Logs Restriction Queries

Note: This endpoint is in public beta. If you have any feedback, contact Datadog support.

A Restriction Query is a logs query that restricts which logs the logs_read_data permission grants read access to. For users whose roles have Restriction Queries, any log query they make only returns those log events that also match one of their Restriction Queries. This is true whether the user queries log events from any log-related feature, including the log explorer, Live Tail, re-hydration, or a dashboard widget.

Restriction Queries currently only support use of the following components of log events:

Reserved attributes
The log message
Tags

To restrict read access on log data, add a team tag to log events to indicate which teams own them, and then scope Restriction Queries to the relevant values of the team tag. Tags can be applied to log events in many ways, and a log event can have multiple tags with the same key (like team) and different values. This means the same log event can be visible to roles whose restriction queries are scoped to different team values.

See How to Set Up RBAC for Logs for details on how to add restriction queries.

List restriction queries → preview

GET https://api.ap1.datadoghq.com/api/v2/logs/config/restriction_querieshttps://api.ap2.datadoghq.com/api/v2/logs/config/restriction_querieshttps://api.datadoghq.eu/api/v2/logs/config/restriction_querieshttps://api.ddog-gov.com/api/v2/logs/config/restriction_querieshttps://api.us2.ddog-gov.com/api/v2/logs/config/restriction_querieshttps://api.datadoghq.com/api/v2/logs/config/restriction_querieshttps://api.us3.datadoghq.com/api/v2/logs/config/restriction_querieshttps://api.us5.datadoghq.com/api/v2/logs/config/restriction_queries

Create a restriction query → preview

POST https://api.ap1.datadoghq.com/api/v2/logs/config/restriction_querieshttps://api.ap2.datadoghq.com/api/v2/logs/config/restriction_querieshttps://api.datadoghq.eu/api/v2/logs/config/restriction_querieshttps://api.ddog-gov.com/api/v2/logs/config/restriction_querieshttps://api.us2.ddog-gov.com/api/v2/logs/config/restriction_querieshttps://api.datadoghq.com/api/v2/logs/config/restriction_querieshttps://api.us3.datadoghq.com/api/v2/logs/config/restriction_querieshttps://api.us5.datadoghq.com/api/v2/logs/config/restriction_queries

Get a restriction query → preview

GET https://api.ap1.datadoghq.com/api/v2/logs/config/restriction_queries/{restriction_query_id}https://api.ap2.datadoghq.com/api/v2/logs/config/restriction_queries/{restriction_query_id}https://api.datadoghq.eu/api/v2/logs/config/restriction_queries/{restriction_query_id}https://api.ddog-gov.com/api/v2/logs/config/restriction_queries/{restriction_query_id}https://api.us2.ddog-gov.com/api/v2/logs/config/restriction_queries/{restriction_query_id}https://api.datadoghq.com/api/v2/logs/config/restriction_queries/{restriction_query_id}https://api.us3.datadoghq.com/api/v2/logs/config/restriction_queries/{restriction_query_id}https://api.us5.datadoghq.com/api/v2/logs/config/restriction_queries/{restriction_query_id}

Update a restriction query → preview

PATCH https://api.ap1.datadoghq.com/api/v2/logs/config/restriction_queries/{restriction_query_id}https://api.ap2.datadoghq.com/api/v2/logs/config/restriction_queries/{restriction_query_id}https://api.datadoghq.eu/api/v2/logs/config/restriction_queries/{restriction_query_id}https://api.ddog-gov.com/api/v2/logs/config/restriction_queries/{restriction_query_id}https://api.us2.ddog-gov.com/api/v2/logs/config/restriction_queries/{restriction_query_id}https://api.datadoghq.com/api/v2/logs/config/restriction_queries/{restriction_query_id}https://api.us3.datadoghq.com/api/v2/logs/config/restriction_queries/{restriction_query_id}https://api.us5.datadoghq.com/api/v2/logs/config/restriction_queries/{restriction_query_id}

Replace a restriction query → preview

PUT https://api.ap1.datadoghq.com/api/v2/logs/config/restriction_queries/{restriction_query_id}https://api.ap2.datadoghq.com/api/v2/logs/config/restriction_queries/{restriction_query_id}https://api.datadoghq.eu/api/v2/logs/config/restriction_queries/{restriction_query_id}https://api.ddog-gov.com/api/v2/logs/config/restriction_queries/{restriction_query_id}https://api.us2.ddog-gov.com/api/v2/logs/config/restriction_queries/{restriction_query_id}https://api.datadoghq.com/api/v2/logs/config/restriction_queries/{restriction_query_id}https://api.us3.datadoghq.com/api/v2/logs/config/restriction_queries/{restriction_query_id}https://api.us5.datadoghq.com/api/v2/logs/config/restriction_queries/{restriction_query_id}

Delete a restriction query → preview

DELETE https://api.ap1.datadoghq.com/api/v2/logs/config/restriction_queries/{restriction_query_id}https://api.ap2.datadoghq.com/api/v2/logs/config/restriction_queries/{restriction_query_id}https://api.datadoghq.eu/api/v2/logs/config/restriction_queries/{restriction_query_id}https://api.ddog-gov.com/api/v2/logs/config/restriction_queries/{restriction_query_id}https://api.us2.ddog-gov.com/api/v2/logs/config/restriction_queries/{restriction_query_id}https://api.datadoghq.com/api/v2/logs/config/restriction_queries/{restriction_query_id}https://api.us3.datadoghq.com/api/v2/logs/config/restriction_queries/{restriction_query_id}https://api.us5.datadoghq.com/api/v2/logs/config/restriction_queries/{restriction_query_id}

List roles for a restriction query → preview

GET https://api.ap1.datadoghq.com/api/v2/logs/config/restriction_queries/{restriction_query_id}/roleshttps://api.ap2.datadoghq.com/api/v2/logs/config/restriction_queries/{restriction_query_id}/roleshttps://api.datadoghq.eu/api/v2/logs/config/restriction_queries/{restriction_query_id}/roleshttps://api.ddog-gov.com/api/v2/logs/config/restriction_queries/{restriction_query_id}/roleshttps://api.us2.ddog-gov.com/api/v2/logs/config/restriction_queries/{restriction_query_id}/roleshttps://api.datadoghq.com/api/v2/logs/config/restriction_queries/{restriction_query_id}/roleshttps://api.us3.datadoghq.com/api/v2/logs/config/restriction_queries/{restriction_query_id}/roleshttps://api.us5.datadoghq.com/api/v2/logs/config/restriction_queries/{restriction_query_id}/roles

Grant role to a restriction query → preview

POST https://api.ap1.datadoghq.com/api/v2/logs/config/restriction_queries/{restriction_query_id}/roleshttps://api.ap2.datadoghq.com/api/v2/logs/config/restriction_queries/{restriction_query_id}/roleshttps://api.datadoghq.eu/api/v2/logs/config/restriction_queries/{restriction_query_id}/roleshttps://api.ddog-gov.com/api/v2/logs/config/restriction_queries/{restriction_query_id}/roleshttps://api.us2.ddog-gov.com/api/v2/logs/config/restriction_queries/{restriction_query_id}/roleshttps://api.datadoghq.com/api/v2/logs/config/restriction_queries/{restriction_query_id}/roleshttps://api.us3.datadoghq.com/api/v2/logs/config/restriction_queries/{restriction_query_id}/roleshttps://api.us5.datadoghq.com/api/v2/logs/config/restriction_queries/{restriction_query_id}/roles

Revoke role from a restriction query → preview

DELETE https://api.ap1.datadoghq.com/api/v2/logs/config/restriction_queries/{restriction_query_id}/roleshttps://api.ap2.datadoghq.com/api/v2/logs/config/restriction_queries/{restriction_query_id}/roleshttps://api.datadoghq.eu/api/v2/logs/config/restriction_queries/{restriction_query_id}/roleshttps://api.ddog-gov.com/api/v2/logs/config/restriction_queries/{restriction_query_id}/roleshttps://api.us2.ddog-gov.com/api/v2/logs/config/restriction_queries/{restriction_query_id}/roleshttps://api.datadoghq.com/api/v2/logs/config/restriction_queries/{restriction_query_id}/roleshttps://api.us3.datadoghq.com/api/v2/logs/config/restriction_queries/{restriction_query_id}/roleshttps://api.us5.datadoghq.com/api/v2/logs/config/restriction_queries/{restriction_query_id}/roles

Get all restriction queries for a given user → preview

GET https://api.ap1.datadoghq.com/api/v2/logs/config/restriction_queries/user/{user_id}https://api.ap2.datadoghq.com/api/v2/logs/config/restriction_queries/user/{user_id}https://api.datadoghq.eu/api/v2/logs/config/restriction_queries/user/{user_id}https://api.ddog-gov.com/api/v2/logs/config/restriction_queries/user/{user_id}https://api.us2.ddog-gov.com/api/v2/logs/config/restriction_queries/user/{user_id}https://api.datadoghq.com/api/v2/logs/config/restriction_queries/user/{user_id}https://api.us3.datadoghq.com/api/v2/logs/config/restriction_queries/user/{user_id}https://api.us5.datadoghq.com/api/v2/logs/config/restriction_queries/user/{user_id}

Get restriction query for a given role → preview

GET https://api.ap1.datadoghq.com/api/v2/logs/config/restriction_queries/role/{role_id}https://api.ap2.datadoghq.com/api/v2/logs/config/restriction_queries/role/{role_id}https://api.datadoghq.eu/api/v2/logs/config/restriction_queries/role/{role_id}https://api.ddog-gov.com/api/v2/logs/config/restriction_queries/role/{role_id}https://api.us2.ddog-gov.com/api/v2/logs/config/restriction_queries/role/{role_id}https://api.datadoghq.com/api/v2/logs/config/restriction_queries/role/{role_id}https://api.us3.datadoghq.com/api/v2/logs/config/restriction_queries/role/{role_id}https://api.us5.datadoghq.com/api/v2/logs/config/restriction_queries/role/{role_id}