DataDog
diff --git a/‎.generator/schemas/v2/openapi.yaml‎
Lines changed: 281 additions & 0 deletions b/‎.generator/schemas/v2/openapi.yaml‎
Lines changed: 281 additions & 0 deletions
diff --git a/‎api/datadog/configuration.go‎
Lines changed: 2 additions & 0 deletions b/‎api/datadog/configuration.go‎
Lines changed: 2 additions & 0 deletions
@@ -21475,6 +21475,162 @@ components:
         data:
           $ref: "#/components/schemas/DatasetResponse"
       type: object
+    DatasetRestrictionOwnershipMode:
+      description: |-
+        Controls how dataset ownership is determined. `disabled` turns off ownership-based access
+        entirely. `team_tag_based` assigns dataset ownership based on the team tags applied to the
+        data, allowing team members to see their own team's datasets.
+      enum:
+        - disabled
+        - team_tag_based
+      example: "team_tag_based"
+      type: string
+      x-enum-varnames:
+        - DISABLED
+        - TEAM_TAG_BASED
+    DatasetRestrictionPrincipal:
+      description: |-
+        A user or role that is exempt from dataset restrictions and retains unrestricted
+        access to all datasets for the product type.
+      properties:
+        id:
+          description: The unique identifier of the principal (a user UUID or role ID).
+          example: "abc123"
+          type: string
+        name:
+          description: The human-readable display name of the principal as shown in the Datadog UI.
+          example: "Datadog Admin Role"
+          type: string
+        type:
+          description: |-
+            The kind of principal, such as `user` for an individual user account or `role`
+            for a Datadog role.
+          example: "role"
+          type: string
+      required:
+        - type
+        - id
+        - name
+      type: object
+    DatasetRestrictionResponse:
+      description: Response containing the updated dataset restriction.
+      properties:
+        data:
+          $ref: "#/components/schemas/DatasetRestrictionResponseData"
+      required:
+        - data
+      type: object
+    DatasetRestrictionResponseAttributes:
+      description: |-
+        The current configuration of a dataset restriction, including restriction mode,
+        ownership mode, and exempt principals.
+      properties:
+        ownership_mode:
+          $ref: "#/components/schemas/DatasetRestrictionOwnershipMode"
+        restriction_key:
+          description: Internal key used by the restriction enforcement system to identify this restriction rule.
+          type: string
+        restriction_mode:
+          $ref: "#/components/schemas/DatasetRestrictionRestrictionMode"
+        unrestricted_principals:
+          description: |-
+            Principals (users or roles) that are exempt from this restriction and retain
+            full data access regardless of the restriction mode.
+          items:
+            $ref: "#/components/schemas/DatasetRestrictionPrincipal"
+          type: array
+      required:
+        - restriction_mode
+      type: object
+    DatasetRestrictionResponseData:
+      description: A single dataset restriction configuration for one product type.
+      properties:
+        attributes:
+          $ref: "#/components/schemas/DatasetRestrictionResponseAttributes"
+        id:
+          description: The Datadog product type this restriction applies to (for example, `rum`, `apm`, or `logs`).
+          example: "rum"
+          type: string
+        type:
+          $ref: "#/components/schemas/DatasetRestrictionsType"
+      required:
+        - type
+        - id
+        - attributes
+      type: object
+    DatasetRestrictionRestrictionMode:
+      description: |-
+        Controls the default data visibility for the product type. `standard` makes data visible
+        to all users with appropriate product access. `default_hide` hides data by default and
+        requires explicit grants for each dataset.
+      enum:
+        - standard
+        - default_hide
+      example: "default_hide"
+      type: string
+      x-enum-varnames:
+        - STANDARD
+        - DEFAULT_HIDE
+    DatasetRestrictionUpdateRequest:
+      description: Payload for updating a dataset restriction configuration.
+      properties:
+        data:
+          $ref: "#/components/schemas/DatasetRestrictionUpdateRequestData"
+      required:
+        - data
+      type: object
+    DatasetRestrictionUpdateRequestAttributes:
+      description: |-
+        Editable attributes of a dataset restriction. Only `restriction_mode` is required;
+        omitted optional fields retain their current values.
+      properties:
+        ownership_mode:
+          $ref: "#/components/schemas/DatasetRestrictionOwnershipMode"
+        restriction_mode:
+          $ref: "#/components/schemas/DatasetRestrictionRestrictionMode"
+        unrestricted_principals:
+          description: |-
+            Principal identifiers (users or roles) that are exempt from the restriction and
+            can always access all datasets for this product type.
+          items:
+            description: A unique identifier of a user or role principal.
+            type: string
+          type: array
+      required:
+        - restriction_mode
+      type: object
+    DatasetRestrictionUpdateRequestData:
+      description: Data object for a dataset restriction update.
+      properties:
+        attributes:
+          $ref: "#/components/schemas/DatasetRestrictionUpdateRequestAttributes"
+        type:
+          $ref: "#/components/schemas/DatasetRestrictionsType"
+      required:
+        - type
+        - attributes
+      type: object
+    DatasetRestrictionsListResponse:
+      description: |-
+        Response containing the list of all dataset restriction configurations for the
+        organization, one per product type.
+      properties:
+        data:
+          description: An array of dataset restriction objects, one for each configured product type.
+          items:
+            $ref: "#/components/schemas/DatasetRestrictionResponseData"
+          type: array
+      required:
+        - data
+      type: object
+    DatasetRestrictionsType:
+      description: JSON:API resource type for dataset restrictions.
+      enum:
+        - dataset_restrictions
+      example: "dataset_restrictions"
+      type: string
+      x-enum-varnames:
+        - DATASET_RESTRICTIONS
     DatasetType:
       default: dataset
       description: Resource type, always set to `dataset`.
@@ -97605,6 +97761,126 @@ paths:
       x-unstable: |-
         **Note**: This endpoint is in preview and is subject to change.
         If you have any feedback, contact [Datadog support](https://docs.datadoghq.com/help/).
+  /api/v2/dataset_restrictions:
+    get:
+      description: |-
+        Retrieve all dataset restriction configurations for the organization.
+        Returns one restriction object per configured product type (for example, RUM, APM, or Logs),
+        including the current restriction mode, ownership mode, and any unrestricted principals.
+        Requires the `user_access_read` permission.
+      operationId: ListDatasetRestrictions
+      responses:
+        "200":
+          content:
+            application/json:
+              examples:
+                default:
+                  value:
+                    data:
+                      - attributes:
+                          restriction_mode: "standard"
+                        id: "rum"
+                        type: "dataset_restrictions"
+                      - attributes:
+                          ownership_mode: "team_tag_based"
+                          restriction_mode: "default_hide"
+                        id: "apm"
+                        type: "dataset_restrictions"
+              schema:
+                $ref: "#/components/schemas/DatasetRestrictionsListResponse"
+          description: OK
+        "403":
+          content:
+            application/json:
+              schema:
+                $ref: "#/components/schemas/JSONAPIErrorResponse"
+          description: Forbidden
+        "404":
+          content:
+            application/json:
+              schema:
+                $ref: "#/components/schemas/JSONAPIErrorResponse"
+          description: Not Found
+        "429":
+          $ref: "#/components/responses/TooManyRequestsResponse"
+      summary: List dataset restrictions
+      tags:
+        - Dataset Restrictions
+      x-unstable: |-
+        **Note**: This endpoint is in preview and is subject to change.
+        If you have any feedback, contact [Datadog support](https://docs.datadoghq.com/help/).
+  /api/v2/dataset_restrictions/{product_type}:
+    post:
+      description: |-
+        Update the dataset restriction configuration for a specific product type.
+        Sets the restriction mode, optional ownership mode, and the list of principals
+        that are exempt from restrictions. Requires the `user_access_manage` permission.
+        Changes are audited and take effect immediately.
+      operationId: UpdateDatasetRestriction
+      parameters:
+        - description: The Datadog product type to configure restrictions for (for example, `rum`, `apm`, or `logs`).
+          example: "rum"
+          in: path
+          name: product_type
+          required: true
+          schema:
+            type: string
+      requestBody:
+        content:
+          application/json:
+            examples:
+              default:
+                value:
+                  data:
+                    attributes:
+                      ownership_mode: "team_tag_based"
+                      restriction_mode: "default_hide"
+                    type: "dataset_restrictions"
+            schema:
+              $ref: "#/components/schemas/DatasetRestrictionUpdateRequest"
+        required: true
+      responses:
+        "200":
+          content:
+            application/json:
+              examples:
+                default:
+                  value:
+                    data:
+                      attributes:
+                        ownership_mode: "team_tag_based"
+                        restriction_mode: "default_hide"
+                      id: "rum"
+                      type: "dataset_restrictions"
+              schema:
+                $ref: "#/components/schemas/DatasetRestrictionResponse"
+          description: OK
+        "400":
+          content:
+            application/json:
+              schema:
+                $ref: "#/components/schemas/JSONAPIErrorResponse"
+          description: Bad Request
+        "403":
+          content:
+            application/json:
+              schema:
+                $ref: "#/components/schemas/JSONAPIErrorResponse"
+          description: Forbidden
+        "404":
+          content:
+            application/json:
+              schema:
+                $ref: "#/components/schemas/JSONAPIErrorResponse"
+          description: Not Found
+        "429":
+          $ref: "#/components/responses/TooManyRequestsResponse"
+      summary: Update a dataset restriction
+      tags:
+        - Dataset Restrictions
+      x-unstable: |-
+        **Note**: This endpoint is in preview and is subject to change.
+        If you have any feedback, contact [Datadog support](https://docs.datadoghq.com/help/).
   /api/v2/datasets:
     get:
       description: Get all datasets that have been configured for an organization.
@@ -146005,6 +146281,11 @@ tags:
   - description: |-
       The Data Deletion API allows the user to target and delete data from the allowed products. It's currently enabled for Logs and RUM and depends on `logs_delete_data` and `rum_delete_data` permissions respectively.
     name: Data Deletion
+  - description: |-
+      Configure dataset-level access restrictions per Datadog product type. Dataset restrictions
+      control whether data is visible by default or hidden until explicitly granted, and how
+      ownership-based access is determined.
+    name: Dataset Restrictions
   - description: |-
       Data Access Controls in Datadog is a feature that allows administrators and access managers to regulate
       access to sensitive data. By defining Restricted Datasets, you can ensure that only specific teams or roles can
 
@@ -761,6 +761,8 @@ func NewConfiguration() *Configuration {
 			"v2.DeleteDashboardSecureEmbed":                     false,
 			"v2.GetDashboardSecureEmbed":                        false,
 			"v2.UpdateDashboardSecureEmbed":                     false,
+			"v2.ListDatasetRestrictions":                        false,
+			"v2.UpdateDatasetRestriction":                       false,
 			"v2.CreateDataset":                                  false,
 			"v2.DeleteDataset":                                  false,
 			"v2.GetAllDatasets":                                 false,