Skip to content

(Account Management) Cross-Org Visibility best practices #35895

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
OliviaShoup wants to merge 1 commit into
base: master
Choose a base branch
from
+4 −1
Open

(Account Management) Cross-Org Visibility best practices #35895

Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
5 changes: 4 additions & 1 deletion content/en/account_management/org_settings/cross_org_visibility.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -50,6 +50,8 @@

Creating a cross-organization connection allows you to query metrics from the source organization in the destination organization.

<div class="alert alert-info">Datadog recommends using a <a href="/account_management/org_settings/service_accounts/">Service Account</a> to create and manage cross-organization connections. Connections are tied to their creator's account: if the creator's account is deactivated, the connection is deleted, which can interrupt data flow. Service Accounts are not tied to individual users and avoid this operational risk. Service Account application keys can also be used with the <a href="/account_management/org_settings/cross_org_visibility_api">Cross-Org Connections API</a> to create and manage connections programmatically.</div>

1. Make sure you are signed in to the _source_ organization that contains the data you want to expose.
1. On the [cross-organization visibility page][6], click **New Connection**. The **New Connection** dialog box appears.
1. In the drop-down menu, select the _destination_ organization where you want to see the data.
Expand Down Expand Up @@ -161,7 +163,7 @@
- From the source organization: who can edit the connection.
- From the destination organization: who can view the shared data, and who can edit the connection.

Connections from the source org inherit the data access permissions of the connection's creator. If the creator is restricted from seeing any data by [Data Access Control][13] or [Log Restriction Queries][14], this data is not accessible from the destination org.
Connections from the source org inherit the data access permissions of the connection's creator. If the creator is restricted from seeing any data by [Data Access Control][13] or [Log Restriction Queries][14], this data is not accessible from the destination org. If the creator's account is deactivated, the connection is deleted. This results in a data flow continuity issue, not a security risk—access restrictions are not lifted when a connection is deleted.

Check notice on line 166 in content/en/account_management/org_settings/cross_org_visibility.md

View workflow job for this annotation

GitHub Actions / vale

Datadog.sentencelength 

Suggestion: Try to keep your sentence length to 25 words or fewer.

**Note:** Connections created from HIPAA-enabled organizations may allow the sharing of protected health information (PHI) to destination organizations. Customers are responsible for any sensitive data transferred, including PHI.

Expand Down Expand Up @@ -198,3 +200,4 @@
[12]: /account_management/rbac/granular_access
[13]: /account_management/rbac/data_access/
[14]: /logs/guide/logs-rbac-permissions/?tab=ui#create-a-restriction-query
[15]: /account_management/org_settings/service_accounts/
Loading