Datadog ロールのアクセス許可

Datadog ロールのアクセス許可

ロールを作成した後、Datadog でロールを更新するか Datadog Permission API を使用して、このロールへアクセス許可を直接割り当てたり削除したりできます。利用可能なアクセス許可の一覧は次のとおりです。

概要

一般許可

一般許可は、各ロールのユーザーに対して基本的なアクセス権を許可するものです。高度な許可は、一般許可に加えて付与される特定目的の許可を指します。

NameDescriptionScopable

: ロールに adminstandard アクセス許可の両方がないことにより定義されるため、read-only アクセス許可はありません。

高度な許可

デフォルトでは、既存のユーザーは、すぐに使用できる 3 つの Datadog 管理者、標準、または読み取り専用ロールのいずれかにすでに関連付けられているため、すべてのユーザーは全種類のデータを読み取るアクセス許可をすでに持ち、管理者または標準ユーザーはアセットの書き込みアクセス許可をすでに持っています。

: ユーザーに新しいカスタムロールを追加する際、新しいロールのアクセス許可を適用するために、そのユーザーに関連付けられている既存の Datadog ロールを必ず削除してください。

一般的なアクセス許可の他に、特定のアセットやデータタイプに対しより粒度の高いアクセス許可を定義することもできます。アクセス許可は、グローバルにすることも要素のサブセットに範囲を絞ることもできます。オプションの詳細と利用可能なアクセス許可に対する影響に関しては、以下をご覧ください。

API and Application Keys

Find below the list of permissions for the api and application keys assets:

NameDescriptionScopable
user_app_keysThe ability to view and manage Application Keys owned by the user.false
org_app_keys_readThe ability to view Application Keys owned by all users in the organization.false
org_app_keys_writeThe ability to manage Application Keys owned by all users in the organization.false
api_keys_readThe ability to list and retrieve the key values of all API Keys in your organization.false
api_keys_writeThe ability to create, rename, and revoke API Keys for your organization.false

APM

Find below the list of permissions for the apm assets:

NameDescriptionScopable
apm_readThe ability to read and query APM and Trace Analytics.false
apm_retention_filter_readThe ability to read trace retention filters. A user with this permission can view the retention filters page, list of filters, their statistics, and creation info.false
apm_retention_filter_writeThe ability to create, edit and delete trace retention filters. A user with this permission can create new retention filters, and update or delete to existing retention filters.false
apm_service_ingest_readThe ability to access Service Ingestion pages. A user with this permission can view the service ingestion page, list of root service, their statistics, and creation info.false
apm_service_ingest_writeThe ability to edit Service Ingestion pages root services. A user with this permission can edit the root service ingestion and generate a code snippet to increase ingestion per service.false
apm_apdex_manage_writeThe ability to set Apdex T value on any service. A user with this permission can set the T value from the Apdex graph on the service page.false
apm_tag_management_writeThe ability to edit second primary tag selection. A user with this permission can modify the second primary tag dropdown in the APM settings page.false
apm_primary_operation_writeThe ability to edit the operation name value selection. A user with this permission can modify the operation name list in the APM settings page and can modify the operation name controller on the service page.false
apm_generate_metricsThe ability to create custom metrics from spans.false

Access Management

Find below the list of permissions for the access management assets:

NameDescriptionScopable
user_access_inviteAllows users to invite other users to your organization.false
user_access_manageGrants the permission to disable users, manage user roles and SAML-to-role mappings.false
data_scanner_readView data scanner configuration.false
data_scanner_writeEdit data scanner configuration.false

Application Security

Find below the list of permissions for the application security assets:

NameDescriptionScopable
appsec_event_rule_readThe ability to view Application Security Event Rulesfalse
appsec_event_rule_writeThe ability to edit Application Security Event Rulesfalse

Billing and Usage

Find below the list of permissions for the billing and usage assets:

NameDescriptionScopable
billing_readThe ability to view your organization's subscription and payment method but not make edits.false
billing_editThe ability to manage your organization's subscription and payment method.false
usage_readThe ability to view your organization's usage and usage attribution.false
usage_editThe ability to manage your organization's usage attribution set-up.false

Dashboards

Find below the list of permissions for the dashboards assets:

NameDescriptionScopable
dashboards_readThe ability to view dashboards.false
dashboards_writeThe ability to create and change dashboards.false
dashboards_public_shareThe ability to share dashboards externally.false

Incidents

Find below the list of permissions for the incidents assets:

NameDescriptionScopable
incident_readThe ability to view the Incident App and see incidents.false
incident_writeThe ability to create, view and manage incidents in the Incident App.false
incident_settings_readThe ability to view incidents Settings.false
incident_settings_writeThe ability to configure incidents Settings.false

Integrations

Find below the list of permissions for the integrations assets:

NameDescriptionScopable
integrations_apiThe ability to use the Integrations APIs to configure Integrations that the user has access to. This permission does not restrict or grant access to Integrations.false

Metrics

Find below the list of permissions for the metrics assets:

NameDescriptionScopable
metric_tags_writeThe ability to edit and save tag configurations for custom metrics.false

Monitors

Find below the list of permissions for the monitors assets:

NameDescriptionScopable
monitors_readThe ability to view monitors.false
monitors_writeThe ability to change, mute, and delete individual monitors.false
monitors_downtimeThe ability to set downtimes for your organization. A user with this permission can suppress alerts from any monitor using a downtime, even if they do not have permission to edit those monitors explicitly.false

Real User Monitoring

Find below the list of permissions for the real user monitoring assets:

NameDescriptionScopable
rum_apps_writeThe ability to create, edit, and delete RUM Applications.false
rum_apps_readThe ability to view RUM Applications data.false
rum_session_replay_readThe ability to view session replays.false

Security Monitoring

Find below the list of permissions for the security monitoring assets:

NameDescriptionScopable
security_monitoring_rules_readThe ability to read Detection rules.false
security_monitoring_rules_writeThe ability to create and edit Detection rules.false
security_monitoring_signals_readThe ability to view Security signals.false
security_monitoring_signals_writeThe ability to modify Security signals.false
security_monitoring_filters_readThe ability to read Security Filters.false
security_monitoring_filters_writeThe ability to create, edit and delete Security Filters.false

Synthetic Monitoring

Find below the list of permissions for the synthetic monitoring assets:

NameDescriptionScopable
synthetics_private_location_readThe ability to view, search and use in tests the list of private locations available.false
synthetics_private_location_writeThe ability to create and delete private locations as well as seeing the associated installation guidelines.false
synthetics_global_variable_readThe ability to view, search and use in tests the list of global variables available for Synthetics.false
synthetics_global_variable_writeThe ability to create, edit, and delete global variables for Synthetics.false
synthetics_readThe ability to list and view configured Synthetic tests.false
synthetics_writeThe ability to create, edit, and delete Synthetic tests.false
synthetics_default_settings_readThe ability to view default settings for Synthetics Monitoring.false
synthetics_default_settings_writeThe ability to edit default settings for Synthetics Monitoring.false
NameDescriptionScopable

その他の参考資料


\*Log Rehydration は Datadog, Inc. の商標です