Datadog v4.59.0 published on Wednesday, Oct 22, 2025 by Pulumi
datadog.UserRole
Provides a Datadog UserRole resource. This can be used to create and manage Datadog User Roles. Conflicts may occur if used together with the datadog.User resource’s roles attribute or the datadog.ServiceAccount resource’s roles attribute. This resource is in beta and is subject to change.
Example Usage
import * as pulumi from "@pulumi/pulumi";
import * as datadog from "@pulumi/datadog";
// Source the permissions
const ddPerms = datadog.getPermissions({});
// Create an API Key Manager role
const apiKeyManager = new datadog.Role("api_key_manager", {
name: "API Key Manager",
permissions: [
{
id: ddPerms.then(ddPerms => ddPerms.permissions?.apiKeysRead),
},
{
id: ddPerms.then(ddPerms => ddPerms.permissions?.apiKeysWrite),
},
],
});
const newUser = new datadog.User("new_user", {email: "new@example.com"});
// Assign the API Key Manager role to the user
const newUserWithApiKeyManagerRole = new datadog.UserRole("new_user_with_api_key_manager_role", {
roleId: apiKeyManager.id,
userId: newUser.id,
});
import pulumi
import pulumi_datadog as datadog
# Source the permissions
dd_perms = datadog.get_permissions()
# Create an API Key Manager role
api_key_manager = datadog.Role("api_key_manager",
name="API Key Manager",
permissions=[
{
"id": dd_perms.permissions["apiKeysRead"],
},
{
"id": dd_perms.permissions["apiKeysWrite"],
},
])
new_user = datadog.User("new_user", email="new@example.com")
# Assign the API Key Manager role to the user
new_user_with_api_key_manager_role = datadog.UserRole("new_user_with_api_key_manager_role",
role_id=api_key_manager.id,
user_id=new_user.id)
package main
import (
"github.com/pulumi/pulumi-datadog/sdk/v4/go/datadog"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
// Source the permissions
ddPerms, err := datadog.GetPermissions(ctx, &datadog.GetPermissionsArgs{}, nil)
if err != nil {
return err
}
// Create an API Key Manager role
apiKeyManager, err := datadog.NewRole(ctx, "api_key_manager", &datadog.RoleArgs{
Name: pulumi.String("API Key Manager"),
Permissions: datadog.RolePermissionArray{
&datadog.RolePermissionArgs{
Id: pulumi.String(ddPerms.Permissions.ApiKeysRead),
},
&datadog.RolePermissionArgs{
Id: pulumi.String(ddPerms.Permissions.ApiKeysWrite),
},
},
})
if err != nil {
return err
}
newUser, err := datadog.NewUser(ctx, "new_user", &datadog.UserArgs{
Email: pulumi.String("new@example.com"),
})
if err != nil {
return err
}
// Assign the API Key Manager role to the user
_, err = datadog.NewUserRole(ctx, "new_user_with_api_key_manager_role", &datadog.UserRoleArgs{
RoleId: apiKeyManager.ID(),
UserId: newUser.ID(),
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Datadog = Pulumi.Datadog;
return await Deployment.RunAsync(() =>
{
// Source the permissions
var ddPerms = Datadog.GetPermissions.Invoke();
// Create an API Key Manager role
var apiKeyManager = new Datadog.Role("api_key_manager", new()
{
Name = "API Key Manager",
Permissions = new[]
{
new Datadog.Inputs.RolePermissionArgs
{
Id = ddPerms.Apply(getPermissionsResult => getPermissionsResult.Permissions?.ApiKeysRead),
},
new Datadog.Inputs.RolePermissionArgs
{
Id = ddPerms.Apply(getPermissionsResult => getPermissionsResult.Permissions?.ApiKeysWrite),
},
},
});
var newUser = new Datadog.User("new_user", new()
{
Email = "new@example.com",
});
// Assign the API Key Manager role to the user
var newUserWithApiKeyManagerRole = new Datadog.UserRole("new_user_with_api_key_manager_role", new()
{
RoleId = apiKeyManager.Id,
UserId = newUser.Id,
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.datadog.DatadogFunctions;
import com.pulumi.datadog.inputs.GetPermissionsArgs;
import com.pulumi.datadog.Role;
import com.pulumi.datadog.RoleArgs;
import com.pulumi.datadog.inputs.RolePermissionArgs;
import com.pulumi.datadog.User;
import com.pulumi.datadog.UserArgs;
import com.pulumi.datadog.UserRole;
import com.pulumi.datadog.UserRoleArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
// Source the permissions
final var ddPerms = DatadogFunctions.getPermissions(GetPermissionsArgs.builder()
.build());
// Create an API Key Manager role
var apiKeyManager = new Role("apiKeyManager", RoleArgs.builder()
.name("API Key Manager")
.permissions(
RolePermissionArgs.builder()
.id(ddPerms.permissions().apiKeysRead())
.build(),
RolePermissionArgs.builder()
.id(ddPerms.permissions().apiKeysWrite())
.build())
.build());
var newUser = new User("newUser", UserArgs.builder()
.email("new@example.com")
.build());
// Assign the API Key Manager role to the user
var newUserWithApiKeyManagerRole = new UserRole("newUserWithApiKeyManagerRole", UserRoleArgs.builder()
.roleId(apiKeyManager.id())
.userId(newUser.id())
.build());
}
}
resources:
# Create an API Key Manager role
apiKeyManager:
type: datadog:Role
name: api_key_manager
properties:
name: API Key Manager
permissions:
- id: ${ddPerms.permissions.apiKeysRead}
- id: ${ddPerms.permissions.apiKeysWrite}
newUser:
type: datadog:User
name: new_user
properties:
email: new@example.com
# Assign the API Key Manager role to the user
newUserWithApiKeyManagerRole:
type: datadog:UserRole
name: new_user_with_api_key_manager_role
properties:
roleId: ${apiKeyManager.id}
userId: ${newUser.id}
variables:
# Source the permissions
ddPerms:
fn::invoke:
function: datadog:getPermissions
arguments: {}
Create UserRole Resource
Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.
Constructor syntax
new UserRole(name: string, args: UserRoleArgs, opts?: CustomResourceOptions);@overload
def UserRole(resource_name: str,
args: UserRoleArgs,
opts: Optional[ResourceOptions] = None)
@overload
def UserRole(resource_name: str,
opts: Optional[ResourceOptions] = None,
role_id: Optional[str] = None,
user_id: Optional[str] = None)func NewUserRole(ctx *Context, name string, args UserRoleArgs, opts ...ResourceOption) (*UserRole, error)public UserRole(string name, UserRoleArgs args, CustomResourceOptions? opts = null)
public UserRole(String name, UserRoleArgs args)
public UserRole(String name, UserRoleArgs args, CustomResourceOptions options)
type: datadog:UserRole
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.
Parameters
- name string
- The unique name of the resource.
- args UserRoleArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- resource_name str
- The unique name of the resource.
- args UserRoleArgs
- The arguments to resource properties.
- opts ResourceOptions
- Bag of options to control resource's behavior.
- ctx Context
- Context object for the current deployment.
- name string
- The unique name of the resource.
- args UserRoleArgs
- The arguments to resource properties.
- opts ResourceOption
- Bag of options to control resource's behavior.
- name string
- The unique name of the resource.
- args UserRoleArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- name String
- The unique name of the resource.
- args UserRoleArgs
- The arguments to resource properties.
- options CustomResourceOptions
- Bag of options to control resource's behavior.
Constructor example
The following reference example uses placeholder values for all input properties.
var userRoleResource = new Datadog.UserRole("userRoleResource", new()
{
RoleId = "string",
UserId = "string",
});
example, err := datadog.NewUserRole(ctx, "userRoleResource", &datadog.UserRoleArgs{
RoleId: pulumi.String("string"),
UserId: pulumi.String("string"),
})
var userRoleResource = new UserRole("userRoleResource", UserRoleArgs.builder()
.roleId("string")
.userId("string")
.build());
user_role_resource = datadog.UserRole("userRoleResource",
role_id="string",
user_id="string")
const userRoleResource = new datadog.UserRole("userRoleResource", {
roleId: "string",
userId: "string",
});
type: datadog:UserRole
properties:
roleId: string
userId: string
UserRole Resource Properties
To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.
Inputs
In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.
The UserRole resource accepts the following input properties:
Outputs
All input properties are implicitly available as output properties. Additionally, the UserRole resource produces the following output properties:
- Id string
- The provider-assigned unique ID for this managed resource.
- Id string
- The provider-assigned unique ID for this managed resource.
- id String
- The provider-assigned unique ID for this managed resource.
- id string
- The provider-assigned unique ID for this managed resource.
- id str
- The provider-assigned unique ID for this managed resource.
- id String
- The provider-assigned unique ID for this managed resource.
Look up Existing UserRole Resource
Get an existing UserRole resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.
public static get(name: string, id: Input<ID>, state?: UserRoleState, opts?: CustomResourceOptions): UserRole@staticmethod
def get(resource_name: str,
id: str,
opts: Optional[ResourceOptions] = None,
role_id: Optional[str] = None,
user_id: Optional[str] = None) -> UserRolefunc GetUserRole(ctx *Context, name string, id IDInput, state *UserRoleState, opts ...ResourceOption) (*UserRole, error)public static UserRole Get(string name, Input<string> id, UserRoleState? state, CustomResourceOptions? opts = null)public static UserRole get(String name, Output<String> id, UserRoleState state, CustomResourceOptions options)resources: _: type: datadog:UserRole get: id: ${id}- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- resource_name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
Import
The pulumi import command can be used, for example:
This resource is imported using user_id and role_id seperated by :.
$ pulumi import datadog:index/userRole:UserRole user_with_admin_role "${role_id}:${user_id}"
To learn more about importing existing cloud resources, see Importing resources.
Package Details
- Repository
- Datadog pulumi/pulumi-datadog
- License
- Apache-2.0
- Notes
- This Pulumi package is based on the
datadogTerraform Provider.
