- 重要な情報
- はじめに
- 用語集
- ガイド
- エージェント
- インテグレーション
- OpenTelemetry
- 開発者
- API
- CoScreen
- アプリ内
- Service Management
- インフラストラクチャー
- アプリケーションパフォーマンス
- 継続的インテグレーション
- ログ管理
- セキュリティ
- UX モニタリング
- 管理
スコープは、アプリケーションが組織の Datadog データにアクセスする際の粒度を制限し、定義できるようにするための認可メカニズムです。ユーザーやサービスアカウントの代わりにアクセスを許可されると、アプリケーションは明示的に要求された情報のみにアクセスでき、それ以上にはアクセスできません。
アプリケーションのスコープに関するベストプラクティスは、アプリケーションが意図したとおりに機能するために必要な最小限の特権と最も制限の多いスコープを維持することです。これにより、ユーザーはアプリケーションへのきめ細かなアクセス制御が可能になり、アプリケーションがどのようにデータを使用しているかが透けて見えるようになります。たとえば、ダッシュボードのデータを読み取るだけのサードパーティアプリケーションには、組織内のユーザーを削除または管理する権限は必要ありません。
Datadog では、次の 2 つの方法でスコープを使用することができます。
Scope name
Description
Endpoints that require this scope
user_access_manage
Disable users, manage user roles, manage SAML-to-role mappings, and configure logs restriction queries.
user_access_read
View users and their roles and settings.
user_access_invite
Invite other users to your organization.
Scope name
Description
Endpoints that require this scope
ci_visibility_read
View CI Visibility.
Scope name
Description
Endpoints that require this scope
dashboards_public_share
Generate public and authenticated links to share dashboards or embeddable graphs externally.
Scope name
Description
Endpoints that require this scope
monitors_downtime
Set downtimes to suppress alerts from any monitor in an organization. Mute and unmute hosts. The ability to write monitors is not required to set downtimes.
monitors_write
Edit and delete individual monitors.
Scope name
Description
Endpoints that require this scope
Scope name
Description
Endpoints that require this scope
incident_read
View incidents in Datadog.
incident_settings_write
Configure Incident Settings.
incident_write
Create, view, and manage incidents in Datadog.
Scope name
Description
Endpoints that require this scope
timeseries_query
Query Timeseries data.
Scope name
Description
Endpoints that require this scope
security_monitoring_filters_write
Create, edit, and delete Security Filters.
security_monitoring_rules_write
Create and edit Detection Rules.
security_monitoring_signals_read
View Security Signals.
Scope name
Description
Endpoints that require this scope
apm_service_catalog_read
View service catalog and service definitions.
apm_service_catalog_write
Add, modify, and delete service catalog definitions when those definitions are maintained by Datadog.
Scope name
Description
Endpoints that require this scope
slos_corrections
Apply, edit, and delete SLO status corrections. A user with this permission can make status corrections, even if they do not have permission to edit those SLOs.
slos_read
View SLOs and status corrections.
slos_write
Create, edit, and delete SLOs.
Scope name
Description
Endpoints that require this scope
synthetics_global_variable_read
View, search, and use Synthetics global variables.
synthetics_global_variable_write
Create, edit, and delete global variables for Synthetics.
synthetics_private_location_read
View, search, and use Synthetics private locations.
synthetics_private_location_write
Create and delete private locations in addition to having access to the associated installation guidelines.
synthetics_read
List and view configured Synthetic tests and test results.
synthetics_write
Create, edit, and delete Synthetic tests.
Scope name
Description
Endpoints that require this scope
teams_manage
Manage Teams. Create, delete, rename, and edit metadata of all Teams. To control Team membership across all Teams, use the User Access Manage permission.
teams_read
Read Teams data. A User with this permission can view Team names, metadata, and which Users are on each Team.
Scope name
Description
Endpoints that require this scope
usage_read
View your organization's usage and usage attribution.
Scope name
Description
Endpoints that require this scope