Domino Apps provide built-in security features that control what users can access and interact with from your App.
Each App adopts the permissions of the current viewer by default. This determines what the user can access from the App, including Datasets, Data Sources, and project files.
If the SecureIdentityPropagationToAppsEnabled feature flag is disabled, the App runs with the App creator’s permissions instead.
You can also identify individual users who interact with the App, enabling personalized experiences and permission-aware behavior.
App security and identity has complete details about identity propagation, authentication headers, and JWT tokens.
When NetApp Volumes and Datasets are directly mounted, any App viewer adopts the permissions of the App creator. This can expose data to users who don’t have direct access to those resources.
Control access to NetApp Volumes and Datasets in your App by using Domino’s APIs and SDK instead of direct filesystem mounting.
-
In Publish Domino App from the Data menu - choose Mount NetApp Volumes to App file system. This disables direct filesystem access to Volumes and ensures access is routed through Domino’s API.
-
In your App code, use:
-
The
domino-usernameheader, or -
The decoded JWT token
-
-
Use the
dominodatalab-dataPython or R SDK to read, write, and download specific volume files, enforcing access logic based on the requesting user’s identity.
This setup lets you serve a single App to multiple users while tailoring data access according to Domino’s role-based permissions.
-
Apps security and identity has complete details about identity propagation, authentication headers, and JWT tokens.
-
Persist data using Datasets or external storage to make your Apps more dynamic and interactive.
-
Create and Publish an App has instructions on creating and publishing your Apps, customizing the App’s URL, and sharing Apps with authorized users.