IAM services reference

All supported values for each IAM service, permission, and condition are listed below. Use them to define access policies based on a fine-grained set of permissions and conditions that can be enforced per service.

settings

Settings service

settings:objects:read

Enables reading of settings objects belonging to the schema

Conditions:

  • settings:schemaId — A string that uniquely identifies a single settings schema. The identifier of a schema can either be found via the dedicated schema endpoint in the Dynatrace Environment API or in the info box of a settings screen. The condition will match if the object's schemaId property matches.
    • operators: IN, =, !=
  • settings:schemaGroup — A schema group that allows to address multiple individual schemas at once. The group of a schema can either be found via the dedicated schema endpoint in the Dynatrace Environment API or in the info box of a settings screen. The condition will match if the schema of the object has a schemaGroup property that matches.
    • operators: IN, =

settings:objects:write

Enables writing of settings objects belonging to the schema

Conditions:

  • settings:schemaId — A string that uniquely identifies a single settings schema. The identifier of a schema can either be found via the dedicated schema endpoint in the Dynatrace Environment API or in the info box of a settings screen. The condition will match if the object's schemaId property matches.
    • operators: IN, =, !=
  • settings:schemaGroup — A schema group that allows to address multiple individual schemas at once. The group of a schema can either be found via the dedicated schema endpoint in the Dynatrace Environment API or in the info box of a settings screen. The condition will match if the schema of the object has a schemaGroup property that matches.
    • operators: IN, =

settings:schemas:read

Enables reading settings schemas

Conditions:

  • settings:schemaId — A string that uniquely identifies a single settings schema. The identifier of a schema can either be found via the dedicated schema endpoint in the Dynatrace Environment API or in the info box of a settings screen. The condition will match if the schema's schemaId property of the schema matches.
    • operators: IN, =, !=
  • settings:schemaGroup — A schema group that allows to address multiple individual schemas at once. The group of a schema can either be found via the dedicated schema endpoint in the Dynatrace Environment API or in the info box of a settings screen. The condition will match if the schema's schemaId property of the schema matches.
    • operators: IN, =

cloudautomation

Cloud Automation

cloudautomation:instance:manage

Enables the management of a Cloud Automation instance.

cloudautomation:statistics:read

Allows to read the usage statistics of a Cloud Automation instance.