 |
VOOZH | about |
|
VOOZH | about |
This guide helps Datadog administrators at large organizations design and implement an access control strategy. It is intended for organizations that fit any of the following profiles:
As organizations grow on Datadog, they face a core tension: enabling self-service for developers, operators, and business users while maintaining boundaries on who can see or change what. This guide provides a decision framework for resolving that tension, not step-by-step UI instructions.
This guide assumes familiarity with Datadog basics. Before starting, review:
You can read this guide sequentially to plan a new access strategy, or jump to the section most relevant to your current challenge.
Each section addresses a layer of your access control strategy, from organizational structure through enforcement and auditing:
| Section | What to decide |
|---|---|
| Choosing Your Datadog Topology | Single org vs. multi-org, and when each is appropriate |
| Permissions and Feature Access | Custom roles, keeping roles current, role hygiene |
| Assigning Users to Roles and Teams | Roles vs. Teams, and how to assign users at scale |
| Protecting Assets | Restricting who can edit or view Dashboards, Monitors, and other assets |
| Protecting Sensitive Data | Restricting access to telemetry data using Data Access Control |
| Credential Management | Managing API keys, app keys, and short-lived tokens at scale |
| Creating Access Policies | A reference for choosing the right enforcement mechanism |
| Sharing Across Organizations | Cross-Org Visibility, Shared Dashboards, and multi-org governance |
| Example Implementations | Enterprise implementation templates |
Start with Choosing Your Datadog Topology to determine whether your organization should use a single Datadog org or multiple orgs.
Additional helpful documentation, links, and articles:
| |
