Contextes d’autorisation

Le contexte est un mécanisme d’autorisation vous permettant de définir et de restreindre l’accès granulaire dont les applications disposent pour les données Datadog d’une organisation. Lorsque des applications sont autorisées à consulter des données au nom d’un utilisateur ou d’un compte de service, elles peuvent uniquement accéder aux informations explicitement demandées.

Pour gérer au mieux les autorisations, il est recommandé de définir des contextes restrictifs et d’accorder l’accès minimal requis pour garantir le bon fonctionnement des applications. Les utilisateurs peuvent donc contrôler précisément les applications et vérifier facilement comment leurs données sont utilisées. Ainsi, il est inutile d’attribuer des autorisations de gestion ou de suppression d’utilisateurs dans une organisation à une application tierce qui est uniquement censée lire des données de dashboards.

Dans Datadog, les contextes peuvent être appliqués de deux façons différentes :

Dashboards, Dashboard Lists

Downtimes, Monitors

Scope name

Description

Endpoints that require this scope

monitors_downtime

Set downtimes to suppress alerts from any monitor in an organization. The ability to write monitors is not required to set downtimes.

Events

Scope name

Description

Endpoints that require this scope

events_read

Read Events data.

Incidents, Incident Services, Incident Teams

Metrics

Scope name

Description

Endpoints that require this scope

timeseries_query

Query Timeseries data.

Security Monitoring

Scope name

Description

Endpoints that require this scope

security_monitoring_filters_read

Read Security Filters.

security_monitoring_filters_write

Create, edit, and delete Security Filters.

security_monitoring_rules_read

Read Detection Rules.

security_monitoring_rules_write

Create and edit Detection Rules.

security_monitoring_signals_read

View Security Signals.

security_monitoring_signals_write

Synthetics

Scope name

Description

Endpoints that require this scope

synthetics_global_variable_read

View, search, and use in tests the list of global variables available for Synthetics.

synthetics_global_variable_write

Create, edit, and delete global variables for Synthetics.

synthetics_private_location_read

View, search, and use in tests the list of available private locations.

synthetics_private_location_write

Create and delete private locations as well as seeing the associated installation guidelines.

Usage Metering

Scope name

Description

Endpoints that require this scope

usage_read

View your organization's usage and usage attribution.

Get the list of available daily custom reports
Get specified daily custom reports
Get the list of available monthly custom reports
Get specified monthly custom reports
Get hourly usage for analyzed logs
Get usage attribution
Get hourly usage for audit logs
Get hourly usage for Lambda
Get billable usage across your account
Get hourly usage for CI Visibility
Get hourly usage for CSPM
Get hourly usage for Cloud Workload Security
Get hourly usage for Database Monitoring
Get hourly usage for Fargate
Get hourly usage for hosts and containers
Get hourly usage attribution
Get hourly usage for incident management
Get hourly usage for indexed spans
Get hourly usage for ingested spans
Get hourly usage for IoT
Get hourly usage for Logs
Get hourly logs usage by retention
Get hourly usage for Logs by Index
Get monthly usage attribution
Get hourly usage for Network Flows
Get hourly usage for Network Hosts
Get hourly usage for Online Archive
Get hourly usage for profiled hosts
Get hourly usage for RUM Units
Get hourly usage for RUM Sessions
Get hourly usage for Sensitive Data Scanner
Get hourly usage for SNMP devices
Get usage across your multi-org account
Get hourly usage for Synthetics Checks
Get hourly usage for Synthetics API Checks
Get hourly usage for Synthetics Browser Checks
Get hourly usage for custom metrics
Get all custom metrics by hourly average
Get hourly usage for Application Security
Get cost across multi-org account
Get estimated cost across multi-org account
Get hourly usage for Lambda Traced Invocations
Get hourly usage for Observability Pipelines