Dynatrace can capture a lot of data from end-user monitoring environments. For details, see What personal data is captured by Dynatrace? It's your responsibility to take precautions that protect your customers' private data.
Restrict access to personal data
If your organization captures personal user data such as email addresses, IP addresses, or passwords in the course of monitoring, you should restrict view access to these personal data so that only authorized users can view them.
Only users with the View sensitive request data permission can override data masking settings.
Mark request attributes as confidential
To mark a request attribute as confidential
- Go to Settings > Server-side service monitoring > Request attributes.
- Click the Edit button of the relevant request attribute.
- Select the Request attribute contains confidential data option box.
With these setting enabled, unauthorized Dynatrace users see only an obscured view of masked data. For example, while unauthorized users can see all performance metrics related to the execution of a certain SQL statement, all sensitive values in the statement are represented with five asterisks (
*****), and so are hidden from unauthorized access (see image below).
Looking at the PurePath, you can see that the actual JourneyId is hidden because this user doesn’t have permission to view confidential data.