From 98601e74eee182f3b7a9362cd253007e2e813a3e Mon Sep 17 00:00:00 2001 From: Stephen Rosenthal Date: Mon, 22 Sep 2025 18:05:48 -0700 Subject: [PATCH 1/3] Better explanation of Managed vs Custom roles? I'm looking at ways to reduce the confusion around roles & permissions. I noticed the docs don't explicitly cover the main distinction between managed and custom roles, and would like to fix it. --- content/en/account_management/rbac/permissions.md | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/content/en/account_management/rbac/permissions.md b/content/en/account_management/rbac/permissions.md index 89a0da6c0ed62..9786b5633cd06 100644 --- a/content/en/account_management/rbac/permissions.md +++ b/content/en/account_management/rbac/permissions.md @@ -60,6 +60,8 @@ Managed roles are created and maintained by Datadog. Their permissions may be au Create a custom role to combine permissions into new roles. A custom role gives you the ability to define a persona, for example, a billing administrator, and then assign the appropriate permissions for that role. After creating a role, assign or remove permissions to this role directly by [updating the role in Datadog][2], or through the [Datadog Permission API][3]. +Unlike Managed Roles, custom roles will not receive new permissions when Datadog releases new products and features. Custom roles will only receive new permissions to maintain compatibility when Datadog releases new permission gating existing functionality. + **Note**: When adding a new custom role to a user, make sure to remove the managed Datadog role associated with that user to enforce the new role permissions. ## Permissions list @@ -79,4 +81,4 @@ Each managed role inherits all of the permissions from the less powerful roles. [1]: /account_management/rbac/granular_access [2]: /account_management/users/#edit-a-user-s-roles -[3]: /api/latest/roles/#list-permissions \ No newline at end of file +[3]: /api/latest/roles/#list-permissions From 61fdb81ef9e32c0096a81673040b89e0f834a39e Mon Sep 17 00:00:00 2001 From: Stephen Rosenthal Date: Mon, 22 Sep 2025 18:31:19 -0700 Subject: [PATCH 2/3] Get rid of "will" tense word --- content/en/account_management/rbac/permissions.md | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/content/en/account_management/rbac/permissions.md b/content/en/account_management/rbac/permissions.md index 9786b5633cd06..d7fee9e770947 100644 --- a/content/en/account_management/rbac/permissions.md +++ b/content/en/account_management/rbac/permissions.md @@ -48,11 +48,11 @@ Preview mode gives your organization's administrators the ability to opt into ce By default, existing users are associated with one of the three managed roles: -- Datadog Admin -- Datadog Standard -- Datadog Read Only +- Datadog Admin Role +- Datadog Standard Role +- Datadog Read Only Role -All users with one of these roles can read all data types, except for [individually read-restricted][1] resources. Admin and Standard users have write permissions on assets. Admin users have additional read and write permissions for sensitive assets relating to user management, org management, billing, and usage. +All users with one of these roles can read data, except for [individually read-restricted][1] resources. Admin and Standard users have write permissions on assets. Admin users have additional read and write permissions for sensitive assets relating to user management, org management, billing, and usage. Managed roles are created and maintained by Datadog. Their permissions may be automatically updated by Datadog as new features are added or permissions change. Users cannot modify managed roles directly, but they can clone them to create [custom roles](#custom-roles) with specific permissions. If necessary, users can delete managed roles from their account. @@ -60,7 +60,7 @@ Managed roles are created and maintained by Datadog. Their permissions may be au Create a custom role to combine permissions into new roles. A custom role gives you the ability to define a persona, for example, a billing administrator, and then assign the appropriate permissions for that role. After creating a role, assign or remove permissions to this role directly by [updating the role in Datadog][2], or through the [Datadog Permission API][3]. -Unlike Managed Roles, custom roles will not receive new permissions when Datadog releases new products and features. Custom roles will only receive new permissions to maintain compatibility when Datadog releases new permission gating existing functionality. +Unlike Managed Roles, custom roles do not receive new permissions when Datadog releases new products and features. Custom roles only receive new permissions to maintain compatibility when Datadog releases new permission gating existing functionality. **Note**: When adding a new custom role to a user, make sure to remove the managed Datadog role associated with that user to enforce the new role permissions. From a22e57c9b7782489cafb0ebf20f1ec8232370636 Mon Sep 17 00:00:00 2001 From: Ursula Chen <58821586+urseberry@users.noreply.github.com> Date: Mon, 29 Sep 2025 17:08:57 -0500 Subject: [PATCH 3/3] grammar nit --- content/en/account_management/rbac/permissions.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/content/en/account_management/rbac/permissions.md b/content/en/account_management/rbac/permissions.md index d7fee9e770947..48f526980eeec 100644 --- a/content/en/account_management/rbac/permissions.md +++ b/content/en/account_management/rbac/permissions.md @@ -60,7 +60,7 @@ Managed roles are created and maintained by Datadog. Their permissions may be au Create a custom role to combine permissions into new roles. A custom role gives you the ability to define a persona, for example, a billing administrator, and then assign the appropriate permissions for that role. After creating a role, assign or remove permissions to this role directly by [updating the role in Datadog][2], or through the [Datadog Permission API][3]. -Unlike Managed Roles, custom roles do not receive new permissions when Datadog releases new products and features. Custom roles only receive new permissions to maintain compatibility when Datadog releases new permission gating existing functionality. +Unlike Managed Roles, custom roles do not receive new permissions when Datadog releases new products and features. Custom roles only receive new permissions to maintain compatibility when Datadog releases a new permission gating existing functionality. **Note**: When adding a new custom role to a user, make sure to remove the managed Datadog role associated with that user to enforce the new role permissions.