---
title: Granular Access Control
description: >-
  Control access to individual Datadog resources like dashboards, monitors, and
  notebooks by teams, roles, or users for fine-grained permission management.
breadcrumbs: Docs > Account Management > Access Control > Granular Access Control
---

# Granular Access Control

## Manage access to individual resources{% #manage-access-to-individual-resources %}

Some resources allow you to restrict access to individual resources by roles, [Teams](https://docs.datadoghq.com/account_management/teams.md), or users.

Use the different principals to control access patterns in your organization and encourage knowledge sharing and collaboration:

- Use Teams to map access to functional groups in your organizations. For example, restrict editing of a dashboard to the application team that owns it.
- Use roles to map access to personas. For example, restrict editing of payment methods to billing administrators.
- Allocate access to individual users only when necessary.

| Supported resources with granular access control                                                                             | Team-based access | Role-based access | User / service account-based access |
| ---------------------------------------------------------------------------------------------------------------------------- | ----------------- | ----------------- | ----------------------------------- |
| [Apps](https://docs.datadoghq.com/actions/app_builder/access_and_auth.md#restrict-access-to-a-specific-app)                  | yes               | yes               | yes                                 |
| [Case Management projects](https://docs.datadoghq.com/incident_response/case_management/settings.md#granular-access-control) | yes               | yes               | yes                                 |
| [Connections](https://docs.datadoghq.com/actions/connections.md?tab=workflowautomation#connection-credentials)               | yes               | yes               | yes                                 |
| [Connection Groups](https://docs.datadoghq.com/actions/connections.md?tab=workflowautomation#connection-groups)              | yes               | yes               | yes                                 |
| [Cross Org Connections](https://docs.datadoghq.com/account_management/org_settings/cross_org_visibility.md#permissions)      | yes               | yes               | yes                                 |
| [Dashboards](https://docs.datadoghq.com/dashboards/configure.md#permissions)                                                 | yes               | yes               | yes                                 |
| [Datastores](https://docs.datadoghq.com/actions/datastore.md)                                                                | yes               | yes               | yes                                 |
| [Feature Flags](https://docs.datadoghq.com/getting_started/feature_flags.md)                                                 | yes               | yes               | yes                                 |
| [Integration Accounts](https://docs.datadoghq.com/getting_started/integrations.md#granular-access-control)                   | yes               | yes               | yes                                 |
| [Integration Services](https://docs.datadoghq.com/getting_started/integrations.md#granular-access-control)                   | yes               | yes               | yes                                 |
| [Integration Webhooks](https://docs.datadoghq.com/getting_started/integrations.md#granular-access-control)                   | yes               | yes               | yes                                 |
| [Logs Pipelines](https://docs.datadoghq.com/logs/log_configuration/pipelines.md#pipeline-permissions)                        | yes               | yes               | yes                                 |
| [Monitors](https://docs.datadoghq.com/monitors/configuration.md#permissions)                                                 | yes               | yes               | yes                                 |
| [Notebooks](https://docs.datadoghq.com/notebooks.md#limit-edit-access)                                                       | yes               | yes               | yes                                 |
| [Observability Pipelines](https://docs.datadoghq.com/observability_pipelines/configuration/access_control.md)                | yes               | yes               | yes                                 |
| [On-Call](https://docs.datadoghq.com/incident_response/on-call.md#granular-access-control)                                   | yes               | yes               | yes                                 |
| [Private Action Runner](https://docs.datadoghq.com/actions/private_actions.md)                                               | yes               | yes               | yes                                 |
| [Powerpacks](https://docs.datadoghq.com/dashboards/widgets/powerpack.md#powerpack-permissions)                               | yes               | yes               | yes                                 |
| [Reference tables](https://docs.datadoghq.com/reference_tables.md#permissions)                                               | yes               | yes               | yes                                 |
| [RUM apps](https://docs.datadoghq.com/real_user_monitoring.md)                                                               | yes               | yes               | yes                                 |
| [Security rules](https://docs.datadoghq.com/security/detection_rules.md#restrict-edit-permissions)                           | yes               | yes               | yes                                 |
| [Security suppressions](https://docs.datadoghq.com/security/suppressions.md#restrict-edit-permissions)                       | yes               | yes               | yes                                 |
| [Service Level Objectives](https://docs.datadoghq.com/service_level_objectives.md#permissions)                               | yes               | yes               | yes                                 |
| [Sheets](https://docs.datadoghq.com/sheets.md#permissions)                                                                   | yes               | yes               | yes                                 |
| [Synthetic tests](https://docs.datadoghq.com/synthetics/browser_tests.md#permissions)                                        | yes               | yes               | yes                                 |
| [Workflows](https://docs.datadoghq.com/actions/workflows/access_and_auth.md#restrict-access-on-a-specific-workflow)          | yes               | yes               | yes                                 |

### Elevate access to individual resources{% #elevate-access-to-individual-resources %}

A user with the `user_access_manage` permission can elevate their access to any individual resource that supports restrictions based on team, role, and user or service account. Resources with only role-based access restrictions are not supported. To get access, click the Elevate Access button in the granular access control modal.