• Home
  • Dynatrace API
  • Account management
  • Policy management
  • Policies
  • POST a policy

Policy management API - POST a policy

Creates a new access policy. You can't create a global-level policy, as these are managed by Dynatrace.

The request consumes and produces an application/json payload.

POST

https://api.dynatrace.com/iam/v1/repo/{levelType}/{levelId}/policies

Authentication

To execute this request, you need the Allow IAM policy configuration for environments (iam-policies-management) permission assigned to your token. To learn how to obtain and use it, see Authentication.

Parameters

ParameterTypeDescriptionInRequired
levelTypestring

The type of the policy level. The following values are available:

  • account: An account policy applies to all environments of an account.
  • environment: An environment policy applies to a specific environment.

Each level inherits policies of a higher level and extends it with its own policies.

pathrequired
levelIdstring

The ID of the policy level. Use one of the following values, depending on the level type:

  • account: use the UUID of the account.
  • environment: use the ID of the environment.
pathrequired
bodyCreateOrUpdateLevelPolicyRequestDto

The JSON body of the request. Contains the configuration of a new policy.

bodyrequired

Request body objects

The CreateOrUpdateLevelPolicyRequestDto object

ElementTypeDescriptionRequired
namestring

The display name of the policy.

required
descriptionstring

A short description of the policy.

required
tagsstring[]

A list of tags.

required
statementQuerystring

The statement of the policy.

required

Request body JSON model

This is a model of the request body, showing the possible elements. It has to be adjusted for usage in an actual request.

json
{
  "name": "string",
  "description": "string",
  "tags": [
    "string"
  ],
  "statementQuery": "string"
}

Response

Response codes

CodeTypeDescription
201LevelPolicyDto

Success. The policy has been created. The response contains the configuration of the policy.

400ErrorDto

Failed. The request is invalid

404ErrorDto

Failed. The specified resource is not found.

422ErrorDto

The specified response not found

Response body objects

The LevelPolicyDto object

ElementTypeDescription
uuidstring

The ID of the policy.

namestring

The display name of the policy.

tagsstring[]

A list of tags.

descriptionstring

A short description of the policy.

statementQuerystring

The statement of the policy.

statementsStatement[]

The expanded form of the policy statement.

The Statement object

ElementTypeDescription
effectstring

The effect of the policy (for example, allow something).

servicestring

The service to which the policy applies.

permissionsstring[]

A list of granted permissions.

conditionsCondition[]

A list of conditions limiting the granted permissions.

The Condition object

ElementTypeDescription
namestring

The name of the condition.

It indicates which part of the services is checked by the condition.

operatorstring

The operator of the condition.

valuesstring[]

A list of reference values of the condition.

Response body JSON model

json
{
  "uuid": "string",
  "name": "string",
  "tags": [
    "string"
  ],
  "description": "string",
  "statementQuery": "string",
  "statements": [
    {
      "effect": "string",
      "service": "string",
      "permissions": [
        "string"
      ],
      "conditions": [
        {
          "name": "string",
          "operator": "string",
          "values": [
            "string"
          ]
        }
      ]
    }
  ]
}

Validate payload

We recommend that you validate the payload before submitting it with an actual request. A response code of 200 indicates a valid payload.

The request consumes an application/json payload.

POST

https://api.dynatrace.com/iam/v1/repo/{levelType}/{levelId}/policies/validation

Authentication

To execute this request, you need the Allow IAM policy configuration for environments (iam-policies-management) permission assigned to your token. To learn how to obtain and use it, see Authentication.

Parameters

ParameterTypeDescriptionInRequired
levelTypestring

The type of the policy level. The following values are available:

  • account: An account policy applies to all environments of an account.
  • environment: An environment policy applies to a specific environment.

Each level inherits policies of a higher level and extends it with its own policies.

pathrequired
levelIdstring

The ID of the policy level. Use one of the following values, depending on the level type:

  • account: use the UUID of the account.
  • environment: use the ID of the environment.
pathrequired
bodyCreateOrUpdateLevelPolicyRequestDto

The JSON body of the request. Contains the configuration of a policy to be validated.

bodyrequired

Request body objects

The CreateOrUpdateLevelPolicyRequestDto object

ElementTypeDescriptionRequired
namestring

The display name of the policy.

required
descriptionstring

A short description of the policy.

required
tagsstring[]

A list of tags.

required
statementQuerystring

The statement of the policy.

required

Request body JSON model

This is a model of the request body, showing the possible elements. It has to be adjusted for usage in an actual request.

json
{
  "name": "string",
  "description": "string",
  "tags": [
    "string"
  ],
  "statementQuery": "string"
}

Example

In this example, the request creates an environment-level policy for the mySampleEnv environment that allows usage of the anomaly detection for services (builtin:anomaly-detection.services) schema from the Settings 2.0 framework.

Curl

bash
curl --request POST \
  --url https://api.dynatrace.com/iam/v1/repo/environment/mySampleEnv/policies/ \
  --header 'Authorization: Bearer abcdefjhij1234567890' \
  --header 'Content-Type: application/json' \
  --data '{
  "name": "apiExample",
  "description": "Example of an API request",
  "tags": [],
    "statementQuery": "ALLOW settings:schemas:read, settings:objects:write WHERE settings:schemaId = \"builtin:anomaly-detection.services\";"
}'

Request URL

http
https://api.dynatrace.com/iam/v1/repo/environment/mySampleEnv/policies/

Request body

json
{
  "name": "apiExample",
  "description": "Example of an API request",
  "tags": [],
    "statementQuery": "ALLOW settings:schemas:read, settings:objects:write WHERE settings:schemaId = \"builtin:anomaly-detection.services\";"
}

Response body

json
{
  "uuid": "0c621587-f978-4c7b-89ee-d2045f611b03",
  "name": "apiExample",
  "description": "Example of an API request",
  "tags": [],
  "statementQuery": "ALLOW settings:schemas:read, settings:objects:write WHERE settings:schemaId = \"builtin:anomaly-detection.services\";",
  "statements": [
    {
      "effect": "ALLOW",
      "permissions": [
        "settings:schemas:read",
        "settings:objects:write"
      ],
      "conditions": [
        {
          "name": "settings:schemaId",
          "operator": "EQ",
          "values": [
            "builtin:anomaly-detection.services"
          ]
        }
      ]
    }
  ]
}

Response code

201