Manage user groups and permissions

In Dynatrace SaaS, select Account settings from the user profile menu in the upper-right to manage users and user groups.

  • License details—View license quotas and consumption details.
  • Contact information—Update your company information.
  • Environment management—Update environment settings like name and time zone.
  • Identity management
    • User management—Assign users to groups (to provide permissions to users), invite new users, and resend invitations to people who lose their invitations.
    • Group management—Assign permissions to groups. Group members inherit the permissions assigned to groups.
    • Single sign-on—Configure SSO user authentication.

Password policy

Dynatrace passwords must meet the following requirements:

  • Minimum length: 12 characters
  • A mix of uppercase and lowercase letters
  • At least one number or special character

There is no enforced password expiration.


You can assign a predefined set of permissions to a group. Once a group is defined, you can add users to the group. Users can belong to more than one group and inherit the permissions of the groups that they belong to. You can modify or create groups to suit your needs.

  • Account permissions

  • Environment permissions

  • Management-zone permissions

Relationship between environment and management-zone permissions

When you provide any permission other than Access environment at the environment level, Access environment is automatically enabled as well for the environment. Likewise, when you provide any permission other than Access environment at the management-zone level, Access environment is automatically enabled for the management zone.

Management zones are designed to provide targeted and limited access to certain entities within an environment. If you wish to provide a permission to users accessing a management zone, we recommend that you use the management-zone-level permissions. Any permission you provide at the environment level supersedes and adds to those at the management-zone level. In other words, management-zone permissions cannot be used to limit permissions already provided at the environment level.

Take the example of a management zone containing three hosts out of five total hosts in an environment. If you grant the View logs permission to the management zone, viewers can see the Logs tab with information for the three hosts in the management zone. However, if you remove the same permission at the management-zone level and provide it at the environment level, users will be able to:

  • Access All management zones from the management zones filter on the menu bar.
  • See the Logs tab for all five hosts in the environment when viewing All management zones.
  • See the Logs tab for the three hosts in the assigned management zone when they switch to it.


Dynatrace provides separate permissions for account and environment users. To get you started, Dynatrace provides a default set of editable groups. You can edit and adapt these default groups to fit your needs or you can create new groups.