User groups and permissions

You need to configure user groups in Dynatrace Managed to allow access to your monitoring environment or your Dynatrace Server.

Manage groups and users

A default administrator account is created during Dynatrace Managed installation. This account exists regardless of the authentication type you select (internal or LDAP). The default administrator account has cluster permissions.

You can manage users and groups through Cluster Management Console by selecting User authentication in the navigation menu.

To create a group

  1. Select User authentication > User groups in the navigation menu.
  2. Select Add new group.
  3. Assign permissions to the newly created group
    • To assign administration permissions to the group, set Grant global administrator permissions to this group to the On position. The group will have access rights to all environments.
    • To assign individual access rights for each environment, enter a comma-separated list of LDAP group names that should be mapped to this user group.

To create a user

  1. Select User authentication > User accounts in the navigation menu.
  2. Select Add new user.
    Note: This option is available only if you are using an internal database, not LDAP.

To assign a user to groups

  1. Select User authentication > User accounts in the navigation menu.
  2. Select the user.
  3. Select Add in the Add group assignments section.
    Note: A group cannot be assigned if there are no permissions specified for this group.


You can assign a pre-defined set of permissions to a group. Once a group is defined, you can add users to the group. Added users inherit the permissions of the groups they are assigned to. Any group can be modified to fit your needs. You can even create new groups and assign permissions to them.

Cluster permissions

Users assigned to groups with this permission are automatically given administrator access rights for all environments. They have access to Cluster Management Console and can manage your monitoring environments and Dynatrace Server. Users assigned to groups with this permission can also:

  • Add new Dynatrace Server nodes
  • Upgrade Dynatrace Server
  • Manage Dynatrace Managed users and user groups
  • Install Dynatrace OneAgent into any monitoring environment
  • Configure monitoring settings for any monitoring environment

Environment permissions

Dynatrace provides the following environment-based permissions:

  • Access environment. Allows read-only access to the environment. Can't change settings or install OneAgent.
  • Change monitoring settings. Allows changing of all environment settings. Can't install OneAgent.
  • Download & install OneAgent. Allows download of OneAgent and installation on hosts. Can't change settings.
  • View logs. Allows access to sensitive log file data.
  • View sensitive request data. Allows viewing of potentially personal data. Users that don't have this permission see that the data point exists but the personal data is masked out with *****.
  • Configure request capture data. Allows configuration of request-data capture rules. These can be used to capture elements such as HTTP headers or Post parameters for storage, filtering, and search.