In Dynatrace SaaS, select Account settings from the user profile menu in the upper-right to manage users and user groups.
- License details - View license quotas & consumption details.
- Contact information - Update your company info.
- User management - Assign users to groups and invite new users. Assign permissions by assigning users to groups.
- Group management - Assign permissions to groups. Group members inherit the permissions assigned to groups.
- Single sign-on - Configure SSO user authentication.
You can assign a pre-defined set of permissions to a group. After a group is defined, you can add users to the group. Users inherit the permissions of the groups that they belong to. You can modify or create groups to suit your needs.
Dynatrace provides the following environment-based permissions:
- Access environment. Allows read-only access to the environment. Can't change settings or install OneAgent.
- Change monitoring settings. Allows changing of all environment settings. Can't install OneAgent.
- Download & install OneAgent. Allows download of OneAgent and installation on hosts. Can't change settings.
- View logs. Allows access to sensitive log file data.
- View sensitive request data. Allows viewing of potentially personal data. Users who don't have this permission see that the data point exists but the personal data is masked out with asterisks (
- Configure capture of sensitive data. Allows configuration of request-attribute capture rules. These can be used to capture elements such as HTTP headers or Post parameters for storage, filtering, and search.
Dynatrace provides the following account-based permissions:
Access account. Allows access to the account to view environment data (host hours, sessions, synthetic monitors) and view links to Dynatrace Help and Dynatrace ONE (create tickets, view documentation, and visit forums). No access to billing or user/group management.
Edit billing & account info. Allows access to payment data (credit card details), billing data (invoices), and contact information (company contact data).
Manage users. Allows access to user management (add, edit, remove users to groups) and group management (create, edit, delete groups). Users with the Manage users permission can perform the following operations:
- Group management
- View lists of groups: select Group management from the menu.
- Create groups: select Group management and click the Create new group button. At least one permission per group must be selected.
- Edit groups: select Group management and click in the Edit column for the group you want to edit.
- Delete groups: select Group management and click in the Delete column for the group you want to delete.
- User management
- View a list of users: select User management from the menu.
- Invite users to an account: select User management and click the Invite user button. A user must be assigned to at least one group.
- Expand Permission preview to see the permissions the user inherits from all the groups they belong to.
- If you don't have the Manage users permission, you can use the Invite a co-worker option available on your account's Environment page.
- Edit group assignments: select User management and click in the Edit column for that user.
- Delete a user: select User management and click in the Delete column for that user.
Dynatrace provides separate permissions for account and environment users. To get you started, Dynatrace provides a default set of editable groups. You can edit and adapt these default groups to fit your needs or you can create new groups.
These are users who work with Dynatrace to monitor the health of the hosts, services, and infrastructure in their application environments.
Default groups for environment users
Dynatrace offers the following user groups with environment permissions:
- Monitoring admin has full environment access. Can change monitoring settings. Can download and install OneAgent.
- Deployment admin can download and install OneAgent. Has read-only access to the environment. Can’t change settings.
- Confidential data admin can view personal data (for example, method arguments) and configure request-data capture rules.
- Monitoring viewer can access the environment in read-only mode. Can’t change settings. Can’t download or install OneAgent.
- Log viewer can access and view the contents of log files. Reserved for users who need access to sensitive log file data. No other access rights.
These are users who are involved in managing account details such as company addresses, billing, payment information, and user management.
Default groups for account users
Dynatrace offers the following user groups with account permissions:
- Account manager has full account access. Can view and edit company data, enter credit card data, review invoices, create and edit groups, and add users to groups. Also has access to environment consumption data, Help, and Support.
- Finance admin can enter credit card data and review invoices. Has access to environment consumption data, Help, and Support. Can’t edit groups or assign users to groups. No access to company/billing address info.
- Account viewer has access to environment consumption data, Help, and Support. No access to credit card data, invoices, or company/billing address info. Can’t edit groups or assign users to groups.