[Datadog] Develop custom roles that allow write access for VFS teams

department-of-veterans-affairs / va.gov-team

Public resources for building on and in support of VA.gov. Visit complete Knowledge Hub:

https://depo-platform-documentation.scrollhelp.site/index.html

283 stars 204 forks source link

[Datadog] Develop custom roles that allow write access for VFS teams #47066

Open jhouse-solvd opened 2 years ago

jhouse-solvd commented 2 years ago

Description

Before offering Datadog to VFS teams, the platform should create custom Datadog roles and permissions to offer users access to the right features and data. The out-of-the-box roles don't offer fine-grained permissions customization.

Background/context

Datadog offers custom role-based access control (RBAC) to control what data users can see and modify
Datadog permissions should be granted based on a user's role on the VA.Gov Platform
Generic admin, standard, and read-only roles are built-in
Datadog docs:
- Role Based Access Control
- Datadog Role Permissions

Acceptance criteria

TBD

oseasmoran73 commented 2 years ago

One thing I discovered when I was doing the migration is you can labels dashboard/monitors. It may be helpful is add create+destroy for specific label (in my mind, label with team:TEAM_NAME ) to ensure no conflict with others

kylesoskin commented 2 years ago

Hi is there any updates on the progress of this ticket or this ticket

It would be very useful for my team to have write access in some limited scope in datadog so that we can create some monitors/alerts/dashboards.

Thanks!

oseasmoran73 commented 1 year ago

Moving from other ticket into this one:

Something to keep in mind once we get to the write phase for VFS, is platform should assign the perms around dashboard they do not wish to modify

Also, it probably would be best practice to keep shared dashboard to VFS users as IaC