https://community.dynatrace.com/t5/Dynatrace-API/Policies-for-Access-Tokens/m-p/222916#M2875 <P>Hi,</P><P>I don't remember there being an option to narrow down the permissions that much. What I would try is to create permissions (Manage monitoring settings)for a specific Management Zone. Then you would gain permissions to configure alert profiles, for example.</P><P><EM>"Manage monitoring settings: Allows the changing of entity settings within a management zone, for example, the ability to record or edit synthetic monitors. It also grants access to some items in the global settings menu but only allows making modifications to assigned management zones. For example, alerting profiles can only be created and changed for a specific management zone."</EM></P><P>For the API, you have to use the settings.read and settings.write scopes to make the changes you want:</P><P><A href="https://www.dynatrace.com/support/help/dynatrace-api/environment-api/settings/schemas/builtin-alerting-profile" target="_blank">https://www.dynatrace.com/support/help/dynatrace-api/environment-api/settings/schemas/builtin-alerting-profile</A></P><P>You can narrow down the scope by specifying additional parameters like the name of the MZ, etc....</P><P>Radek</P> Wed, 13 Sep 2023 10:05:33 GMT radek_jasinski 2023-09-13T10:05:33Z https://community.dynatrace.com/t5/Dynatrace-API/Policies-for-Access-Tokens/m-p/222905#M2874 <P>Hi all,</P> <P>For a customer it would be ideal if I could get an access token with custom policies instead of the pre-set write settings.</P> <P>I need a token with two very specific policies assigned to it. Edit alerting profiles and edit notifications. Is it possible to connect tokens and policies or select a custom scope of tokens? As far as I know, policies are specific to user accounts but maybe someone has an idea or I am missing something. <span class="lia-unicode-emoji" title=":slightly_smiling_face:">🙂</span> Help is greatly appreciated!</P> Mon, 16 Oct 2023 17:22:08 GMT https://community.dynatrace.com/t5/Dynatrace-API/Policies-for-Access-Tokens/m-p/222905#M2874 marina_pollehn 2023-10-16T17:22:08Z https://community.dynatrace.com/t5/Dynatrace-API/Policies-for-Access-Tokens/m-p/222916#M2875 <P>Hi,</P><P>I don't remember there being an option to narrow down the permissions that much. What I would try is to create permissions (Manage monitoring settings)for a specific Management Zone. Then you would gain permissions to configure alert profiles, for example.</P><P><EM>"Manage monitoring settings: Allows the changing of entity settings within a management zone, for example, the ability to record or edit synthetic monitors. It also grants access to some items in the global settings menu but only allows making modifications to assigned management zones. For example, alerting profiles can only be created and changed for a specific management zone."</EM></P><P>For the API, you have to use the settings.read and settings.write scopes to make the changes you want:</P><P><A href="https://www.dynatrace.com/support/help/dynatrace-api/environment-api/settings/schemas/builtin-alerting-profile" target="_blank">https://www.dynatrace.com/support/help/dynatrace-api/environment-api/settings/schemas/builtin-alerting-profile</A></P><P>You can narrow down the scope by specifying additional parameters like the name of the MZ, etc....</P><P>Radek</P> Wed, 13 Sep 2023 10:05:33 GMT https://community.dynatrace.com/t5/Dynatrace-API/Policies-for-Access-Tokens/m-p/222916#M2875 radek_jasinski 2023-09-13T10:05:33Z https://community.dynatrace.com/t5/Dynatrace-API/Policies-for-Access-Tokens/m-p/222926#M2876 <P>The problem is that these permissions are only usable for users, not tokens/API . <span class="lia-unicode-emoji" title=":disappointed_face:">😞</span> the read and write API settings are way to broad for us.... Maybe something can be achieved with some scripting here.</P> Wed, 13 Sep 2023 11:34:02 GMT https://community.dynatrace.com/t5/Dynatrace-API/Policies-for-Access-Tokens/m-p/222926#M2876 marina_pollehn 2023-09-13T11:34:02Z https://community.dynatrace.com/t5/Dynatrace-API/Policies-for-Access-Tokens/m-p/222936#M2877 <P>In my opinion, this is currently the only method. You can submit a product idea for Dynatrace to allow more complex permission management on the settings tab.&nbsp;<span class="lia-unicode-emoji" title=":smiling_face_with_smiling_eyes:">😊</span></P> Wed, 13 Sep 2023 12:11:59 GMT https://community.dynatrace.com/t5/Dynatrace-API/Policies-for-Access-Tokens/m-p/222936#M2877 radek_jasinski 2023-09-13T12:11:59Z