In Dynatrace SaaS, select Account settings from the user profile menu in the upper-right to manage users and user groups.
- License details - View license quotas & consumption details.
- Contact information - Update your company info.
- Environment management - Update environment settings like name and time zone.
- Identity management
- User management - Assign users to groups (to assign permissions to users), invite new users, and resend invitations to people who lose their invitations.
- Group management - Assign permissions to groups. Group members inherit the permissions assigned to groups.
- Single sign-on - Configure SSO user authentication.
Dynatrace passwords must meet the following requirements:
- Minimum length: 12 characters
- A mix of uppercase and lowercase letters
- At least one number or special character
There is no enforced password expiration.
You can assign a predefined set of permissions to a group. After a group is defined, you can add users to the group. Users inherit the permissions of the groups that they belong to. You can modify or create groups to suit your needs.
Environment permissions details
Dynatrace provides the following environment-based permissions:
- Access environment. Allows read-only access to the environment. Can't change settings or install OneAgent.
- Change monitoring settings. Allows changing of all environment settings. Can't install OneAgent.
- View logs. Allows access to sensitive log file data.
- View sensitive request data. Allows viewing of potentially personal data, including downloading memory dumps. Users who don't have this permission see that the data point exists but the personal data is masked out with asterisks (
- Download/install OneAgent. Allows download of OneAgent and installation on hosts. Can't change settings.
- Configure capture of sensitive data. Allows configuration of request-attribute capture rules. These can be used to capture elements such as HTTP headers or Post parameters for storage, filtering, and search. Also allows manually triggering memory dumps.
Account permissions details
Dynatrace provides the following account-based permissions:
Access account. Allows access to the account to view environment data (host hours, sessions, synthetic monitors) and view links to Dynatrace Help and Dynatrace ONE (create tickets, view documentation, and visit forums). No access to billing or user/group management.
Edit billing & account info. Allows access to payment data (credit card details), billing data (invoices), and contact information (company contact data).
Identity management. Allows access to user management (add, edit, remove users to groups) and group management (create, edit, delete groups).
Users with the Manage users permission can perform the following operations:
- Identity management > Group management
- View lists of groups: select Group management from the menu.
- Create groups: select Group management and click Add group. At least one permission per group must be selected.
- Edit groups: select Group management and click in the Edit column for the group you want to edit.
- Delete groups: select Group management and click in the Delete column for the group you want to delete.
- Identity management > User management
- View a list of users: select User management from the menu.
- Export a list of users: select User management from the menu and then click Export user list button to create a CSV file of users.
- Invite users to an account: select User management and click Invite user. A user must be assigned to at least one group.
- Permissions preview shows permissions that the user inherits from selected groups.
- Resend invitation sends another invitation if an invited user loses their invitation.
- Edit group assignments: select User management, click in the Edit column for a user, and select or clear group check boxes to assign the user to groups.
- Set a filter to focus the list on just the groups you want to see
- Click the Select column header to sort the list by whether the group is selected
- Delete a user: select User management and click in the Delete column for that user.
- Identity management > Single sign-on
Configure user authentication for multiple domains. If you want to use your corporate credentials for authentication in Dynatrace SaaS, you can set up SAML to delegate the authentication to your identity provider. As a prerequisite, you need to verify ownership of your domain by adding a resource record to your domain. For details, see:
- Manage users and groups with SAML in Dynatrace SaaS
- Identity management > Group management
Management zone permissions
Management zone permissions details
- Access environment
- Change monitoring settings
- View logs
- View sensitive request data
For details on management zones, see Management zones.
Dynatrace provides separate permissions for account and environment users. To get you started, Dynatrace provides a default set of editable groups. You can edit and adapt these default groups to fit your needs or you can create new groups.
These are users who work with Dynatrace to monitor the health of the hosts, services, and infrastructure in their application environments.
Default groups for environment users
Dynatrace offers the following user groups with environment permissions:
- Monitoring admin has full environment access. Can change monitoring settings. Can download and install OneAgent.
- Deployment admin can download and install OneAgent. Has read-only access to the environment. Can’t change settings.
- Confidential data admin can view personal data (for example, method arguments) and configure request-data capture rules.
- Monitoring viewer can access the environment in read-only mode. Can’t change settings. Can’t download or install OneAgent.
- Log viewer can access and view the contents of log files. Reserved for users who need access to sensitive log file data. No other access rights.
These are users who are involved in managing account details such as company addresses, billing, payment information, and user management.
Default groups for account users
Dynatrace offers the following user groups with account permissions:
- Account manager has full account access. Can view and edit company data, enter credit card data, review invoices, create and edit groups, and add users to groups. Also has access to environment consumption data, Help, and Support.
- Finance admin can enter credit card data and review invoices. Has access to environment consumption data, Help, and Support. Can’t edit groups or assign users to groups. No access to company/billing address info.
- Account viewer has access to environment consumption data, Help, and Support. No access to credit card data, invoices, or company/billing address info. Can’t edit groups or assign users to groups.