승인 범위

범위는 조직의 Datadog 데이터에 대해 애플리케이션이 보유한 세부 액세스를 제한하고 정의할 수 있는 승인 메커니즘입니다. 사용자나 서비스 계정을 대신해 액세스가 승인되면 애플리케이션은 명시적으로 요청된 정보에만 액세스할 수 없습니다.

애플리케이션 범위를 지정하는 모범 사례는 최소한의 권한만 유지하는 것입니다. 또한 의도된 기능만 수행하도록 애플리케이션에 필요한 가장 제한적인 범위를 설정하는 것입니다. 이를 통해 사용자는 애플리케이션에 대해 세분화된 액세스 권한을 활용하고 애플리케이션이 데이터를 활용하는 방법에 대한 투명성을 확보할 수 있습니다. 예를 들어, 대시보드 데이터만 읽는 타사 애플리케이션은 조직 내 사용자를 삭제하고 관리할 수 있는 권한이 필요하지 않습니다.

Datadog를 사용해 두 가지 방법으로 범위를 사용할 수 있습니다.

API Management

Scope name

Description

Endpoints that require this scope

apm_api_catalog_read

View API catalog and API definitions.

apm_api_catalog_write

Add, modify, and delete API catalog definitions.

CI Visibility Pipelines, CI Visibility Tests

Case Management

Cloud Cost Management

Dashboard Lists, Dashboards, Powerpack

Domain Allowlist, IP Allowlist

Scope name

Description

Endpoints that require this scope

org_management

Edit org configurations, including authentication and certain security preferences such as configuring SAML, renaming an org, configuring allowed login methods, creating child orgs, subscribing & unsubscribing from apps in the marketplace, and enabling & disabling Remote Configuration for the entire organization.

Downtimes, Monitors

Events

Scope name

Description

Endpoints that require this scope

Hosts

Scope name

Description

Endpoints that require this scope

Incident Services, Incident Teams, Incidents

Metrics

Roles, Users

Scope name

Description

Endpoints that require this scope

user_access_invite

Invite other users to your organization.

Security Monitoring

Scope name

Description

Endpoints that require this scope

security_monitoring_filters_read

Read Security Filters.

security_monitoring_filters_write

Create, edit, and delete Security Filters.

security_monitoring_findings_read

View a list of findings that include both misconfigurations and identity risks.

security_monitoring_signals_write

Edit Security Signals.

security_monitoring_suppressions_read

Read Rule Suppressions.

security_monitoring_suppressions_write

Write Rule Suppressions.

Service Definition, Service Scorecards, Software Catalog

Scope name

Description

Endpoints that require this scope

Service Level Objective Corrections, Service Level Objectives

Scope name

Description

Endpoints that require this scope

slos_corrections

Apply, edit, and delete SLO status corrections. A user with this permission can make status corrections, even if they do not have permission to edit those SLOs.

Spans

Scope name

Description

Endpoints that require this scope

apm_read

Read and query APM and Trace Analytics.

Synthetics

Scope name

Description

Endpoints that require this scope

synthetics_global_variable_read

View, search, and use Synthetics global variables.

synthetics_global_variable_write

Create, edit, and delete global variables for Synthetics.

synthetics_private_location_read

View, search, and use Synthetics private locations.

synthetics_private_location_write

Create and delete private locations in addition to having access to the associated installation guidelines.

Teams

Scope name

Description

Endpoints that require this scope

teams_manage

Manage Teams. Create, delete, rename, and edit metadata of all Teams. To control Team membership across all Teams, use the User Access Manage permission.

Usage Metering

Scope name

Description

Endpoints that require this scope

usage_read

View your organization's usage and usage attribution.

Get hourly usage for analyzed logs
Get hourly usage for audit logs
Get hourly usage for Lambda
Get billable usage across your account
Get hourly usage for CI visibility
Get hourly usage for CSM Pro
Get hourly usage for cloud workload security
Get hourly usage for database monitoring
Get hourly usage for Fargate
Get hourly usage for hosts and containers
Get hourly usage attribution
Get hourly usage for incident management
Get hourly usage for indexed spans
Get hourly usage for ingested spans
Get hourly usage for IoT
Get hourly usage for logs
Get hourly logs usage by retention
Get hourly usage for logs by index
Get monthly usage attribution
get hourly usage for network flows
Get hourly usage for network hosts
Get hourly usage for online archive
Get hourly usage for profiled hosts
Get hourly usage for RUM units
Get hourly usage for RUM sessions
Get hourly usage for sensitive data scanner
Get hourly usage for SNMP devices
Get usage across your account
Get hourly usage for synthetics checks
Get hourly usage for synthetics API checks
Get hourly usage for synthetics browser checks
Get hourly usage for custom metrics
Get all custom metrics by hourly average
Get active billing dimensions for cost attribution
Get Monthly Cost Attribution
Get hourly usage for application security
Get billing dimension mapping for usage endpoints
Get cost across multi-org account
Get estimated cost across your account
Get historical cost across your account
Get hourly usage by product family
Get hourly usage for Lambda traced invocations
Get hourly usage for observability pipelines
Get projected cost across your account

Webhooks Integration

Scope name

Description

Endpoints that require this scope

create_webhooks

Create webhooks integrations.

Workflow Automation

Scope name

Description

Endpoints that require this scope