Contextes d'autorisation

Contextes d’autorisation

Le contexte est un mécanisme d’autorisation vous permettant de définir et de restreindre l’accès granulaire dont les applications disposent pour les données Datadog d’une organisation. Lorsque des applications sont autorisées à consulter des données au nom d’un utilisateur ou d’un compte de service, elles peuvent uniquement accéder aux informations explicitement demandées.

Pour gérer au mieux les autorisations, il est recommandé de définir des contextes restrictifs et d’accorder l’accès minimal requis pour garantir le bon fonctionnement des applications. Les utilisateurs peuvent donc contrôler précisément les applications et vérifier facilement comment leurs données sont utilisées. Ainsi, il est inutile d’attribuer des autorisations de gestion ou de suppression d’utilisateurs dans une organisation à une application tierce qui est uniquement censée lire des données de dashboards.

Dans Datadog, les contextes peuvent être appliqués de deux façons différentes :

Limitez les clients OAuth2 pour vos applications Datadog.
Limitez vos clés d’application.

Dashboards, Dashboard Lists

Scope name

Description

Endpoints that require this scope

dashboards_public_share

Generate public and authenticated links to share dashboards externally.

Create a shared dashboard
Revoke a shared dashboard URL
Update a shared dashboard
Revoke shared dashboard invitations
Get all invitations for a shared dashboard
Send shared dashboard invitation email

dashboards_read

View dashboards.

Get all dashboards
Get all dashboard lists
Get a dashboard list
Get a shared dashboard
Get a dashboard
Get items of a Dashboard List

dashboards_write

Create and change dashboards.

Delete dashboards
Restore deleted dashboards
Create a new dashboard
Create a dashboard list
Delete a dashboard list
Update a dashboard list
Delete a dashboard
Update a dashboard

Downtimes, Monitors

Scope name

Description

Endpoints that require this scope

monitors_downtime

Set downtimes to suppress alerts from any monitor in an organization. The ability to write monitors is not required to set downtimes.

Schedule a downtime
Cancel downtimes by scope
Cancel a downtime
Update a downtime

monitors_read

View monitors.

Get all downtimes
Get a downtime
Get all monitor details
Check if a monitor can be deleted
Monitors group search
Monitors search
Get a monitor's details
Get all downtimes for a monitor
Get all monitor configuration policies
Get a monitor configuration policy

monitors_write

Edit, mute, and delete individual monitors.

Create a monitor
Validate a monitor
Delete a monitor
Edit a monitor
Mute a monitor
Unmute a monitor
Validate an existing monitor

Events

Scope name

Description

Endpoints that require this scope

events_read

Read Events data.

Get a list of events
Get an event
Get a list of events
Search events

IP Allowlist

Scope name

Description

Endpoints that require this scope

org_management

Get IP Allowlist
Update IP Allowlist

Incidents, Incident Services, Incident Teams

Scope name

Description

Endpoints that require this scope

incident_read

View incidents in Datadog.

Get a list of incidents
Search for incidents
Get the details of an incident
Get a list of attachments
Get a list of an incident's integration metadata
Get incident integration metadata details
Get a list of an incident's todos
Get incident todo details
Get a list of all incident services
Get details of an incident service
Get a list of all incident teams
Get details of an incident team

incident_settings_write

Configure Incidents settings.

Create a new incident service
Delete an existing incident service
Update an existing incident service
Create a new incident team
Delete an existing incident team
Update an existing incident team

incident_write

Create, view, and manage incidents in Datadog.

Create an incident
Delete an existing incident
Update an existing incident
Create an incident integration metadata
Delete an incident integration metadata
Update an existing incident integration metadata
Create an incident todo
Delete an incident todo
Update an incident todo

Metrics

Scope name

Description

Endpoints that require this scope

timeseries_query

Query Timeseries data.

Query timeseries points
Query scalar data across multiple products
Query timeseries data across multiple products

Security Monitoring

Scope name

Description

Endpoints that require this scope

security_monitoring_filters_read

Read Security Filters.

Get all security filters
Get a security filter

security_monitoring_filters_write

Create, edit, and delete Security Filters.

Create a security filter
Delete a security filter
Update a security filter

security_monitoring_findings_read

List findings
Get a finding

security_monitoring_rules_read

Read Detection Rules.

List rules
Get a rule's details

security_monitoring_rules_write

Create and edit Detection Rules.

Create a detection rule
Delete an existing rule
Update an existing rule

security_monitoring_signals_read

View Security Signals.

Get a quick list of security signals
Get a list of security signals
Get a signal's details

Service Definition

Scope name

Description

Endpoints that require this scope

apm_service_catalog_read

View service catalog and service definitions.

Get all service definitions
Get a single service definition

apm_service_catalog_write

Add, modify, and delete service catalog definitions when those definitions are maintained by Datadog.

Create or update service definition
Delete a single service definition

Synthetics

Scope name

Description

Endpoints that require this scope

synthetics_global_variable_read

View, search, and use Synthetics global variables.

Get all global variables
Get a global variable

synthetics_global_variable_write

Create, edit, and delete global variables for Synthetics.

Create a global variable
Delete a global variable
Edit a global variable

synthetics_private_location_read

View, search, and use Synthetics private locations.

Get all locations (public and private)
Get a private location

synthetics_private_location_write

Create and delete private locations in addition to having access to the associated installation guidelines.

Create a private location
Delete a private location
Edit a private location

synthetics_read

List and view configured Synthetic tests and test results.

Get details of batch
Get the list of all Synthetic tests
Get an API test
Get a browser test
Get a browser test's latest results summaries
Get a browser test result
Get a test configuration
Get an API test's latest results summaries
Get an API test result

synthetics_write

Create, edit, and delete Synthetic tests.

Create a test
Create an API test
Edit an API test
Create a browser test
Edit a browser test
Delete tests
Trigger Synthetic tests
Trigger tests from CI/CD pipelines
Edit a test
Pause or start a test

Teams

Scope name

Description

Endpoints that require this scope

teams_manage

Create a team
Remove a team

teams_read

Get all teams
Create a team
Remove a team
Get a team
Update a team
Get links for a team
Create a team link
Remove a team link
Get a team link
Update a team link
Get team memberships
Add a user to a team
Remove a user from a team
Update a user's membership attributes on a team
Get permission settings for a team
Update permission setting for team

Usage Metering

Scope name

Description

Endpoints that require this scope

usage_read

View your organization's usage and usage attribution.