topic Re: DQL available for viewing and modifying in Dashboards Tiles with viewer role in Dashboarding

DQL available for viewing and modifying in Dashboards Tiles with viewer role

luisbsantos — Mon, 15 Jun 2026 18:19:30 GMT

I am working on some Dashboards that will be shared with other teams. My current solution, after trying to give the least possible available permissions, still lets anyone not only see but also modify and run DQL queries however they want - they just can't save the dashboard afterwards.

So a user with the least possible permissions (viewer only) can go to a simple dashboard, modify the DQL to something as simple as "fetch events" and have access to all the events within the timeframe. Or any other DQL query.

I tried restricting the accessm through exploring the Users/Groups Policies and also the Boundaries, but the only working solutions I got still let me run DQL queries with my test user.

Does anyone know how can I disable/block this behaviour?

Re: DQL available for viewing and modifying in Dashboards Tiles with viewer role

p_devulapalli — Tue, 16 Jun 2026 01:11:32 GMT

@luisbsantos If you are giving access to a dashboard for a user , you may not be able to block that user from running queries based on the way permissions work in Dynatrace at this point of time. When a user tries to access a dashboard the system would need to execute a DQL query in the backend to fetch the data based on the user permissions. So, we may not be able to allow dashboard access while explicitly preventing DQL execution.

If the concern is about unauthorized data access you can try limiting the access to data with policies instead

Re: DQL available for viewing and modifying in Dashboards Tiles with viewer role

luisbsantos — Tue, 16 Jun 2026 11:08:59 GMT

@p_devulapalli thank you for your response!

I obviously want the Dashboard to execute DQL - I need to display data with it so the clients can actually observe their systems. What I am very uncomfortable allowing is in any user being able to see and execute DQL queries after the initial DQL queries are displayed.

I've been reading the Dynatrace documentation but couldn't solve the unauthorized data access problem with policies, but I'm still on this (specially around the IAM policy reference - link here) Do you have any suggestion that might be useful?