Manage IAM policies
Use these procedures in the Dynatrace web UI to manage Dynatrace IAM policies.
To instead use the API to manage IAM policies, go to:
- Dynatrace SaaS: Dynatrace Account Management API 1.0
- Dynatrace Managed: IAM API is available as part of Cluster API v2
List IAM policies
To list configured IAM policies, go to the Policy management page:
- Dynatrace SaaS: in the user menu, go to Account settings and select Identity management > Policy management.
- Dynatrace Managed: in the Cluster Management Console, select User authentication > Policy management.
The Policy management page lists all existing policies that you can bind to user groups:
- Policy—the name of the policy
- Policy Description—a brief description of the policy
- Organization level—
global
,account
(cluster
in a Dynatrace Managed deployment), orenvironment
- Actions—view, edit, or delete that row's policy
Built-in policies
To let you use policies right away, Dynatrace IAM is shipped with preconfigured policies:
Settings Reader
: grants permission to read Dynatrace settingsSettings Writer
: grants permission to write Dynatrace settings
Create a policy
To create a policy, select Add policy and enter the following:
Element | Description |
---|---|
Policy | The name of the policy. |
Description | A brief description of the policy. |
Organization level | Each policy has a level that determines its scope:
|
Policy statements | A statement specifying exactly what this policy allows. It is also possible to combine multiple permissions in a single statement: This feature is particularly useful for managing policies with complicated conditions. |
SchemaId condition
A schemaId condition defines which part of the settings a user can have access to in the settings UI.
Services
Currently, only Dynatrace Settings 2.0 service is supported. We plan to add more services.
Available services include:
Service name | Service description |
---|---|
| Dynatrace Settings 2.0 service. |
Edit a policy
To edit an existing policy
- Go to the Policy management page:
- Dynatrace SaaS: Identity management > Policy management.
- Dynatrace Managed: User authentication > Policy management.
- Find the policy you want to edit.
You can filter the list by name and organization level. - Select the Edit button for the policy.
Delete a policy
To delete a policy
-
Go to the Policy management page:
- Dynatrace SaaS: Identity management > Policy management.
- Dynatrace Managed: User authentication > Policy management.
-
Find the policy you want to edit.
You can filter the list by name and organization level. -
Select the Edit button for the policy.
-
Select Delete policy.
NoteIn Dynatrace Managed, the change takes effect in a few minutes.
To change the delay, modify property
policyRefreshIntervalSeconds
in theiam
section of the config file.
Copy a policy
To copy an existing policy
- Go to the Policy management page:
- Dynatrace SaaS: Identity management > Policy management.
- Dynatrace Managed: User authentication > Policy management.
- Open an existing policy for editing.
- Copy the contents of Policy statements to the clipboard.
- Go back to the Policy management page.
- Select Add policy.
- Paste the copied policy statements into Policy statements.
- Complete the rest of the policy definition.
Apply a policy to a group
To apply a policy to a group, you need to bind the policy to the group. For details on managing group permissions with IAM, see Manage group permissions with IAM policies.