Policy management API - PUT a policy

Edits an existing access policy. You can't edit a global-level policy, as these are managed by Dynatrace.

If the specified policy doesn't exist, a new policy is created instead.

The request consumes and produces an application/json payload.

PUT	`https://api.dynatrace.com/iam/v1/repo/{levelType}/{levelId}/policies/{policyUuid}`

Authentication

To execute this request, you need the Allow IAM policy configuration for environments (iam-policies-management) permission assigned to your token. To learn how to obtain and use it, see Authentication.

Parameters

Parameter	Type	Description	In	Required
levelType	string	The type of the policy level. The following values are available: `account`: An account policy applies to all environments of an account. `environment`: An environment policy applies to a specific environment. Each level inherits policies of a higher level and extends it with its own policies.	path	required
levelId	string	The ID of the policy level. Use one of the following values, depending on the level type: account: use the UUID of the account. environment: use the ID of the environment.	path	required
policyUuid	string	The ID of the required policy.	path	required
body	CreateOrUpdateLevelPolicyRequestDto	The JSON body of the request. Contains the updated configuration of a policy.	body	required

Request body objects

The `CreateOrUpdateLevelPolicyRequestDto` object

Element	Type	Description	Required
name	string	The display name of the policy.	required
description	string	A short description of the policy.	required
tags	string[]	A list of tags.	required
statementQuery	string	The statement of the policy.	required

Request body JSON model

This is a model of the request body, showing the possible elements. It has to be adjusted for usage in an actual request.

json
{
  "name": "string",
  "description": "string",
  "tags": [
    "string"
  ],
  "statementQuery": "string"
}

Response

Response codes

Code	Type	Description
201	LevelPolicyDto	Success. The policy has been created. The response contains the configuration of the policy.
204		Success. The policy has been updated. The response doesn't have a body.
400	ErrorDto	Failed. The request is invalid
404	ErrorDto	Failed. The specified resource is not found.
422	ErrorDto	The specified response not found

Response body objects

The `LevelPolicyDto` object

Element	Type	Description
uuid	string	The ID of the policy.
name	string	The display name of the policy.
tags	string[]	A list of tags.
description	string	A short description of the policy.
statementQuery	string	The statement of the policy.
statements	Statement[]	The expanded form of the policy statement.

The `Statement` object

Element	Type	Description
effect	string	The effect of the policy (for example, allow something).
service	string	The service to which the policy applies.
permissions	string[]	A list of granted permissions.
conditions	Condition[]	A list of conditions limiting the granted permissions.

The `Condition` object

Element	Type	Description
name	string	The name of the condition. It indicates which part of the services is checked by the condition.
operator	string	The operator of the condition.
values	string[]	A list of reference values of the condition.

Element

Type

Description

name

string

The name of the condition.

It indicates which part of the services is checked by the condition.

operator

string

The operator of the condition.

values

string[]

A list of reference values of the condition.

Response body JSON model

json
{
  "uuid": "string",
  "name": "string",
  "tags": [
    "string"
  ],
  "description": "string",
  "statementQuery": "string",
  "statements": [
    {
      "effect": "string",
      "service": "string",
      "permissions": [
        "string"
      ],
      "conditions": [
        {
          "name": "string",
          "operator": "string",
          "values": [
            "string"
          ]
        }
      ]
    }
  ]
}

Validate payload

We recommend that you validate the payload before submitting it with an actual request. A response code of 200 indicates a valid payload.

The request consumes an application/json payload.

POST	`https://api.dynatrace.com/iam/v1/repo/{levelType}/{levelId}/policies/validation/{policyUuid}`

Authentication

Parameters

Parameter	Type	Description	In	Required
levelType	string	The type of the policy level. The following values are available: `account`: An account policy applies to all environments of an account. `environment`: An environment policy applies to a specific environment. Each level inherits policies of a higher level and extends it with its own policies.	path	required
levelId	string	The ID of the policy level. Use one of the following values, depending on the level type: account: use the UUID of the account. environment: use the ID of the environment.	path	required
policyUuid	string	The ID of the policy to be validated.	path	required
body	CreateOrUpdateLevelPolicyRequestDto	The JSON body of the request. Contains the configuration of a policy to be validated.	body	required

Request body objects

The `CreateOrUpdateLevelPolicyRequestDto` object

Element	Type	Description	Required
name	string	The display name of the policy.	required
description	string	A short description of the policy.	required
tags	string[]	A list of tags.	required
statementQuery	string	The statement of the policy.	required

Request body JSON model

This is a model of the request body, showing the possible elements. It has to be adjusted for usage in an actual request.

json
{
  "name": "string",
  "description": "string",
  "tags": [
    "string"
  ],
  "statementQuery": "string"
}

Example

In this example, the request updates the apiExample policy from the POST request example. It changes the name and adds permission to read objects (settings:objects:read in the value of the statementQuery parameter) based on the anomaly detection for services (builtin:anomaly-detection.services) schema from the Settings 2.0 framework. The response code of 204 indicates successful modification.

Curl

bash
curl --request PUT \
  --url https://api.dynatrace.com/iam/v1/repo/environment/mySampleEnv/policies/0c621587-f978-4c7b-89ee-d2045f611b03 \
  --header 'Authorization: Bearer abcdefjhij1234567890' \
  --header 'Content-Type: application/json' \
  --data '{
  "name": "apiExample - updated",
  "description": "Example of an API request",
  "tags": [],
    "statementQuery": "ALLOW settings:schemas:read, settings:objects:write,  settings:objects:read  WHERE settings:schemaId = \"builtin:anomaly-detection.services\";"
}'

Request URL

http
https://api.dynatrace.com/iam/v1/repo/environment/mySampleEnv/policies/0c621587-f978-4c7b-89ee-d2045f611b03

Request body

json
{
  "name": "apiExample - updated",
  "description": "Example of an API request",
  "tags": [],
    "statementQuery": "ALLOW settings:schemas:read, settings:objects:write,  settings:objects:read  WHERE settings:schemaId = \"builtin:anomaly-detection.services\";"
}

Response code

204

Policy management API - PUT a policy

Authentication

Parameters

Request body objects

The CreateOrUpdateLevelPolicyRequestDto object

Request body JSON model

Response

Response codes

Response body objects

The LevelPolicyDto object

The Statement object

The Condition object

Response body JSON model

Validate payload

Authentication

Parameters

Request body objects

The CreateOrUpdateLevelPolicyRequestDto object

Request body JSON model

Example

Curl

Request URL

Request body

Response code

The `CreateOrUpdateLevelPolicyRequestDto` object

The `LevelPolicyDto` object

The `Statement` object

The `Condition` object

The `CreateOrUpdateLevelPolicyRequestDto` object