Roles categorize users and define what account permissions those users have, such as what data they can read or what account assets they can modify. By default, Datadog offers three roles, and you can create custom roles so you can define a better mapping between your users and their permissions.
By granting permissions to roles, any user who is associated with that role receives that permission. When users are associated with multiple roles, they receive all the permissions granted to each of their roles. The more roles a user is associated with, the more access they have within a Datadog account.
Note If you use a SAML identity provider, you can integrate it with Datadog for authentication, and you can map identity attributes to Datadog default and custom roles. For more information, see Single Sign On With SAML.
Manage your custom roles through the Datadog application, the Datadog Role API, or SAML directly. Find below how to create, update, delete a role. See the Datadog Role permissions documentation for more information about available permissions. Only users with the Access Management permission can create or edit roles in Datadog.
You can create custom roles with:
To create a custom role:
Once a role is created you can add this role to existing users.
Find an example of how to create a Role in the Datadog Create Role API documentation.
To edit a custom role:
Once a role is modified, all users who have the role will have their permissions updated.
Find an example of how to update a Role in the Datadog Create Role API documentation.
To delete a custom role:
Once a role is deleted all users who have the role will have their permissions updated. Users without any roles will not be able to use Datadog effectively, but will still maintain limited access. You should always make sure users either have a Role or are disabled if they do not need access to your organization.
Find an example of how to delete a Role in the Datadog Create Role API documentation.
Additional helpful documentation, links, and articles: