exports.

If Domo calls LeafEnterprise, the backend must independently resolve and enforce scope:

flowchart LR
  Domo[Domo user/session/group] --> Gateway[Backend gateway]
  Gateway --> Resolve[Resolve user/group/client scope]
  Resolve --> Policy[Backend authorization policy]
  Policy --> Query[Query LeafEnterprise data for allowed scope only]
  Query --> Output[Scoped payload/artifact/summary]

Required Backend Policy

Backend output Required enforcement
API payload Resolve caller, customer, account, group, contract, and reporting period before querying.
generated artifact Bind PDF/workbook/export to one exact backend scope and artifact id.
AI summary Ground only in scoped report/evidence payloads; do not let prompts broaden scope.
savings/audit packet Require backend evidence and calculation lineage for the active client scope.
worker task Policy-gate lane, source systems, mutation level, and output audience before dispatch.

Dual-Enforcement Pattern

Layer Enforcement
Domo PDP protects Domo-native dataset/card access.
LeafEnterprise Backend authorization protects APIs, workers, artifacts, AI, packets, and exports.

This is why LeafEnterprise-backed Domo is materially stronger than Domo-only. Domo remains the client-facing shell, but true contract/client scoping lives in deterministic backend policy rather than dashboard filters.

Forbidden Integration Shapes

  • Do not rely on a dashboard dropdown as the client security boundary.
  • Do not expose broad LeafEnterprise API routes to Domo without caller/scope resolution.
  • Do not return raw Graph URLs, Salesforce body URLs, SQL credentials, or ADLS paths.
  • Do not allow Domo-side Beast Modes to become final savings math once the backend owns the process.
  • Do not publish AI-generated summaries unless the backend has already scoped and classified the evidence.