How to use Terraform to restrict the editing of a dashboard

This page is not yet available in Spanish. We are working on its translation.
If you have any questions or feedback about our current translation project, feel free to reach out to us!

Restricting a dashboard using the restricted_roles attribute

The restricted_roles attribute can be used to restrict editing of the dashboard to specific roles. The field takes a list of IDs of roles, and authorizes any associated users.

Example usage:

resource "datadog_dashboard" "example" {
  title         = "Example dashboard"
  restricted_roles = ["<role_id_1>", "<role_id_2>"]
}

Note: The is_read_only attribute is deprecated. It is recommended to use the restricted_roles attribute or restriction policies to manage access to your dashboards.

Restricting a dashboard using a restriction policy

Restriction policies are in private beta. Contact Datadog Support or your Customer Success Manager for access.

Restriction Policies allow you to restrict the editing of dashboards and other resources to specific principals, including roles, teams, users, and service accounts.

Example usage:

resource "datadog_dashboard" "example" {
  title         = "Example dashboard"
  # Do not use restricted_roles or is_read_only attributes
}

resource "datadog_restriction_policy" "example" {
 resource_id = "dashboard:${datadog_dashboard.example.id}"
  bindings {
     principals = ["org:<org_id>"]
     relation = "viewer"
  }
  bindings {
     principals = ["role:<role_id_1>", "role:<role_id_2>"]
     relation = "editor"
  }
}

Role IDs can be retrieved from the Roles API, Roles UI, or by using the role ID defined in Terraform for datadog_role resources.

Org ID can be obtained from the GET /api/v2/current_user API request. Find it in the data.relationships.org.data.id field.

PREVIEWING: safchain/fix-custom-agent