IAM services reference
All supported values for each IAM service, permission, and condition are listed below. Use them to define access policies based on a fine-grained set of permissions and conditions that can be enforced per service.
- For an overview of Dynatrace IAM, see Manage policies and groups with Dynatrace IAM
- For some syntax help and examples, see IAM policy statement syntax and examples
- To list all REST API calls, see Dynatrace Account Management API 1.0
- To see examples of Dynatrace web UI and REST API configuration procedures, see IAM by example
settings
Settings service
settings:objects:read
Enables reading of settings objects belonging to the schema
Conditions:
settings:schemaId
- A string that uniquely identifies a single settings schema. The identifier of a schema can either be found via the dedicated schema endpoint in the Dynatrace Environment API or in the info box of a settings screen. The condition will match if the object's schemaId property matches.- operators:
IN
,=
,!=
- operators:
settings:schemaGroup
- A schema group that allows to address multiple individual schemas at once. The group of a schema can either be found via the dedicated schema endpoint in the Dynatrace Environment API or in the info box of a settings screen. The condition will match if the schema of the object has a schemaGroup property that matches.- operators:
IN
,=
- operators:
settings:entity.hostGroup
- The host group attribute of an entity for which a setting is stored. This is e.g. useful to grant access to settings scopes of all hosts which belong to the same host group.- operators:
IN
,=
,!=
- operators:
settings:objects:write
Enables writing of settings objects belonging to the schema
Conditions:
settings:schemaId
- A string that uniquely identifies a single settings schema. The identifier of a schema can either be found via the dedicated schema endpoint in the Dynatrace Environment API or in the info box of a settings screen. The condition will match if the object's schemaId property matches.- operators:
IN
,=
,!=
- operators:
settings:schemaGroup
- A schema group that allows to address multiple individual schemas at once. The group of a schema can either be found via the dedicated schema endpoint in the Dynatrace Environment API or in the info box of a settings screen. The condition will match if the schema of the object has a schemaGroup property that matches.- operators:
IN
,=
- operators:
settings:entity.hostGroup
- The host group attribute of an entity for which a setting is stored. This is e.g. useful to grant access to settings scopes of all hosts which belong to the same host group.- operators:
IN
,=
,!=
- operators:
settings:schemas:read
Enables reading settings schemas
Conditions:
settings:schemaId
- A string that uniquely identifies a single settings schema. The identifier of a schema can either be found via the dedicated schema endpoint in the Dynatrace Environment API or in the info box of a settings screen. The condition will match if the schema's schemaId property of the schema matches.- operators:
IN
,=
,!=
- operators:
settings:schemaGroup
- A schema group that allows to address multiple individual schemas at once. The group of a schema can either be found via the dedicated schema endpoint in the Dynatrace Environment API or in the info box of a settings screen. The condition will match if the schema's schemaId property of the schema matches.- operators:
IN
,=
- operators:
cloudautomation
cloudautomation service
cloudautomation:instance:manage
Enables the management of a Cloud Automation instance.
cloudautomation:statistics:read
Allows to read the usage statistics of a Cloud Automation instance.