Network Performance Monitoring is now generally available! Network Monitoring is now available!

Default Datadog Roles and Permissions

Datadog provides three user roles by default:

RoleDescription
Datadog Admin RoleUsers have access to billing information and the ability to revoke API keys. They can manage users and configure read-only dashboards. They can also promote standard users to administrators.
Datadog Standard RoleUsers are allowed to view and modify all monitoring features that Datadog offers, such as dashboards, monitors, events, and notebooks. Standard users can also invite other users to organizations.
Datadog Read Only RoleUsers do not have access to edit within Datadog. This comes in handy when you’d like to share specific read-only views with a client, or when a member of one business unit needs to share a dashboard with someone outside their unit.
The list of permissions and roles is in active development. This page is updated as new permissions are added and names and definitions are updated.

Description of available permissions

General permissions provide the base level of access for your role. Advanced Permissions are explicitly defined permissions that augment the base permissions.

General Permissions

Permission NameDescription
Priviledged AccessThis permission gives to the role the ability to view and edit everything in your Datadog organization that does not have an explicitly defined permission. This includes billing and usage, user, key, and organization management. This permission is inclusive of all Standard Access permissions.
Standard AccessThis permission gives to the role the ability to view and edit components in your Datadog organization that do not have explicitly defined permissions. This includes APM, Events, and other non-Account Management functionality.
Read-Only AccessThis permission gives to the role read access to parts of the application not explicitly defined with permissions or restricted through the combination of the user’s roles and the permissions granted them.

Advanced Permissions

All permissions have up to three options that can be selected: Read, Write, and Other. Note that not all options are available every time for a given permission. Find below the detailed of those options and the impact of each available permission.

Logs

Permission NameReadWriteOther
Log IndexesRead a subset of all log indexesUpdate the definition of log indexesundefined
Live TailAccess the live tail featureundefinedundefined
Exclusion FiltersundefinedUpdate a subset of the exclusion filtersundefined
Log PipelinesundefinedUpdate a subset of the log pipelinesundefined
Log ProcessorsundefinedUpdate the log processors in an indexundefined
Log External ArchivesundefinedUpdate the external archives configurationundefined
Logs Public Config APIundefinedundefinedAccess the Logs Public Config API (r/w)
Log Generate MetricsAccess the Generate Metrics featureundefinedundefined

Dashboards

Permission NameReadWriteOther
DashboardsAccess dashboards (required)Update dashboardsundefined
Dashboards ShareundefinedundefinedShare dashboards publicly

Monitors

Permission NameReadWriteOther
MonitorsAccess monitors (required)Update monitorundefined
Monitors DowntimeundefinedManage monitor downtimeundefined

Further Reading