Policy management API - POST a policy
Creates a new access policy. You can't create a global-level policy, as these are managed by Dynatrace.
The request consumes and produces an application/json payload.
POST |
|
Authentication
To execute this request, you need the Allow IAM policy configuration for environments (iam-policies-management) permission assigned to your token. To learn how to obtain and use it, see Authentication.
Parameters
| Parameter | Type | Description | In | Required |
|---|---|---|---|---|
| levelType | string | The type of the policy level. The following values are available:
Each level inherits policies of a higher level and extends it with its own policies. | path | required |
| levelId | string | The ID of the policy level. Use one of the following values, depending on the level type:
| path | required |
| body | CreateOrUpdateLevelPolicyRequestDto | The JSON body of the request. Contains the configuration of a new policy. | body | required |
Request body objects
The CreateOrUpdateLevelPolicyRequestDto object
| Element | Type | Description | Required |
|---|---|---|---|
| name | string | The display name of the policy. | required |
| description | string | A short description of the policy. | required |
| tags | string[] | A list of tags. | required |
| statementQuery | string | The statement of the policy. | required |
Request body JSON model
This is a model of the request body, showing the possible elements. It has to be adjusted for usage in an actual request.
{"name": "string","description": "string","tags": ["string"],"statementQuery": "string"}
Response
Response codes
| Code | Type | Description |
|---|---|---|
| 201 | LevelPolicyDto | Success. The policy has been created. The response contains the configuration of the policy. |
| 400 | ErrorDto | Failed. The request is invalid |
| 404 | ErrorDto | Failed. The specified resource is not found. |
| 422 | ErrorDto | The specified response not found |
Response body objects
The LevelPolicyDto object
| Element | Type | Description |
|---|---|---|
| uuid | string | The ID of the policy. |
| name | string | The display name of the policy. |
| tags | string[] | A list of tags. |
| description | string | A short description of the policy. |
| statementQuery | string | The statement of the policy. |
| statements | Statement[] | The expanded form of the policy statement. |
The Statement object
| Element | Type | Description |
|---|---|---|
| effect | string | The effect of the policy (for example, allow something). |
| service | string | The service to which the policy applies. |
| permissions | string[] | A list of granted permissions. |
| conditions | Condition[] | A list of conditions limiting the granted permissions. |
The Condition object
| Element | Type | Description |
|---|---|---|
| name | string | The name of the condition. It indicates which part of the services is checked by the condition. |
| operator | string | The operator of the condition. |
| values | string[] | A list of reference values of the condition. |
Response body JSON model
{"uuid": "string","name": "string","tags": ["string"],"description": "string","statementQuery": "string","statements": [{"effect": "string","service": "string","permissions": ["string"],"conditions": [{"name": "string","operator": "string","values": ["string"]}]}]}
Validate payload
We recommend that you validate the payload before submitting it with an actual request. A response code of 200 indicates a valid payload.
The request consumes an application/json payload.
POST |
|
Authentication
To execute this request, you need the Allow IAM policy configuration for environments (iam-policies-management) permission assigned to your token. To learn how to obtain and use it, see Authentication.
Parameters
| Parameter | Type | Description | In | Required |
|---|---|---|---|---|
| levelType | string | The type of the policy level. The following values are available:
Each level inherits policies of a higher level and extends it with its own policies. | path | required |
| levelId | string | The ID of the policy level. Use one of the following values, depending on the level type:
| path | required |
| body | CreateOrUpdateLevelPolicyRequestDto | The JSON body of the request. Contains the configuration of a policy to be validated. | body | required |
Request body objects
The CreateOrUpdateLevelPolicyRequestDto object
| Element | Type | Description | Required |
|---|---|---|---|
| name | string | The display name of the policy. | required |
| description | string | A short description of the policy. | required |
| tags | string[] | A list of tags. | required |
| statementQuery | string | The statement of the policy. | required |
Request body JSON model
This is a model of the request body, showing the possible elements. It has to be adjusted for usage in an actual request.
{"name": "string","description": "string","tags": ["string"],"statementQuery": "string"}
Example
In this example, the request creates an environment-level policy for the mySampleEnv environment that allows usage of the anomaly detection for services (builtin:anomaly-detection.services) schema from the Settings 2.0 framework.
Curl
curl --request POST \--url https://api.dynatrace.com/iam/v1/repo/environment/mySampleEnv/policies/ \--header 'Authorization: Bearer abcdefjhij1234567890' \--header 'Content-Type: application/json' \--data '{"name": "apiExample","description": "Example of an API request","tags": [],"statementQuery": "ALLOW settings:schemas:read, settings:objects:write WHERE settings:schemaId = \"builtin:anomaly-detection.services\";"}'
Request URL
https://api.dynatrace.com/iam/v1/repo/environment/mySampleEnv/policies/
Request body
{"name": "apiExample","description": "Example of an API request","tags": [],"statementQuery": "ALLOW settings:schemas:read, settings:objects:write WHERE settings:schemaId = \"builtin:anomaly-detection.services\";"}
Response body
{"uuid": "0c621587-f978-4c7b-89ee-d2045f611b03","name": "apiExample","description": "Example of an API request","tags": [],"statementQuery": "ALLOW settings:schemas:read, settings:objects:write WHERE settings:schemaId = \"builtin:anomaly-detection.services\";","statements": [{"effect": "ALLOW","permissions": ["settings:schemas:read","settings:objects:write"],"conditions": [{"name": "settings:schemaId","operator": "EQ","values": ["builtin:anomaly-detection.services"]}]}]}
Response code
201