• Home
  • How to use Dynatrace
  • User management and SSO
  • Manage user groups and permissions
  • Manage policies and groups with Dynatrace IAM
  • IAM services reference

IAM services reference

All supported values for each IAM service, permission, and condition are listed below. Use them to define access policies based on a fine-grained set of permissions and conditions that can be enforced per service.

  • For an overview of Dynatrace IAM, see Manage policies and groups with Dynatrace IAM
  • For some syntax help and examples, see IAM policy statement syntax and examples
  • To list all REST API calls, see Dynatrace Account Management API 1.0
  • To see examples of Dynatrace web UI and REST API configuration procedures, see IAM by example

cloudautomation

Cloud Automation

cloudautomation:instance:manage

Enables the management of a Cloud Automation instance.

cloudautomation:statistics:read

Allows to read the usage statistics of a Cloud Automation instance.

settings

Settings service

settings:objects:read

Enables reading of settings objects belonging to the schema

Conditions:

  • settings:schemaId - A string that uniquely identifies a single settings schema. The identifier of a schema can either be found via the dedicated schema endpoint in the Dynatrace Environment API or in the info box of a settings screen. The condition will match if the object's schemaId property matches.
    • operators: IN ,= ,!=
  • settings:schemaGroup - A schema group that allows to address multiple individual schemas at once. The group of a schema can either be found via the dedicated schema endpoint in the Dynatrace Environment API or in the info box of a settings screen. The condition will match if the schema of the object has a schemaGroup property that matches.
    • operators: IN ,=
  • settings:entity.hostGroup - The host group attribute of an entity for which a setting is stored. This is e.g. useful to grant access to settings scopes of all hosts which belong to the same host group.
    • operators: IN ,= ,!=

settings:objects:write

Enables writing of settings objects belonging to the schema

Conditions:

  • settings:schemaId - A string that uniquely identifies a single settings schema. The identifier of a schema can either be found via the dedicated schema endpoint in the Dynatrace Environment API or in the info box of a settings screen. The condition will match if the object's schemaId property matches.
    • operators: IN ,= ,!=
  • settings:schemaGroup - A schema group that allows to address multiple individual schemas at once. The group of a schema can either be found via the dedicated schema endpoint in the Dynatrace Environment API or in the info box of a settings screen. The condition will match if the schema of the object has a schemaGroup property that matches.
    • operators: IN ,=
  • settings:entity.hostGroup - The host group attribute of an entity for which a setting is stored. This is e.g. useful to grant access to settings scopes of all hosts which belong to the same host group.
    • operators: IN ,= ,!=

settings:schemas:read

Enables reading settings schemas

Conditions:

  • settings:schemaId - A string that uniquely identifies a single settings schema. The identifier of a schema can either be found via the dedicated schema endpoint in the Dynatrace Environment API or in the info box of a settings screen. The condition will match if the schema's schemaId property of the schema matches.
    • operators: IN ,= ,!=
  • settings:schemaGroup - A schema group that allows to address multiple individual schemas at once. The group of a schema can either be found via the dedicated schema endpoint in the Dynatrace Environment API or in the info box of a settings screen. The condition will match if the schema's schemaId property of the schema matches.
    • operators: IN ,=