Grant fine-grained access rights using management zones (beta)

Typically, access-management solutions place more emphasis on the partitioning of information than they do on the sharing of information across teams. This can lead to severely compromised information exchange within and between teams.

At Dynatrace, we believe that collaborative teamwork and communication are vital to the successful monitoring of large IT systems. With management zones, Dynatrace now provides you with a powerful information-partitioning mechanism that simultaneously promotes collaboration and the sharing of relevant team-specific data while still ensuring secure access controls.

Each customizable management zone comprises a set of monitored entities in your environment, be it hosts that share a common purpose, a specific application, a staging environment, or services of a certain technology. Management zones may overlap, just as team responsibilities often overlap. Users may be granted access to entire environments, a specific management zone, or a subset of related management zones. Each Dynatrace user sees an auto-filtered view comprised of only the management zones that that user has permission to view. Users who have access to multiple management zones can focus on any particular management zone and filter all Dynatrace views so that they only see the metrics that are related to the entities of that particular management zone.

The Problems page is also filtered based on the selected management zone—only those problems that affect entities in the currently selected management zone are included. However, when a problem spans multiple management zones, each user sees a full end-to-end view of the problem, but they can only analyze the details of the hosts, processes, services, and applications that the user has permission to view within their assigned management zones. This ensures productive and effective collaboration while still enforcing rigid access restrictions where it matters.

Set up management zones

1. To create a management zone go to Settings > Preferences > Management zones.
2. Click the Create management zone button. 

   

3. Management zones are comprised of rules that define the entities that are part of each management zone. These rules are built upon the powerful Dynatrace tagging engine. For details on understanding and creating tags, see Dynatrace Help.
   

   

Select a management zone to focus on

Once you create a management zone, that zone becomes available as a filter, which you can access via the Filter button in the menu bar. Just select the appropriate management zone from the list.

Management zone filters apply to all views that display multiple entities, including dashboards, list pages (hosts, process groups, services, and applications), Smartscape, and the Technologies page. This enables each user to view only those entities that are relevant to them.

Assign access rights to management zones

Once a management zone has been created, it’s time to define which user groups should have access to that management zone, and at what level of access.

Dynatrace SaaS deployments

1. Go to your Accounts view. User and group permission controls are available when you sign into your account.
2. Select Group management.

   

3. Proceed in assigning permissions as explained at How do I assign user groups and permissions?

Dynatrace Managed deployments

1. Select User authentication > User groups > Users from the navigation menu.
2. Proceed with assigning permissions as explained at How do I assign user groups and permissions?
   

   

What’s next?

Beta status means that beginning with version 142 you can use management zones in every Dynatrace environment. During the beta phase, we encourage you to provide feedback at community.dynatrace.com related to how you’re using management zones and what improvements you’d like to see in the future.

When management zones will be generally available depends on the feedback we receive. However, GA is currently scheduled for the July-August time frame. In the meantime, we’ll continue to enhance management zones. We will soon enable you to create API tokens that are limited to a certain management zone and to allow the creation of management zones via the Dynatrace REST API.