Generate Log Restriction Query API Spec #2999
Open
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
api-clients-generation-pipeline
bot
requested review from
a team
as code owners
github-actions
bot
added
the
documentation
iadjivon
reviewed
Nov 11, 2025
|
|
||
| **Note: This endpoint is in public beta. If you have any feedback, contact [Datadog support](https://docs.datadoghq.com/help/).** | ||
|
|
||
| A Restriction Query is a logs query that restricts which logs the `logs_read_data` permission grants read access to. |
There was a problem hiding this comment.
Suggested change
| A Restriction Query is a logs query that restricts which logs the `logs_read_data` permission grants read access to. | |
| A Restriction Query is a logs query that restricts which logs the `logs_read_data` permission grants _read_ access to. |
Italicized the word "read" to differentiate it in the sentence.
iadjivon
reviewed
Nov 11, 2025
Comment on lines
+9
to
+10
| one of their Restriction Queries. This is true whether the user queries log events from any log-related feature, including | ||
| the log explorer, Live Tail, re-hydration, or a dashboard widget. |
There was a problem hiding this comment.
Suggested change
| one of their Restriction Queries. This is true whether the user queries log events from any log-related feature, including | |
| the log explorer, Live Tail, re-hydration, or a dashboard widget. | |
| one of their Restriction Queries. This is true whether the user queries log events from any log-related feature( | |
| the log explorer, Live Tail, re-hydration), or a dashboard widget. |
This keeps the distance between "whether ... or" a bit shorter for an easier read. Let me know what you think!
iadjivon
reviewed
Nov 11, 2025
| one of their Restriction Queries. This is true whether the user queries log events from any log-related feature, including | ||
| the log explorer, Live Tail, re-hydration, or a dashboard widget. | ||
|
|
||
| Restriction Queries currently only support use of the following components of log events: |
There was a problem hiding this comment.
Suggested change
| Restriction Queries currently only support use of the following components of log events: | |
| Currently, Restriction Queries only support the following components of log events: |
Small nitpick here to address the flow of reading. Let me know your thoughts.
iadjivon
reviewed
Nov 11, 2025
| - The log message | ||
| - Tags | ||
|
|
||
| To restrict read access on log data, add a team tag to log events to indicate which teams own them, and then scope Restriction Queries to the relevant values of the team tag. Tags can be applied to log events in many ways, and a log event can have multiple tags with the same key (like team) and different values. This means the same log event can be visible to roles whose restriction queries are scoped to different team values. |
There was a problem hiding this comment.
Suggested change
| To restrict read access on log data, add a team tag to log events to indicate which teams own them, and then scope Restriction Queries to the relevant values of the team tag. Tags can be applied to log events in many ways, and a log event can have multiple tags with the same key (like team) and different values. This means the same log event can be visible to roles whose restriction queries are scoped to different team values. | |
| To restrict _read_ access on log data, add a **team** tag to log events to indicate which teams own them, and then scope Restriction Queries to the relevant values of the team tag. Tags can be applied to log events in many ways, and a log event can have multiple tags with the same key (like team) and different values. This means the same log event can be visible to roles whose restriction queries are scoped to different team values. |
Should "restriction queries" always be capitalized? I see that was the case in all instances prior to this one. Thanks for confirming!
iadjivon
reviewed
Nov 11, 2025
|
|
||
| To restrict read access on log data, add a team tag to log events to indicate which teams own them, and then scope Restriction Queries to the relevant values of the team tag. Tags can be applied to log events in many ways, and a log event can have multiple tags with the same key (like team) and different values. This means the same log event can be visible to roles whose restriction queries are scoped to different team values. | ||
|
|
||
| See [How to Set Up RBAC for Logs](https://docs.datadoghq.com/logs/guide/logs-rbac/?tab=api#restrict-access-to-logs) for details on how to add restriction queries. |
There was a problem hiding this comment.
Suggested change
| See [How to Set Up RBAC for Logs](https://docs.datadoghq.com/logs/guide/logs-rbac/?tab=api#restrict-access-to-logs) for details on how to add restriction queries. | |
| See [How to Set Up RBAC for Logs](https://docs.datadoghq.com/logs/guide/logs-rbac/?tab=api#restrict-access-to-logs) for details on how to add restriction queries. |
same question about restriction queries here.
iadjivon
reviewed
Nov 11, 2025
iadjivon
left a comment
iadjivon
left a comment
There was a problem hiding this comment.
Hi there,
I added some comments here. Let me know if you have any questions!
api-clients-generation-pipeline
bot
force-pushed
the
datadog-api-spec/v2/generated/4566
branch
from
a2b4089 to
a541b5e
Compare
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
See DataDog/datadog-api-spec#4566 Test branch datadog-api-spec/v2/test/dinu.wijetunga/generate_lrq_go_schema_2