Language

Français English 日本語 한국어 Español

Datadog Site

Site help
US1 US3 US5 EU AP1 AP2 US1-FED US2-FED

Portées d’autorisation pour les clients OAuth

Les portées sont un mécanisme d’autorisation qui permet de contrôler et de restreindre précisément l’accès des applications aux données d’une organisation dans Datadog. Lorsqu’une application est autorisée à accéder aux données pour le compte d’un utilisateur ou d’un compte de service, elle ne peut consulter que les informations explicitement permises par les portées qui lui sont assignées.

Cette page répertorie uniquement les portées d'autorisation pouvant être attribuées aux clients OAuth. Pour consulter la liste complète des autorisations attribuables aux clés d'application avec portée, consultez la page Autorisations des rôles Datadog
  • Clients OAuth → Peuvent uniquement se voir attribuer des portées d'autorisation (ensemble limité).
  • Clés d'application avec portée → Peuvent se voir attribuer n'importe quelle autorisation Datadog.

La meilleure pratique pour définir la portée des applications consiste à suivre le principe du moindre privilège. Attribuez uniquement les portées minimales nécessaires au bon fonctionnement de l’application. Cela renforce la sécurité et permet de mieux comprendre comment les applications interagissent avec les données de votre organisation. Par exemple, une application tierce qui se contente de lire des dashboards n’a pas besoin d’autorisations pour supprimer ou gérer des utilisateurs.

Vous pouvez utiliser les portées d’autorisation avec des clients OAuth2 pour vos applications Datadog.

API Management, Synthetics

Scope name

Description

Endpoints that require this scope

apm_api_catalog_read

View API catalog and API definitions.

Get all global variables
List APIs
Get an API

apm_api_catalog_write

Add, modify, and delete API catalog definitions.

Delete an API
Update an API
Create a new API

synthetics_global_variable_read

View, search, and use Synthetics global variables.

Get all global variables
Get a global variable

synthetics_global_variable_write

Create, edit, and delete global variables for Synthetics.

Create a global variable
Delete a global variable
Edit a global variable

synthetics_private_location_read

View, search, and use Synthetics private locations.

Get all locations (public and private)
Get a private location

synthetics_private_location_write

Create and delete private locations in addition to having access to the associated installation guidelines.

Create a private location
Delete a private location
Edit a private location

synthetics_read

List and view configured Synthetic tests and test results.

Get details of batch
Get the list of all Synthetic tests
Get an API test
Get a browser test
Get a browser test's latest results summaries
Get a browser test result
Get a mobile test
Search Synthetic tests
Fetch uptime for multiple tests
Get a test configuration
Get an API test's latest results summaries
Get an API test result
Get available subtests for a multistep test
Get parent tests for a subtest
Search test suites
Get a suite
Get a browser test's latest results
Get a browser test result
Get a fast test result
Get a Network Path test
Poll for test results
Get a presigned URL for downloading a test file
Get parent suites for a test
Get a test's latest results
Get a test result
Get version history of a test
Get a specific version of a test

synthetics_write

Create, edit, and delete Synthetic tests.

Create a test
Create an API test
Edit an API test
Create a browser test
Edit a browser test
Delete tests
Create a mobile test
Edit a mobile test
Trigger Synthetic tests
Trigger tests from CI/CD pipelines
Patch a Synthetic test
Edit a test
Pause or start a test
Create a test suite
Bulk delete suites
Edit a test suite
Patch a test suite
Bulk delete tests
Create a Network Path test
Edit a Network Path test
Get presigned URLs for uploading a test file
Abort a multipart upload of a test file
Complete a multipart upload of a test file

APM, Spans

Scope name

Description

Endpoints that require this scope

apm_read

Read and query APM and Trace Analytics.

Get service list
Aggregate spans
Get a list of spans
Search spans

Agentless Scanning, Compliance, Domain Allowlist, IP Allowlist, Monitors, Org Connections, Organizations, Security Monitoring

Scope name

Description

Endpoints that require this scope

org_management

Edit org configurations, including authentication and certain security preferences such as configuring SAML, renaming an org, configuring allowed login methods, creating child orgs, subscribing & unsubscribing from apps in the marketplace, and enabling & disabling Remote Configuration for the entire organization.

Create AWS scan options
Delete AWS scan options
Update AWS scan options
Create Azure scan options
Delete Azure scan options
Update Azure scan options
Create GCP scan options
Delete GCP scan options
Update GCP scan options
Create AWS on demand task
Get Domain Allowlist
Sets Domain Allowlist
Get IP Allowlist
Update IP Allowlist
List your managed organizations

security_monitoring_findings_read

View a list of findings that include both misconfigurations and identity risks.

List AWS scan options
Get AWS scan options
List Azure scan options
Get Azure scan options
List GCP scan options
Get GCP scan options
List AWS on demand tasks
Get AWS on demand task
Get the rule-based view of compliance findings
List findings
Get a finding
List security findings
Search security findings

monitors_write

Edit, delete, and resolve individual monitors.

Create a monitor
Delete a monitor
Edit a monitor
Mute a monitor
Unmute a monitor
Get Domain Allowlist
Sets Domain Allowlist

monitors_read

View monitors.

Get all downtimes
Get a downtime
Get all monitors
Check if a monitor can be deleted
Monitors group search
Monitors search
Validate a monitor
Get a monitor's details
Get active downtimes for a monitor
Validate an existing monitor
Get all monitor notification rules
Get a monitor notification rule
Get all monitor configuration policies
Get a monitor configuration policy
Get all monitor user templates
Get a monitor user template

org_connections_read

Read cross organization connections.

List Org Connections

org_connections_write

Create, edit, and delete cross organization connections.

List your managed organizations
Create Org Connection
Delete Org Connection
Update Org Connection

code_analysis_read

View Code Analysis.

Post dependencies for analysis
POST request to resolve vulnerable symbols
List codegen rulesets
List Custom Rulesets
Create Custom Ruleset
Get default rulesets for a language
Ruleset get multiple
Get a SAST ruleset
Returns a list of Secrets rules
Analyze code
Get AST for source code
Get node types for a language
Get tree-sitter WASM file

integrations_read

View configured integrations and their settings.

List entity context sync configurations
Validate entity context sync credentials
Get an entity context sync configuration
Validate an entity context sync configuration

logs_modify_indexes

Modify log indexes, filters, exclusion filters, and configurations.

Subscribe to sample log generation
Bulk subscribe to sample log generation
Unsubscribe from sample log generation

logs_read_index_data

Read indexed log data.

Get sample log generation subscriptions

manage_integrations

Install, uninstall, and configure integrations.

Create an entity context sync configuration
Delete an entity context sync configuration
Update an entity context sync configuration

security_monitoring_critical_assets_read

Read Critical Assets.

Get all critical assets
Get critical assets affecting a specific rule
Get a critical asset

security_monitoring_critical_assets_write

Write Critical Assets.

Create a critical asset
Delete a critical asset
Update a critical asset

security_monitoring_filters_read

Read Security Filters.

List resource filters
Get all security filters
Get the version history of security filters
Get a security filter
Get content pack states
Get sample log generation subscriptions

security_monitoring_filters_write

Create, edit, and delete Security Filters.

Update resource filters
Create a security filter
Delete a security filter
Update a security filter
Activate content pack
Deactivate content pack
Subscribe to sample log generation
Bulk subscribe to sample log generation
Unsubscribe from sample log generation

security_monitoring_rules_read

Read Detection Rules.

Create a custom framework
Delete a custom framework
Get a custom framework
Update a custom framework
List datasets
Get dataset dependencies
Get a dataset
Get a dataset at a specific version
Get the version history of a dataset
List rules
Bulk export security monitoring rules
Get a rule's details
Convert an existing rule from JSON to Terraform
Get investigation queries for a signal
Get suggested actions for a signal
Export security monitoring resources to Terraform
Convert security monitoring resource to Terraform
Export security monitoring resource to Terraform
Get a job's details

security_monitoring_rules_write

Create and edit Detection Rules.

Create a custom framework
Delete a custom framework
Update a custom framework
Create a dataset
Delete a dataset
Update a dataset
Create a detection rule
Bulk delete security monitoring rules
Convert a rule from JSON to Terraform
Test a rule
Validate a detection rule
Delete an existing rule
Update an existing rule
Test an existing rule
Run a historical job
Cancel a historical job

security_monitoring_signals_read

View Security Signals.

List indicators of compromise
Get an indicator of compromise
Get a quick list of security signals
Get a list of security signals
Get a signal's details
Get entities related to a signal
Get investigation queries for a signal
Get suggested actions for a signal
List hist signals
Search hist signals
Get a hist signal's details
Get a job's hist signals

security_monitoring_suppressions_read

Read Rule Suppressions.

Get all suppression rules
Get suppressions affecting future rule
Get suppressions affecting a specific rule
Get a suppression rule
Get a suppression's version history
Export security monitoring resources to Terraform
Convert security monitoring resource to Terraform
Export security monitoring resource to Terraform

security_monitoring_suppressions_write

Write Rule Suppressions.

Create a suppression rule
Validate a suppression rule
Delete a suppression rule
Update a suppression rule

siem_entities_read

View Cloud SIEM entities.

Get entity context

Agentless Scanning, Compliance, Domain Allowlist, IP Allowlist, Organizations, Security Monitoring, Static Analysis

Scope name

Description

Endpoints that require this scope

org_management

Edit org configurations, including authentication and certain security preferences such as configuring SAML, renaming an org, configuring allowed login methods, creating child orgs, subscribing & unsubscribing from apps in the marketplace, and enabling & disabling Remote Configuration for the entire organization.

Create AWS scan options
Delete AWS scan options
Update AWS scan options
Create Azure scan options
Delete Azure scan options
Update Azure scan options
Create GCP scan options
Delete GCP scan options
Update GCP scan options
Create AWS on demand task
Get Domain Allowlist
Sets Domain Allowlist
Get IP Allowlist
Update IP Allowlist
List your managed organizations

security_monitoring_findings_read

View a list of findings that include both misconfigurations and identity risks.

List AWS scan options
Get AWS scan options
List Azure scan options
Get Azure scan options
List GCP scan options
Get GCP scan options
List AWS on demand tasks
Get AWS on demand task
Get the rule-based view of compliance findings
List findings
Get a finding
List security findings
Search security findings

monitors_write

Edit, delete, and resolve individual monitors.

Create a monitor
Delete a monitor
Edit a monitor
Mute a monitor
Unmute a monitor
Get Domain Allowlist
Sets Domain Allowlist

org_connections_write

Create, edit, and delete cross organization connections.

List your managed organizations
Create Org Connection
Delete Org Connection
Update Org Connection

code_analysis_read

View Code Analysis.

Post dependencies for analysis
POST request to resolve vulnerable symbols
List codegen rulesets
List Custom Rulesets
Create Custom Ruleset
Get default rulesets for a language
Ruleset get multiple
Get a SAST ruleset
Returns a list of Secrets rules
Analyze code
Get AST for source code
Get node types for a language
Get tree-sitter WASM file

integrations_read

View configured integrations and their settings.

List entity context sync configurations
Validate entity context sync credentials
Get an entity context sync configuration
Validate an entity context sync configuration

logs_modify_indexes

Modify log indexes, filters, exclusion filters, and configurations.

Subscribe to sample log generation
Bulk subscribe to sample log generation
Unsubscribe from sample log generation

logs_read_index_data

Read indexed log data.

Get sample log generation subscriptions

manage_integrations

Install, uninstall, and configure integrations.

Create an entity context sync configuration
Delete an entity context sync configuration
Update an entity context sync configuration

security_monitoring_critical_assets_read

Read Critical Assets.

Get all critical assets
Get critical assets affecting a specific rule
Get a critical asset

security_monitoring_critical_assets_write

Write Critical Assets.

Create a critical asset
Delete a critical asset
Update a critical asset

security_monitoring_filters_read

Read Security Filters.

List resource filters
Get all security filters
Get the version history of security filters
Get a security filter
Get content pack states
Get sample log generation subscriptions

security_monitoring_filters_write

Create, edit, and delete Security Filters.

Update resource filters
Create a security filter
Delete a security filter
Update a security filter
Activate content pack
Deactivate content pack
Subscribe to sample log generation
Bulk subscribe to sample log generation
Unsubscribe from sample log generation

security_monitoring_rules_read

Read Detection Rules.

Create a custom framework
Delete a custom framework
Get a custom framework
Update a custom framework
List datasets
Get dataset dependencies
Get a dataset
Get a dataset at a specific version
Get the version history of a dataset
List rules
Bulk export security monitoring rules
Get a rule's details
Convert an existing rule from JSON to Terraform
Get investigation queries for a signal
Get suggested actions for a signal
Export security monitoring resources to Terraform
Convert security monitoring resource to Terraform
Export security monitoring resource to Terraform
Get a job's details

security_monitoring_rules_write

Create and edit Detection Rules.

Create a custom framework
Delete a custom framework
Update a custom framework
Create a dataset
Delete a dataset
Update a dataset
Create a detection rule
Bulk delete security monitoring rules
Convert a rule from JSON to Terraform
Test a rule
Validate a detection rule
Delete an existing rule
Update an existing rule
Test an existing rule
Run a historical job
Cancel a historical job

security_monitoring_signals_read

View Security Signals.

List indicators of compromise
Get an indicator of compromise
Get a quick list of security signals
Get a list of security signals
Get a signal's details
Get entities related to a signal
Get investigation queries for a signal
Get suggested actions for a signal
List hist signals
Search hist signals
Get a hist signal's details
Get a job's hist signals

security_monitoring_suppressions_read

Read Rule Suppressions.

Get all suppression rules
Get suppressions affecting future rule
Get suppressions affecting a specific rule
Get a suppression rule
Get a suppression's version history
Export security monitoring resources to Terraform
Convert security monitoring resource to Terraform
Export security monitoring resource to Terraform

security_monitoring_suppressions_write

Write Rule Suppressions.

Create a suppression rule
Validate a suppression rule
Delete a suppression rule
Update a suppression rule

siem_entities_read

View Cloud SIEM entities.

Get entity context

Agentless Scanning, Compliance, Security Monitoring, Static Analysis

Scope name

Description

Endpoints that require this scope

org_management

Edit org configurations, including authentication and certain security preferences such as configuring SAML, renaming an org, configuring allowed login methods, creating child orgs, subscribing & unsubscribing from apps in the marketplace, and enabling & disabling Remote Configuration for the entire organization.

Create AWS scan options
Delete AWS scan options
Update AWS scan options
Create Azure scan options
Delete Azure scan options
Update Azure scan options
Create GCP scan options
Delete GCP scan options
Update GCP scan options
Create AWS on demand task
Get Domain Allowlist
Sets Domain Allowlist
Get IP Allowlist
Update IP Allowlist
List your managed organizations

security_monitoring_findings_read

View a list of findings that include both misconfigurations and identity risks.

List AWS scan options
Get AWS scan options
List Azure scan options
Get Azure scan options
List GCP scan options
Get GCP scan options
List AWS on demand tasks
Get AWS on demand task
Get the rule-based view of compliance findings
List findings
Get a finding
List security findings
Search security findings

code_analysis_read

View Code Analysis.

Post dependencies for analysis
POST request to resolve vulnerable symbols
List codegen rulesets
List Custom Rulesets
Create Custom Ruleset
Get default rulesets for a language
Ruleset get multiple
Get a SAST ruleset
Returns a list of Secrets rules
Analyze code
Get AST for source code
Get node types for a language
Get tree-sitter WASM file

integrations_read

View configured integrations and their settings.

List entity context sync configurations
Validate entity context sync credentials
Get an entity context sync configuration
Validate an entity context sync configuration

logs_modify_indexes

Modify log indexes, filters, exclusion filters, and configurations.

Subscribe to sample log generation
Bulk subscribe to sample log generation
Unsubscribe from sample log generation

logs_read_index_data

Read indexed log data.

Get sample log generation subscriptions

manage_integrations

Install, uninstall, and configure integrations.

Create an entity context sync configuration
Delete an entity context sync configuration
Update an entity context sync configuration

security_monitoring_critical_assets_read

Read Critical Assets.

Get all critical assets
Get critical assets affecting a specific rule
Get a critical asset

security_monitoring_critical_assets_write

Write Critical Assets.

Create a critical asset
Delete a critical asset
Update a critical asset

security_monitoring_filters_read

Read Security Filters.

List resource filters
Get all security filters
Get the version history of security filters
Get a security filter
Get content pack states
Get sample log generation subscriptions

security_monitoring_filters_write

Create, edit, and delete Security Filters.

Update resource filters
Create a security filter
Delete a security filter
Update a security filter
Activate content pack
Deactivate content pack
Subscribe to sample log generation
Bulk subscribe to sample log generation
Unsubscribe from sample log generation

security_monitoring_rules_read

Read Detection Rules.

Create a custom framework
Delete a custom framework
Get a custom framework
Update a custom framework
List datasets
Get dataset dependencies
Get a dataset
Get a dataset at a specific version
Get the version history of a dataset
List rules
Bulk export security monitoring rules
Get a rule's details
Convert an existing rule from JSON to Terraform
Get investigation queries for a signal
Get suggested actions for a signal
Export security monitoring resources to Terraform
Convert security monitoring resource to Terraform
Export security monitoring resource to Terraform
Get a job's details

security_monitoring_rules_write

Create and edit Detection Rules.

Create a custom framework
Delete a custom framework
Update a custom framework
Create a dataset
Delete a dataset
Update a dataset
Create a detection rule
Bulk delete security monitoring rules
Convert a rule from JSON to Terraform
Test a rule
Validate a detection rule
Delete an existing rule
Update an existing rule
Test an existing rule
Run a historical job
Cancel a historical job

security_monitoring_signals_read

View Security Signals.

List indicators of compromise
Get an indicator of compromise
Get a quick list of security signals
Get a list of security signals
Get a signal's details
Get entities related to a signal
Get investigation queries for a signal
Get suggested actions for a signal
List hist signals
Search hist signals
Get a hist signal's details
Get a job's hist signals

security_monitoring_suppressions_read

Read Rule Suppressions.

Get all suppression rules
Get suppressions affecting future rule
Get suppressions affecting a specific rule
Get a suppression rule
Get a suppression's version history
Export security monitoring resources to Terraform
Convert security monitoring resource to Terraform
Export security monitoring resource to Terraform

security_monitoring_suppressions_write

Write Rule Suppressions.

Create a suppression rule
Validate a suppression rule
Delete a suppression rule
Update a suppression rule

siem_entities_read

View Cloud SIEM entities.

Get entity context

Agentless Scanning, Domain Allowlist, Downtimes, IP Allowlist, Monitors, Organizations

Scope name

Description

Endpoints that require this scope

org_management

Edit org configurations, including authentication and certain security preferences such as configuring SAML, renaming an org, configuring allowed login methods, creating child orgs, subscribing & unsubscribing from apps in the marketplace, and enabling & disabling Remote Configuration for the entire organization.

Create AWS scan options
Delete AWS scan options
Update AWS scan options
Create Azure scan options
Delete Azure scan options
Update Azure scan options
Create GCP scan options
Delete GCP scan options
Update GCP scan options
Create AWS on demand task
Get Domain Allowlist
Sets Domain Allowlist
Get IP Allowlist
Update IP Allowlist
List your managed organizations

security_monitoring_findings_read

View a list of findings that include both misconfigurations and identity risks.

List AWS scan options
Get AWS scan options
List Azure scan options
Get Azure scan options
List GCP scan options
Get GCP scan options
List AWS on demand tasks
Get AWS on demand task
Get the rule-based view of compliance findings
List findings
Get a finding
List security findings
Search security findings

monitors_write

Edit, delete, and resolve individual monitors.

Create a monitor
Delete a monitor
Edit a monitor
Mute a monitor
Unmute a monitor
Get Domain Allowlist
Sets Domain Allowlist

monitors_downtime

Set downtimes to suppress alerts from any monitor in an organization. Mute and unmute monitors. The ability to write monitors is not required to set downtimes.

Schedule a downtime
Cancel downtimes by scope
Cancel a downtime
Update a downtime
Get all downtimes
Schedule a downtime
Cancel a downtime
Get a downtime
Update a downtime
Get active downtimes for a monitor

monitors_read

View monitors.

Get all downtimes
Get a downtime
Get all monitors
Check if a monitor can be deleted
Monitors group search
Monitors search
Validate a monitor
Get a monitor's details
Get active downtimes for a monitor
Validate an existing monitor
Get all monitor notification rules
Get a monitor notification rule
Get all monitor configuration policies
Get a monitor configuration policy
Get all monitor user templates
Get a monitor user template

org_connections_write

Create, edit, and delete cross organization connections.

List your managed organizations
Create Org Connection
Delete Org Connection
Update Org Connection

Agentless Scanning, Domain Allowlist, IP Allowlist, Org Connections, Organizations

Scope name

Description

Endpoints that require this scope

org_management

Edit org configurations, including authentication and certain security preferences such as configuring SAML, renaming an org, configuring allowed login methods, creating child orgs, subscribing & unsubscribing from apps in the marketplace, and enabling & disabling Remote Configuration for the entire organization.

Create AWS scan options
Delete AWS scan options
Update AWS scan options
Create Azure scan options
Delete Azure scan options
Update Azure scan options
Create GCP scan options
Delete GCP scan options
Update GCP scan options
Create AWS on demand task
Get Domain Allowlist
Sets Domain Allowlist
Get IP Allowlist
Update IP Allowlist
List your managed organizations

security_monitoring_findings_read

View a list of findings that include both misconfigurations and identity risks.

List AWS scan options
Get AWS scan options
List Azure scan options
Get Azure scan options
List GCP scan options
Get GCP scan options
List AWS on demand tasks
Get AWS on demand task
Get the rule-based view of compliance findings
List findings
Get a finding
List security findings
Search security findings

monitors_write

Edit, delete, and resolve individual monitors.

Create a monitor
Delete a monitor
Edit a monitor
Mute a monitor
Unmute a monitor
Get Domain Allowlist
Sets Domain Allowlist

org_connections_read

Read cross organization connections.

List Org Connections

org_connections_write

Create, edit, and delete cross organization connections.

List your managed organizations
Create Org Connection
Delete Org Connection
Update Org Connection

Bits AI

Scope name

Description

Endpoints that require this scope

bits_investigations_read

View Bits AI investigations.

List Bits AI investigations
Get a Bits AI investigation

bits_investigations_write

Create and manage Bits AI investigations.

Trigger a Bits AI investigation

CI Visibility Pipelines, CI Visibility Tests, Test Optimization

Scope name

Description

Endpoints that require this scope

ci_visibility_read

View CI Visibility.

Aggregate pipelines events
Get a list of pipelines events
Search pipelines events
Aggregate tests events
Get a list of tests events
Search tests events

test_optimization_read

View Test Optimization.

Get Flaky Tests Management policies
Get Test Optimization service settings
Aggregate tests events
Get a list of tests events
Search tests events
Search flaky tests

test_optimization_settings_write

Update service settings in Test Optimization.

Update Flaky Tests Management policies
Delete Test Optimization service settings
Update Test Optimization service settings

test_optimization_write

Update flaky tests from Flaky Tests Management of Test Optimization.

Update flaky test states

CI Visibility Tests, Test Optimization

Scope name

Description

Endpoints that require this scope

ci_visibility_read

View CI Visibility.

Aggregate pipelines events
Get a list of pipelines events
Search pipelines events
Aggregate tests events
Get a list of tests events
Search tests events

test_optimization_read

View Test Optimization.

Get Flaky Tests Management policies
Get Test Optimization service settings
Aggregate tests events
Get a list of tests events
Search tests events
Search flaky tests

test_optimization_settings_write

Update service settings in Test Optimization.

Update Flaky Tests Management policies
Delete Test Optimization service settings
Update Test Optimization service settings

test_optimization_write

Update flaky tests from Flaky Tests Management of Test Optimization.

Update flaky test states

Case Management Attribute, Case Management Type

Scope name

Description

Endpoints that require this scope

cases_shared_settings_write

Update shared case management settings.

Update a case type
Update custom attribute config

Case Management, Change Management, Error Tracking, Scorecards

Scope name

Description

Endpoints that require this scope

cases_read

View Cases.

Search cases
Aggregate cases
Count cases
List case links
Get all projects
List project favorites
Get the details of a project
Get notification rules
List automation rules
Get an automation rule
List case views
Get a case view
Get the details of a case
Get case timeline
List case watchers
Get a change request
Remove the assignee of an issue
Update the assignee of an issue
List all campaigns
Get a campaign

cases_write

Create and update cases.

Create a case
Bulk update cases
Create a case link
Delete a case link
Create a project
Remove a project
Update a project
Unfavorite a project
Favorite a project
Create a notification rule
Delete a notification rule
Update a notification rule
Create an automation rule
Delete an automation rule
Update an automation rule
Disable an automation rule
Enable an automation rule
Create a case view
Delete a case view
Update a case view
Archive case
Assign case
Update case attributes
Update case comment
Delete custom attribute from case
Update case custom attribute
Update case description
Update case due date
Remove insights from a case
Add insights to a case
Update case priority
Link incident to case
Remove Jira issue link from case
Link existing Jira issue to case
Create Jira issue for case
Create investigation notebook for case
Update case project
Create ServiceNow ticket for case
Update case resolved reason
Update case status
Update case title
Unarchive case
Unassign case
Unwatch a case
Watch a case
Create a change request
Update a change request
Create a change request branch
Delete a change request decision
Update a change request decision
Remove the assignee of an issue
Update the assignee of an issue
Create a new campaign
Delete a campaign
Update a campaign

event_correlation_config_read

View event correlation configurations.

List maintenance windows

event_correlation_config_write

Create and update event correlation configurations.

Create a maintenance window
Delete a maintenance window
Update a maintenance window

error_tracking_read

Read Error Tracking data.

Search error tracking issues
Get the details of an error tracking issue
Remove the assignee of an issue
Update the assignee of an issue
Update the state of an issue

error_tracking_write

Edit Error Tracking issues.

Remove the assignee of an issue
Update the assignee of an issue
Update the state of an issue

apm_service_catalog_read

View service catalog and service definitions.

Get a list of entities
Preview catalog entities
Get a list of entity kinds
Get a list of entity relations
List all campaigns
Get a campaign
List all rule outcomes
List all rules
List all scorecards
List all scores
Get all service definitions
Get a single service definition

apm_service_catalog_write

Add, modify, and delete service catalog definitions when those definitions are maintained by Datadog.

Create or update entities
Delete a single entity
Create or update kinds
Delete a single kind
Create a new campaign
Delete a campaign
Update a campaign
Update Scorecard outcomes
Create outcomes batch
Create a new rule
Delete a rule
Update an existing scorecard rule
Create or update service definition
Delete a single service definition

Case Management, Change Management, Error Tracking, Scorecards, Service Definition, Software Catalog

Scope name

Description

Endpoints that require this scope

cases_read

View Cases.

Search cases
Aggregate cases
Count cases
List case links
Get all projects
List project favorites
Get the details of a project
Get notification rules
List automation rules
Get an automation rule
List case views
Get a case view
Get the details of a case
Get case timeline
List case watchers
Get a change request
Remove the assignee of an issue
Update the assignee of an issue
List all campaigns
Get a campaign

cases_write

Create and update cases.

Create a case
Bulk update cases
Create a case link
Delete a case link
Create a project
Remove a project
Update a project
Unfavorite a project
Favorite a project
Create a notification rule
Delete a notification rule
Update a notification rule
Create an automation rule
Delete an automation rule
Update an automation rule
Disable an automation rule
Enable an automation rule
Create a case view
Delete a case view
Update a case view
Archive case
Assign case
Update case attributes
Update case comment
Delete custom attribute from case
Update case custom attribute
Update case description
Update case due date
Remove insights from a case
Add insights to a case
Update case priority
Link incident to case
Remove Jira issue link from case
Link existing Jira issue to case
Create Jira issue for case
Create investigation notebook for case
Update case project
Create ServiceNow ticket for case
Update case resolved reason
Update case status
Update case title
Unarchive case
Unassign case
Unwatch a case
Watch a case
Create a change request
Update a change request
Create a change request branch
Delete a change request decision
Update a change request decision
Remove the assignee of an issue
Update the assignee of an issue
Create a new campaign
Delete a campaign
Update a campaign

event_correlation_config_read

View event correlation configurations.

List maintenance windows

event_correlation_config_write

Create and update event correlation configurations.

Create a maintenance window
Delete a maintenance window
Update a maintenance window

error_tracking_read

Read Error Tracking data.

Search error tracking issues
Get the details of an error tracking issue
Remove the assignee of an issue
Update the assignee of an issue
Update the state of an issue

error_tracking_write

Edit Error Tracking issues.

Remove the assignee of an issue
Update the assignee of an issue
Update the state of an issue

apm_service_catalog_read

View service catalog and service definitions.

Get a list of entities
Preview catalog entities
Get a list of entity kinds
Get a list of entity relations
List all campaigns
Get a campaign
List all rule outcomes
List all rules
List all scorecards
List all scores
Get all service definitions
Get a single service definition

apm_service_catalog_write

Add, modify, and delete service catalog definitions when those definitions are maintained by Datadog.

Create or update entities
Delete a single entity
Create or update kinds
Delete a single kind
Create a new campaign
Delete a campaign
Update a campaign
Update Scorecard outcomes
Create outcomes batch
Create a new rule
Delete a rule
Update an existing scorecard rule
Create or update service definition
Delete a single service definition

Cloud Cost Management

Scope name

Description

Endpoints that require this scope

cloud_cost_management_read

View Cloud Cost pages and the cloud cost data source in dashboards and notebooks. For more details, see the Cloud Cost Management docs.

List cost anomalies
Get cost anomaly
List custom allocation rules
List custom allocation rule statuses
Get custom allocation rule
List Cloud Cost Management AWS CUR configs
Get cost AWS CUR config
List Cloud Cost Management Azure configs
Get cost Azure UC config
Get commitments list
Get commitments coverage (scalar)
Get commitments coverage (timeseries)
Get commitments on-demand hot spots (scalar)
Get commitments savings (scalar)
Get commitments savings (timeseries)
Get commitments utilization (scalar)
Get commitments utilization (timeseries)
List Custom Costs files
Get Custom Costs file
List Google Cloud Usage Cost configs
Get Google Cloud Usage Cost config
List Cloud Cost Management OCI configs
Search cost recommendations
List Cloud Cost Management tag descriptions
List Cloud Cost Management tag keys
Get a Cloud Cost Management tag key
List Cloud Cost Management tag key metadata
Get the Cloud Cost Management billing currency
List available Cloud Cost Management metrics
List Cloud Cost Management orchestrators
List Cloud Cost Management tag sources
List Cloud Cost Management tags
List tag pipeline rulesets
List tag pipeline ruleset statuses
Validate query
Get a tag pipeline ruleset

cloud_cost_management_write

Configure cloud cost accounts and global customizations. For more details, see the Cloud Cost Management docs.

Create custom allocation rule
Reorder custom allocation rules
Delete custom allocation rule
Update custom allocation rule
Create Cloud Cost Management AWS CUR config
Delete Cloud Cost Management AWS CUR config
Update Cloud Cost Management AWS CUR config
Create Cloud Cost Management Azure configs
Delete Cloud Cost Management Azure config
Update Cloud Cost Management Azure config
Upload Custom Costs file
Delete Custom Costs file
Create Google Cloud Usage Cost config
Delete Google Cloud Usage Cost config
Update Google Cloud Usage Cost config
Create tag pipeline ruleset
Reorder tag pipeline rulesets
Delete tag pipeline ruleset
Update tag pipeline ruleset

Code Coverage

Scope name

Description

Endpoints that require this scope

code_coverage_read

View Code Coverage.

Get code coverage summary for a branch
Get code coverage summary for a commit

Dashboard Lists, Dashboard Secure Embed, Dashboards, Powerpack

Scope name

Description

Endpoints that require this scope

dashboards_read

View dashboards.

Get all dashboards
Get all dashboard lists
Get a dashboard list
Get a shared dashboard
Get a dashboard
Get items of a Dashboard List
Get a secure embed for a dashboard
Get usage stats for all dashboards
Get usage stats for a dashboard
Get all powerpacks
Get a Powerpack

dashboards_write

Create and change dashboards.

Delete dashboards
Restore deleted dashboards
Create a new dashboard
Create a dashboard list
Delete a dashboard list
Update a dashboard list
Delete a dashboard
Update a dashboard
Create a new powerpack
Delete a powerpack
Update a powerpack

dashboards_embed_share

Create, modify, and delete shared dashboards with share type 'embed'.

Create a shared dashboard
Revoke a shared dashboard URL
Update a shared dashboard
Create a secure embed for a dashboard
Delete a secure embed for a dashboard
Update a secure embed for a dashboard

dashboards_invite_share

Create, modify, and delete shared dashboards with share type 'invite'.

Create a shared dashboard
Revoke a shared dashboard URL
Update a shared dashboard
Revoke shared dashboard invitations
Get all invitations for a shared dashboard
Send shared dashboard invitation email

dashboards_public_share

Generate public and authenticated links to share dashboards or embeddable graphs externally.

Create a shared dashboard
Revoke a shared dashboard URL
Update a shared dashboard

Datasets, Roles, Users

Scope name

Description

Endpoints that require this scope

user_access_manage

Disable users, manage user roles, manage SAML-to-role mappings, and configure logs restriction queries.

Anonymize users
Create a dataset
Delete a dataset
Edit a dataset
Create role
Delete role
Update a role
Create a new role by cloning an existing role
Revoke permission
Grant permission to a role
Remove a user from a role
Add a user to a role
Disable a user
Update a user

user_access_read

View users and their roles and settings.

List all users
Get all datasets
Get a single dataset by ID
List permissions
List roles
List role templates
Get a role
List permissions for a role
Get all users of a role
List all users
Get user details
Get a user permissions

user_access_invite

Invite other users to your organization.

Send invitation emails
Get a user invitation
Create a user
Delete a pending user's invitations

Domain Allowlist, Downtimes, Monitors

Scope name

Description

Endpoints that require this scope

monitors_write

Edit, delete, and resolve individual monitors.

Create a monitor
Delete a monitor
Edit a monitor
Mute a monitor
Unmute a monitor
Get Domain Allowlist
Sets Domain Allowlist

org_management

Edit org configurations, including authentication and certain security preferences such as configuring SAML, renaming an org, configuring allowed login methods, creating child orgs, subscribing & unsubscribing from apps in the marketplace, and enabling & disabling Remote Configuration for the entire organization.

Create AWS scan options
Delete AWS scan options
Update AWS scan options
Create Azure scan options
Delete Azure scan options
Update Azure scan options
Create GCP scan options
Delete GCP scan options
Update GCP scan options
Create AWS on demand task
Get Domain Allowlist
Sets Domain Allowlist
Get IP Allowlist
Update IP Allowlist
List your managed organizations

monitors_downtime

Set downtimes to suppress alerts from any monitor in an organization. Mute and unmute monitors. The ability to write monitors is not required to set downtimes.

Schedule a downtime
Cancel downtimes by scope
Cancel a downtime
Update a downtime
Get all downtimes
Schedule a downtime
Cancel a downtime
Get a downtime
Update a downtime
Get active downtimes for a monitor

monitors_read

View monitors.

Get all downtimes
Get a downtime
Get all monitors
Check if a monitor can be deleted
Monitors group search
Monitors search
Validate a monitor
Get a monitor's details
Get active downtimes for a monitor
Validate an existing monitor
Get all monitor notification rules
Get a monitor notification rule
Get all monitor configuration policies
Get a monitor configuration policy
Get all monitor user templates
Get a monitor user template

Downtimes, Monitors

Scope name

Description

Endpoints that require this scope

monitors_downtime

Set downtimes to suppress alerts from any monitor in an organization. Mute and unmute monitors. The ability to write monitors is not required to set downtimes.

Schedule a downtime
Cancel downtimes by scope
Cancel a downtime
Update a downtime
Get all downtimes
Schedule a downtime
Cancel a downtime
Get a downtime
Update a downtime
Get active downtimes for a monitor

monitors_read

View monitors.

Get all downtimes
Get a downtime
Get all monitors
Check if a monitor can be deleted
Monitors group search
Monitors search
Validate a monitor
Get a monitor's details
Get active downtimes for a monitor
Validate an existing monitor
Get all monitor notification rules
Get a monitor notification rule
Get all monitor configuration policies
Get a monitor configuration policy
Get all monitor user templates
Get a monitor user template

monitors_write

Edit, delete, and resolve individual monitors.

Create a monitor
Delete a monitor
Edit a monitor
Mute a monitor
Unmute a monitor
Get Domain Allowlist
Sets Domain Allowlist

Events

Scope name

Description

Endpoints that require this scope

events_read

Read Events data.

Get a list of events
Get an event
Get a list of events
Get an event

Hosts

Scope name

Description

Endpoints that require this scope

hosts_read

List hosts and their attributes.

Get all hosts for your organization
Get the total number of active hosts

Incident Services, Incidents

Scope name

Description

Endpoints that require this scope

incident_read

View incidents in Datadog.

Get a list of incidents
Get incident notification template
Get a list of incident types
Get incident type details
Get a list of incident user-defined fields
Get an incident user-defined field
Search for incidents
Get the details of an incident
List an incident's impacts
Get a list of an incident's integration metadata
Get incident integration metadata details
Get a list of an incident's todos
Get incident todo details
Get a list of all incident services
Get details of an incident service

incident_settings_write

Configure Incident Settings.

Create an incident type
Delete an incident type
Update an incident type
Create an incident user-defined field
Delete an incident user-defined field
Update an incident user-defined field
Create a new incident service
Delete an existing incident service
Update an existing incident service

incident_notification_settings_read

View Incident Notification Rule Settings.

Get an incident notification rule

incident_notification_settings_write

Configure Incidents Notification Rule settings.

Create an incident notification rule
Delete an incident notification rule
Update an incident notification rule
Create incident notification template
Delete a notification template
Update incident notification template

incident_write

Create, view, and manage incidents in Datadog.

Create an incident
Get incident notification template
Import an incident
Delete an existing incident
Update an existing incident
Create incident attachment
Delete incident attachment
Update incident attachment
Create an incident impact
Delete an incident impact
Create an incident integration metadata
Delete an incident integration metadata
Update an existing incident integration metadata
Create an incident todo
Delete an incident todo
Update an incident todo

Metrics

Scope name

Description

Endpoints that require this scope

metrics_read

View custom metrics.

Get active metrics list
Get metric metadata
Search metrics
Get a list of metrics
List tags by metric name
List tag configuration by name

timeseries_query

Query Timeseries data.

Query timeseries points
Query scalar data across multiple products
Query timeseries data across multiple products

Org Connections, Organizations

Scope name

Description

Endpoints that require this scope

org_connections_read

Read cross organization connections.

List Org Connections

org_connections_write

Create, edit, and delete cross organization connections.

List your managed organizations
Create Org Connection
Delete Org Connection
Update Org Connection

org_management

Edit org configurations, including authentication and certain security preferences such as configuring SAML, renaming an org, configuring allowed login methods, creating child orgs, subscribing & unsubscribing from apps in the marketplace, and enabling & disabling Remote Configuration for the entire organization.

Create AWS scan options
Delete AWS scan options
Update AWS scan options
Create Azure scan options
Delete Azure scan options
Update Azure scan options
Create GCP scan options
Delete GCP scan options
Update GCP scan options
Create AWS on demand task
Get Domain Allowlist
Sets Domain Allowlist
Get IP Allowlist
Update IP Allowlist
List your managed organizations

Service Level Objective Corrections, Service Level Objectives

Scope name

Description

Endpoints that require this scope

slos_corrections

Apply, edit, and delete SLO status corrections. A user with this permission can make status corrections, even if they do not have permission to edit those SLOs.

Create an SLO correction

slos_read

View SLOs and status corrections.

Get all SLOs
Check if SLOs can be safely deleted
Get all SLO corrections
Search for SLOs
Get an SLO's details
Get Corrections For an SLO
Get an SLO's history
Create a new SLO report
Get SLO report
Get SLO report status
Get SLO status

slos_write

Create, edit, and delete SLOs.

Create an SLO object
Bulk Delete SLO Timeframes
Delete an SLO
Update an SLO

Teams

Scope name

Description

Endpoints that require this scope

teams_manage

Manage Teams. Create, delete, rename, and edit metadata of all Teams. To control Team membership across all Teams, use the User Access Manage permission.

Create a team
Create a team hierarchy link
Remove a team hierarchy link
Link Teams with GitHub Teams
Remove a team

teams_read

Read Teams data. A User with this permission can view Team names, metadata, and which Users are on each Team.

Get all teams
Create a team
Get team hierarchy links
Create a team hierarchy link
Remove a team hierarchy link
Get a team hierarchy link
Delete team connections
List team connections
Create team connections
Get team sync configurations
Get all member teams
Add a member team
Remove a member team
Remove a team
Get a team
Update a team
Get links for a team
Create a team link
Remove a team link
Get a team link
Update a team link
Get team memberships
Add a user to a team
Remove a user from a team
Update a user's membership attributes on a team
Get team notification rules
Create team notification rule
Delete team notification rule
Get team notification rule
Update team notification rule
Get permission settings for a team
Update permission setting for team
Get user memberships

Usage Metering

Scope name

Description

Endpoints that require this scope

billing_read

View your organization's billing information.

Get Monthly Cost Attribution
Get cost across multi-org account
Get estimated cost across your account
Get historical cost across your account
Get projected cost across your account

usage_read

View your organization's usage and usage attribution.

Get hourly usage for analyzed logs
Get hourly usage for audit logs
Get hourly usage for Lambda
Get billable usage across your account
Get hourly usage for CI visibility
Get hourly usage for CSM Pro
Get hourly usage for cloud workload security
Get hourly usage for database monitoring
Get hourly usage for Fargate
Get hourly usage for hosts and containers
Get hourly usage attribution
Get hourly usage for incident management
Get hourly usage for indexed spans
Get hourly usage for ingested spans
Get hourly usage for IoT
Get hourly usage for logs
Get hourly logs usage by retention
Get hourly usage for logs by index
Get monthly usage attribution
get hourly usage for network flows
Get hourly usage for network hosts
Get hourly usage for online archive
Get hourly usage for profiled hosts
Get hourly usage for RUM units
Get hourly usage for RUM sessions
Get hourly usage for sensitive data scanner
Get hourly usage for SNMP devices
Get usage across your account
Get hourly usage for synthetics checks
Get hourly usage for synthetics API checks
Get hourly usage for synthetics browser checks
Get hourly usage for custom metrics
Get all custom metrics by hourly average
Get active billing dimensions for cost attribution
Get Monthly Cost Attribution
Get hourly usage for application security
Get billing dimension mapping for usage endpoints
Get cost across multi-org account
Get estimated cost across your account
Get historical cost across your account
Get hourly usage by product family
Get hourly usage for Lambda traced invocations
Get hourly usage for observability pipelines
Get projected cost across your account
Get usage attribution types

Webhooks Integration

Scope name

Description

Endpoints that require this scope

create_webhooks

Create webhooks integrations.

Create a webhooks integration

Workflow Automation

Scope name

Description

Endpoints that require this scope

workflows_read

View workflows.

List workflow instances
Get a workflow instance

workflows_run

Run workflows.

Execute a workflow