How to use Terraform to restrict the editing of a dashboard
Introduction
Previously when you wanted to restrict editing of dashboards created and managed by Terraform, you would use the is_read_only
attribute to define that editing the dashboard is restricted to the creator or users with the Access Management (user_access_manage
) permission in your organization. With the introduction of restricted_roles
, you can list specific roles that can edit this dashboard within your organization.
Restricting a dashboard
If you’re already using is_read_only
in your definition, this continues to work while your organizational users see and use the role list. To properly synchronize your Terraform definitions and the experience the Datadog application, complete the following steps:
Update your Datadog Terraform provider to version 3.1.0 or above.
Find the UUID of the roles that you want to restrict by either retrieving the UUID from the Roles APIs or Roles UI, or referring to role ID as defined in Terraform for Terraform managed Roles.
Where you’re using is_read_only
in Dashboard definitions, replace them with restricted_roles
:
Common issues
is_read_only
is still enabled for my dashboard
This configuration still works. Every Terraform run detects any changes to roles or read only and notify you if is_read_only
is being changed.
This is because your browser converts the old permission flag to the newer and more advanced permissions scheme. If you update terraform to 3.1.0 or above, the new restricted roles fields is available.
This change is an aesthetic change only, and doesn’t change any functionality or security settings of the dashboard. When you re-apply your Terraform configuration, it replaces the change with the original is_read_only
attribute.