ロールを作成した後、Datadog でロールを更新するか Datadog Permission API を使用して、このロールへアクセス許可を直接割り当てたり削除したりできます。利用可能なアクセス許可の一覧は次のとおりです。
一般許可は、各ロールのユーザーに対して基本的なアクセス権を許可するものです。高度な許可は、一般許可に加えて付与される特定目的の許可を指します。
| Name | Description | Scopable |
|---|
注: ロールに admin と standard アクセス許可の両方がないことにより定義されるため、read-only アクセス許可はありません。
デフォルトでは、既存のユーザーは、すぐに使用できる 3 つの Datadog 管理者、標準、または読み取り専用ロールのいずれかにすでに関連付けられているため、すべてのユーザーは全種類のデータを読み取るアクセス許可をすでに持ち、管理者または標準ユーザーはアセットの書き込みアクセス許可をすでに持っています。
注: ユーザーに新しいカスタムロールを追加する際、新しいロールのアクセス許可を適用するために、そのユーザーに関連付けられている既存の Datadog ロールを必ず削除してください。
一般的なアクセス許可の他に、特定のアセットやデータタイプに対しより粒度の高いアクセス許可を定義することもできます。アクセス許可は、グローバルにすることも要素のサブセットに範囲を絞ることもできます。オプションの詳細と利用可能なアクセス許可に対する影響に関しては、以下をご覧ください。
Find below the list of permissions for the api and application keys assets:
| Name | Description | Scopable |
|---|---|---|
user_app_keys | The ability to view and manage Application Keys owned by the user. | false |
org_app_keys_read | The ability to view Application Keys owned by all users in the organization. | false |
org_app_keys_write | The ability to manage Application Keys owned by all users in the organization. | false |
api_keys_read | The ability to list and retrieve the key values of all API Keys in your organization. | false |
api_keys_write | The ability to create, rename, and revoke API Keys for your organization. | false |
Find below the list of permissions for the apm assets:
| Name | Description | Scopable |
|---|---|---|
apm_read | The ability to read and query APM and Trace Analytics. | false |
apm_retention_filter_read | The ability to read trace retention filters. A user with this permission can view the retention filters page, list of filters, their statistics, and creation info. | false |
apm_retention_filter_write | The ability to create, edit and delete trace retention filters. A user with this permission can create new retention filters, and update or delete to existing retention filters. | false |
apm_service_ingest_read | The ability to access Service Ingestion pages. A user with this permission can view the service ingestion page, list of root service, their statistics, and creation info. | false |
apm_service_ingest_write | The ability to edit Service Ingestion pages root services. A user with this permission can edit the root service ingestion and generate a code snippet to increase ingestion per service. | false |
apm_apdex_manage_write | The ability to set Apdex T value on any service. A user with this permission can set the T value from the Apdex graph on the service page. | false |
apm_tag_management_write | The ability to edit second primary tag selection. A user with this permission can modify the second primary tag dropdown in the APM settings page. | false |
apm_primary_operation_write | The ability to edit the operation name value selection. A user with this permission can modify the operation name list in the APM settings page and can modify the operation name controller on the service page. | false |
apm_generate_metrics | The ability to create custom metrics from spans. | false |
Find below the list of permissions for the access management assets:
| Name | Description | Scopable |
|---|---|---|
user_access_invite | Allows users to invite other users to your organization. | false |
user_access_manage | Grants the permission to disable users, manage user roles and SAML-to-role mappings. | false |
data_scanner_read | View data scanner configuration. | false |
data_scanner_write | Edit data scanner configuration. | false |
Find below the list of permissions for the application security assets:
| Name | Description | Scopable |
|---|---|---|
appsec_event_rule_read | The ability to view Application Security Event Rules | false |
appsec_event_rule_write | The ability to edit Application Security Event Rules | false |
Find below the list of permissions for the billing and usage assets:
| Name | Description | Scopable |
|---|---|---|
billing_read | The ability to view your organization's subscription and payment method but not make edits. | false |
billing_edit | The ability to manage your organization's subscription and payment method. | false |
usage_read | The ability to view your organization's usage and usage attribution. | false |
usage_edit | The ability to manage your organization's usage attribution set-up. | false |
Find below the list of permissions for the dashboards assets:
| Name | Description | Scopable |
|---|---|---|
dashboards_read | The ability to view dashboards. | false |
dashboards_write | The ability to create and change dashboards. | false |
dashboards_public_share | The ability to share dashboards externally. | false |
Find below the list of permissions for the incidents assets:
| Name | Description | Scopable |
|---|---|---|
incident_read | The ability to view the Incident App and see incidents. | false |
incident_write | The ability to create, view and manage incidents in the Incident App. | false |
incident_settings_read | The ability to view incidents Settings. | false |
incident_settings_write | The ability to configure incidents Settings. | false |
Find below the list of permissions for the integrations assets:
| Name | Description | Scopable |
|---|---|---|
integrations_api | The ability to use the Integrations APIs to configure Integrations that the user has access to. This permission does not restrict or grant access to Integrations. | false |
Find below the list of permissions for the metrics assets:
| Name | Description | Scopable |
|---|---|---|
metric_tags_write | The ability to edit and save tag configurations for custom metrics. | false |
Find below the list of permissions for the monitors assets:
| Name | Description | Scopable |
|---|---|---|
monitors_read | The ability to view monitors. | false |
monitors_write | The ability to change, mute, and delete individual monitors. | false |
monitors_downtime | The ability to set downtimes for your organization. A user with this permission can suppress alerts from any monitor using a downtime, even if they do not have permission to edit those monitors explicitly. | false |
Find below the list of permissions for the real user monitoring assets:
| Name | Description | Scopable |
|---|---|---|
rum_apps_write | The ability to create, edit, and delete RUM Applications. | false |
rum_apps_read | The ability to view RUM Applications data. | false |
rum_session_replay_read | The ability to view session replays. | false |
Find below the list of permissions for the security monitoring assets:
| Name | Description | Scopable |
|---|---|---|
security_monitoring_rules_read | The ability to read Detection rules. | false |
security_monitoring_rules_write | The ability to create and edit Detection rules. | false |
security_monitoring_signals_read | The ability to view Security signals. | false |
security_monitoring_signals_write | The ability to modify Security signals. | false |
security_monitoring_filters_read | The ability to read Security Filters. | false |
security_monitoring_filters_write | The ability to create, edit and delete Security Filters. | false |
Find below the list of permissions for the synthetic monitoring assets:
| Name | Description | Scopable |
|---|---|---|
synthetics_private_location_read | The ability to view, search and use in tests the list of private locations available. | false |
synthetics_private_location_write | The ability to create and delete private locations as well as seeing the associated installation guidelines. | false |
synthetics_global_variable_read | The ability to view, search and use in tests the list of global variables available for Synthetics. | false |
synthetics_global_variable_write | The ability to create, edit, and delete global variables for Synthetics. | false |
synthetics_read | The ability to list and view configured Synthetic tests. | false |
synthetics_write | The ability to create, edit, and delete Synthetic tests. | false |
synthetics_default_settings_read | The ability to view default settings for Synthetics Monitoring. | false |
synthetics_default_settings_write | The ability to edit default settings for Synthetics Monitoring. | false |
| Name | Description | Scopable |
|---|
お役に立つドキュメント、リンクや記事:
