diff --git a/datadog-roles.tf b/datadog-roles.tf
new file mode 100644
index 0000000..eca2a85
--- /dev/null
+++ b/datadog-roles.tf
@@ -0,0 +1,41 @@
+# Create new role resources
+variable "dd_roles" {
+  description = "Map of Role Resources"
+  type = map(object({
+    name        = string
+    permissions = optional(list(string), [])
+  }))
+
+  default = {
+    # Example role configuration - replace with actual roles
+    # "custom-readonly" = {
+    #   name        = "Custom Read Only"
+    #   permissions = [
+    #     "dashboards_read",
+    #     "monitors_read",
+    #     "logs_read_data"
+    #   ]
+    # },
+    # "custom-admin" = {
+    #   name        = "Custom Admin"
+    #   permissions = [
+    #     "admin",
+    #     "dashboards_write",
+    #     "monitors_write",
+    #     "logs_write_exclusion_filters"
+    #   ]
+    # }
+  }
+}
+
+resource "datadog_role" "roles" {
+  for_each = var.dd_roles
+  name     = each.value.name
+
+  dynamic "permission" {
+    for_each = each.value.permissions
+    content {
+      id = permission.value
+    }
+  }
+}
diff --git a/datadog-users.tf b/datadog-users.tf
new file mode 100644
index 0000000..9f41ce9
--- /dev/null
+++ b/datadog-users.tf
@@ -0,0 +1,28 @@
+# Create new user resources
+variable "dd_users" {
+  description = "Map of User Resources"
+  type = map(object({
+    email    = string
+    name     = string
+    roles    = optional(list(string), [])
+    disabled = optional(bool, false)
+  }))
+
+  default = {
+    # Example user configuration - replace with actual users
+    # "example-user" = {
+    #   email    = "user@example.com"
+    #   name     = "Example User"
+    #   roles    = ["standard"]  # roles can include: "standard", "admin", "read_only"
+    #   disabled = false
+    # }
+  }
+}
+
+resource "datadog_user" "users" {
+  for_each = var.dd_users
+  email    = each.value.email
+  name     = each.value.name
+  roles    = each.value.roles
+  disabled = each.value.disabled
+}