How to use Terraform to restrict the editing of a dashboard

このページは日本語には対応しておりません。随時翻訳に取り組んでいます。翻訳に関してご質問やご意見ございましたら、お気軽にご連絡ください。

Restricting a dashboard using the restricted_roles attribute

The restricted_roles attribute can be used to restrict editing of the dashboard to specific roles. The field takes a list of IDs of roles, and authorizes any associated users.

Example usage:

resource "datadog_dashboard" "example" {
  title         = "Example dashboard"
  restricted_roles = ["<role_id_1>", "<role_id_2>"]
}

Note: The is_read_only attribute is deprecated. It is recommended to use the restricted_roles attribute or restriction policies to manage access to your dashboards.

Restricting a dashboard using a restriction policy

Restriction policies are in private beta. Contact Datadog Support or your Customer Success Manager for access.

Restriction Policies allow you to restrict the editing of dashboards and other resources to specific principals, including roles, teams, users, and service accounts.

Example usage:

resource "datadog_dashboard" "example" {
  title         = "Example dashboard"
  # Do not use restricted_roles or is_read_only attributes
}

resource "datadog_restriction_policy" "example" {
 resource_id = "dashboard:${datadog_dashboard.example.id}"
  bindings {
     principals = ["org:<org_id>"]
     relation = "viewer"
  }
  bindings {
     principals = ["role:<role_id_1>", "role:<role_id_2>"]
     relation = "editor"
  }
}

Role IDs can be retrieved from the Roles API, Roles UI, or by using the role ID defined in Terraform for datadog_role resources.

Org ID can be obtained from the GET /api/v2/current_user API request. Find it in the data.relationships.org.data.id field.