--- title: Grant role to a restriction query description: Datadog, the leading service for cloud-scale monitoring. breadcrumbs: Docs > API Reference > Logs Restriction Queries --- # Grant role to a restriction query{% #grant-role-to-a-restriction-query %} Copy pageCopied {% tab title="v2" %} **Note**: This endpoint is in public beta. If you have any feedback, contact [Datadog support](https://docs.datadoghq.com/help/). | Datadog site | API endpoint | | ----------------- | ------------------------------------------------------------------------------------------------------ | | ap1.datadoghq.com | POST https://api.ap1.datadoghq.com/api/v2/logs/config/restriction_queries/{restriction_query_id}/roles | | ap2.datadoghq.com | POST https://api.ap2.datadoghq.com/api/v2/logs/config/restriction_queries/{restriction_query_id}/roles | | app.datadoghq.eu | POST https://api.datadoghq.eu/api/v2/logs/config/restriction_queries/{restriction_query_id}/roles | | app.ddog-gov.com | POST https://api.ddog-gov.com/api/v2/logs/config/restriction_queries/{restriction_query_id}/roles | | us2.ddog-gov.com | POST https://api.us2.ddog-gov.com/api/v2/logs/config/restriction_queries/{restriction_query_id}/roles | | app.datadoghq.com | POST https://api.datadoghq.com/api/v2/logs/config/restriction_queries/{restriction_query_id}/roles | | us3.datadoghq.com | POST https://api.us3.datadoghq.com/api/v2/logs/config/restriction_queries/{restriction_query_id}/roles | | us5.datadoghq.com | POST https://api.us5.datadoghq.com/api/v2/logs/config/restriction_queries/{restriction_query_id}/roles | ### Overview Adds a role to a restriction query. **Note**: This operation automatically grants the `logs_read_data` permission to the role if it doesn't already have it. This endpoint requires the `user_access_manage` permission. ### Arguments #### Path Parameters | Name | Type | Description | | -------------------------------------- | ------ | -------------------------------- | | restriction_query_id [*required*] | string | The ID of the restriction query. | ### Request #### Body Data (required) {% tab title="Model" %} | Parent field | Field | Type | Description | | ------------ | ----- | ------ | ---------------------------------------- | | | data | object | Relationship to role object. | | data | id | string | The unique identifier of the role. | | data | type | enum | Roles type. Allowed enum values: `roles` | {% /tab %} {% tab title="Example" %} ```json { "data": { "id": "string", "type": "roles" } } ``` {% /tab %} ### Response {% tab title="204" %} OK {% /tab %} {% tab title="400" %} Bad Request {% tab title="Model" %} API error response. | Field | Type | Description | | ------------------------ | -------- | ----------------- | | errors [*required*] | [string] | A list of errors. | {% /tab %} {% tab title="Example" %} ```json { "errors": [ "Bad Request" ] } ``` {% /tab %} {% /tab %} {% tab title="403" %} Authentication error {% tab title="Model" %} API error response. | Field | Type | Description | | ------------------------ | -------- | ----------------- | | errors [*required*] | [string] | A list of errors. | {% /tab %} {% tab title="Example" %} ```json { "errors": [ "Bad Request" ] } ``` {% /tab %} {% /tab %} {% tab title="404" %} Not found {% tab title="Model" %} API error response. | Field | Type | Description | | ------------------------ | -------- | ----------------- | | errors [*required*] | [string] | A list of errors. | {% /tab %} {% tab title="Example" %} ```json { "errors": [ "Bad Request" ] } ``` {% /tab %} {% /tab %} {% tab title="429" %} Too many requests {% tab title="Model" %} API error response. | Field | Type | Description | | ------------------------ | -------- | ----------------- | | errors [*required*] | [string] | A list of errors. | {% /tab %} {% tab title="Example" %} ```json { "errors": [ "Bad Request" ] } ``` {% /tab %} {% /tab %} ### Code Example ##### \## default # \# Path parameters export restriction_query_id="CHANGE_ME" \# Curl command curl -X POST "https://api.datadoghq.com/api/v2/logs/config/restriction_queries/${restriction_query_id}/roles" \ -H "Content-Type: application/json" \ -H "DD-API-KEY: ${DD_API_KEY}" \ -H "DD-APPLICATION-KEY: ${DD_APP_KEY}" \ -d @- << EOF { "data": { "id": "3653d3c6-0c75-11ea-ad28-fb5701eabc7d", "type": "roles" } } EOF ##### ```go // Grant role to a restriction query returns "OK" response package main import ( "context" "fmt" "os" "github.com/DataDog/datadog-api-client-go/v2/api/datadog" "github.com/DataDog/datadog-api-client-go/v2/api/datadogV2" ) func main() { // there is a valid "restriction_query" in the system RestrictionQueryDataID := os.Getenv("RESTRICTION_QUERY_DATA_ID") // there is a valid "role" in the system RoleDataID := os.Getenv("ROLE_DATA_ID") body := datadogV2.RelationshipToRole{ Data: &datadogV2.RelationshipToRoleData{ Id: datadog.PtrString(RoleDataID), Type: datadogV2.ROLESTYPE_ROLES.Ptr(), }, } ctx := datadog.NewDefaultContext(context.Background()) configuration := datadog.NewConfiguration() configuration.SetUnstableOperationEnabled("v2.AddRoleToRestrictionQuery", true) apiClient := datadog.NewAPIClient(configuration) api := datadogV2.NewLogsRestrictionQueriesApi(apiClient) r, err := api.AddRoleToRestrictionQuery(ctx, RestrictionQueryDataID, body) if err != nil { fmt.Fprintf(os.Stderr, "Error when calling `LogsRestrictionQueriesApi.AddRoleToRestrictionQuery`: %v\n", err) fmt.Fprintf(os.Stderr, "Full HTTP response: %v\n", r) } } ``` #### Instructions First [install the library and its dependencies](https://docs.datadoghq.com/api/latest.md?code-lang=go) and then save the example to `main.go` and run following commands: DD_SITE="datadoghq.com" DD_API_KEY="" DD_APP_KEY="" go run "main.go" ##### ```java // Grant role to a restriction query returns "OK" response import com.datadog.api.client.ApiClient; import com.datadog.api.client.ApiException; import com.datadog.api.client.v2.api.LogsRestrictionQueriesApi; import com.datadog.api.client.v2.model.RelationshipToRole; import com.datadog.api.client.v2.model.RelationshipToRoleData; import com.datadog.api.client.v2.model.RolesType; public class Example { public static void main(String[] args) { ApiClient defaultClient = ApiClient.getDefaultApiClient(); defaultClient.setUnstableOperationEnabled("v2.addRoleToRestrictionQuery", true); LogsRestrictionQueriesApi apiInstance = new LogsRestrictionQueriesApi(defaultClient); // there is a valid "restriction_query" in the system String RESTRICTION_QUERY_DATA_ID = System.getenv("RESTRICTION_QUERY_DATA_ID"); // there is a valid "role" in the system String ROLE_DATA_ID = System.getenv("ROLE_DATA_ID"); RelationshipToRole body = new RelationshipToRole() .data(new RelationshipToRoleData().id(ROLE_DATA_ID).type(RolesType.ROLES)); try { apiInstance.addRoleToRestrictionQuery(RESTRICTION_QUERY_DATA_ID, body); } catch (ApiException e) { System.err.println( "Exception when calling LogsRestrictionQueriesApi#addRoleToRestrictionQuery"); System.err.println("Status code: " + e.getCode()); System.err.println("Reason: " + e.getResponseBody()); System.err.println("Response headers: " + e.getResponseHeaders()); e.printStackTrace(); } } } ``` #### Instructions First [install the library and its dependencies](https://docs.datadoghq.com/api/latest.md?code-lang=java) and then save the example to `Example.java` and run following commands: DD_SITE="datadoghq.com" DD_API_KEY="" DD_APP_KEY="" java "Example.java" ##### ```python """ Grant role to a restriction query returns "OK" response """ from os import environ from datadog_api_client import ApiClient, Configuration from datadog_api_client.v2.api.logs_restriction_queries_api import LogsRestrictionQueriesApi from datadog_api_client.v2.model.relationship_to_role import RelationshipToRole from datadog_api_client.v2.model.relationship_to_role_data import RelationshipToRoleData from datadog_api_client.v2.model.roles_type import RolesType # there is a valid "restriction_query" in the system RESTRICTION_QUERY_DATA_ID = environ["RESTRICTION_QUERY_DATA_ID"] # there is a valid "role" in the system ROLE_DATA_ID = environ["ROLE_DATA_ID"] body = RelationshipToRole( data=RelationshipToRoleData( id=ROLE_DATA_ID, type=RolesType.ROLES, ), ) configuration = Configuration() configuration.unstable_operations["add_role_to_restriction_query"] = True with ApiClient(configuration) as api_client: api_instance = LogsRestrictionQueriesApi(api_client) api_instance.add_role_to_restriction_query(restriction_query_id=RESTRICTION_QUERY_DATA_ID, body=body) ``` #### Instructions First [install the library and its dependencies](https://docs.datadoghq.com/api/latest.md?code-lang=python) and then save the example to `example.py` and run following commands: DD_SITE="datadoghq.com" DD_API_KEY="" DD_APP_KEY="" python3 "example.py" ##### ```ruby # Grant role to a restriction query returns "OK" response require "datadog_api_client" DatadogAPIClient.configure do |config| config.unstable_operations["v2.add_role_to_restriction_query".to_sym] = true end api_instance = DatadogAPIClient::V2::LogsRestrictionQueriesAPI.new # there is a valid "restriction_query" in the system RESTRICTION_QUERY_DATA_ID = ENV["RESTRICTION_QUERY_DATA_ID"] # there is a valid "role" in the system ROLE_DATA_ID = ENV["ROLE_DATA_ID"] body = DatadogAPIClient::V2::RelationshipToRole.new({ data: DatadogAPIClient::V2::RelationshipToRoleData.new({ id: ROLE_DATA_ID, type: DatadogAPIClient::V2::RolesType::ROLES, }), }) api_instance.add_role_to_restriction_query(RESTRICTION_QUERY_DATA_ID, body) ``` #### Instructions First [install the library and its dependencies](https://docs.datadoghq.com/api/latest.md?code-lang=ruby) and then save the example to `example.rb` and run following commands: DD_SITE="datadoghq.com" DD_API_KEY="" DD_APP_KEY="" rb "example.rb" ##### ```rust // Grant role to a restriction query returns "OK" response use datadog_api_client::datadog; use datadog_api_client::datadogV2::api_logs_restriction_queries::LogsRestrictionQueriesAPI; use datadog_api_client::datadogV2::model::RelationshipToRole; use datadog_api_client::datadogV2::model::RelationshipToRoleData; use datadog_api_client::datadogV2::model::RolesType; #[tokio::main] async fn main() { // there is a valid "restriction_query" in the system let restriction_query_data_id = std::env::var("RESTRICTION_QUERY_DATA_ID").unwrap(); // there is a valid "role" in the system let role_data_id = std::env::var("ROLE_DATA_ID").unwrap(); let body = RelationshipToRole::new().data( RelationshipToRoleData::new() .id(role_data_id.clone()) .type_(RolesType::ROLES), ); let mut configuration = datadog::Configuration::new(); configuration.set_unstable_operation_enabled("v2.AddRoleToRestrictionQuery", true); let api = LogsRestrictionQueriesAPI::with_config(configuration); let resp = api .add_role_to_restriction_query(restriction_query_data_id.clone(), body) .await; if let Ok(value) = resp { println!("{:#?}", value); } else { println!("{:#?}", resp.unwrap_err()); } } ``` #### Instructions First [install the library and its dependencies](https://docs.datadoghq.com/api/latest.md?code-lang=rust) and then save the example to `src/main.rs` and run following commands: DD_SITE="datadoghq.com" DD_API_KEY="" DD_APP_KEY="" cargo run ##### ```typescript /** * Grant role to a restriction query returns "OK" response */ import { client, v2 } from "@datadog/datadog-api-client"; const configuration = client.createConfiguration(); configuration.unstableOperations["v2.addRoleToRestrictionQuery"] = true; const apiInstance = new v2.LogsRestrictionQueriesApi(configuration); // there is a valid "restriction_query" in the system const RESTRICTION_QUERY_DATA_ID = process.env .RESTRICTION_QUERY_DATA_ID as string; // there is a valid "role" in the system const ROLE_DATA_ID = process.env.ROLE_DATA_ID as string; const params: v2.LogsRestrictionQueriesApiAddRoleToRestrictionQueryRequest = { body: { data: { id: ROLE_DATA_ID, type: "roles", }, }, restrictionQueryId: RESTRICTION_QUERY_DATA_ID, }; apiInstance .addRoleToRestrictionQuery(params) .then((data: any) => { console.log( "API called successfully. Returned data: " + JSON.stringify(data) ); }) .catch((error: any) => console.error(error)); ``` #### Instructions First [install the library and its dependencies](https://docs.datadoghq.com/api/latest.md?code-lang=typescript) and then save the example to `example.ts` and run following commands: DD_SITE="datadoghq.com" DD_API_KEY="" DD_APP_KEY="" tsc "example.ts" {% /tab %}