https://community.dynatrace.com/t5/Open-Q-A/Properly-provide-access-to-New-UI-based-on-Management-Zones/m-p/236650#M30959 <P>Yep, just tested and worked as expected.</P><P>I have still used the Management Zones to limit the entity access in general UI views (host classic page, dashboard classic, data explorer, etc.) And for Grail access with DQL, I had to use the polices limiting the access by hostgroup (but I do assume it can be any metadata)</P><P>Example:</P><P>&nbsp;</P><P>&nbsp;</P><LI-CODE lang="markup">ALLOW storage:buckets:read; ALLOW storage:entities:read; ALLOW storage:system:read; ALLOW storage:metrics:read WHERE storage:dt.host_group.id STARTSWITH "my_host_group";</LI-CODE><P>&nbsp;</P><P>&nbsp;</P><P>It is not easy, but doable.</P> Thu, 08 Feb 2024 18:18:19 GMT dannemca 2024-02-08T18:18:19Z https://community.dynatrace.com/t5/Open-Q-A/Properly-provide-access-to-New-UI-based-on-Management-Zones/m-p/217592#M27476 <P>The new UI is there and we can use polices to provide users access to, based on this <A href="https://www.dynatrace.com/news/blog/tailored-access-management-part-2-onboard-users-to-grail-and-appengine/" target="_self">blog post</A>.</P> <P>But, my current env access is totally based on Management Zones. We have many teams which can access specific Management Zones, with no special permissions, other than access env and change monitoring permissions. We are not using polices yet, since not required. Until now.</P> <P>The appengine and grail access is not scoped at Management Zone levels, but entire environment, so I am struggling to proper set the polices rules for it.</P> <P>Has anyone face the same challenge?</P> <P>Any tip for the friend here?</P> <P>Thanks.</P> Thu, 07 Mar 2024 08:40:43 GMT https://community.dynatrace.com/t5/Open-Q-A/Properly-provide-access-to-New-UI-based-on-Management-Zones/m-p/217592#M27476 dannemca 2024-03-07T08:40:43Z https://community.dynatrace.com/t5/Open-Q-A/Properly-provide-access-to-New-UI-based-on-Management-Zones/m-p/217594#M27477 <P>Facing exactly same challenge as you <a href="https://community.dynatrace.com/t5/user/viewprofilepage/user-id/18264">@dannemca</a> currently under investigation by my side.</P> Tue, 11 Jul 2023 17:38:39 GMT https://community.dynatrace.com/t5/Open-Q-A/Properly-provide-access-to-New-UI-based-on-Management-Zones/m-p/217594#M27477 DanielS 2023-07-11T17:38:39Z https://community.dynatrace.com/t5/Open-Q-A/Properly-provide-access-to-New-UI-based-on-Management-Zones/m-p/217601#M27478 <P>I also let you know that I have a case with a detected bug if you have a policy with more than 100 lines you cannot edit it, they will notify me of a possible ETA for the solution. I found this when I was doing tests related to this topic.</P> Tue, 11 Jul 2023 18:16:40 GMT https://community.dynatrace.com/t5/Open-Q-A/Properly-provide-access-to-New-UI-based-on-Management-Zones/m-p/217601#M27478 DanielS 2023-07-11T18:16:40Z https://community.dynatrace.com/t5/Open-Q-A/Properly-provide-access-to-New-UI-based-on-Management-Zones/m-p/217626#M27481 <P>Well, I heard on a call last week that Management Zones are going away in roughly 18-24 months.&nbsp; I am trying to get more info on this from my account team and from the Western group that I was in and it was brought up on a call with IAM Policies.&nbsp; Will let you know when I hear more and find out more details.&nbsp; Very early stages from what I hear.</P> Tue, 11 Jul 2023 19:40:30 GMT https://community.dynatrace.com/t5/Open-Q-A/Properly-provide-access-to-New-UI-based-on-Management-Zones/m-p/217626#M27481 Kenny_Gillette 2023-07-11T19:40:30Z https://community.dynatrace.com/t5/Open-Q-A/Properly-provide-access-to-New-UI-based-on-Management-Zones/m-p/230356#M29863 <P>Hi&nbsp;<a href="https://community.dynatrace.com/t5/user/viewprofilepage/user-id/36140">@Kenny_Gillette</a>&nbsp;<BR />have you managed to get more information on the possible removal of management zones? this is also a key point for us, and we've heard absolutely nothing about it.</P> Thu, 30 Nov 2023 07:55:27 GMT https://community.dynatrace.com/t5/Open-Q-A/Properly-provide-access-to-New-UI-based-on-Management-Zones/m-p/230356#M29863 GerardJ 2023-11-30T07:55:27Z https://community.dynatrace.com/t5/Open-Q-A/Properly-provide-access-to-New-UI-based-on-Management-Zones/m-p/230453#M29877 <P>no information yet.&nbsp; Just reached out to my contacts at Dynatrace and they are researching.</P> Thu, 30 Nov 2023 15:04:37 GMT https://community.dynatrace.com/t5/Open-Q-A/Properly-provide-access-to-New-UI-based-on-Management-Zones/m-p/230453#M29877 Kenny_Gillette 2023-11-30T15:04:37Z https://community.dynatrace.com/t5/Open-Q-A/Properly-provide-access-to-New-UI-based-on-Management-Zones/m-p/235563#M30773 <P>Hi&nbsp;<a href="https://community.dynatrace.com/t5/user/viewprofilepage/user-id/18264">@dannemca</a>&nbsp;, Have you by any chance found an answer to your question , I am running into the same issue here..</P> Thu, 25 Jan 2024 18:56:08 GMT https://community.dynatrace.com/t5/Open-Q-A/Properly-provide-access-to-New-UI-based-on-Management-Zones/m-p/235563#M30773 soukainaB 2024-01-25T18:56:08Z https://community.dynatrace.com/t5/Open-Q-A/Properly-provide-access-to-New-UI-based-on-Management-Zones/m-p/235588#M30774 <P>Did you test the script mentioned in this blog entry?<BR /><A href="https://www.dynatrace.com/news/blog/tailored-access-management-part-2-onboard-users-to-grail-and-appengine/" target="_blank">https://www.dynatrace.com/news/blog/tailored-access-management-part-2-onboard-users-to-grail-and-appengine/</A></P> Fri, 26 Jan 2024 07:15:52 GMT https://community.dynatrace.com/t5/Open-Q-A/Properly-provide-access-to-New-UI-based-on-Management-Zones/m-p/235588#M30774 PacoPorro 2024-01-26T07:15:52Z https://community.dynatrace.com/t5/Open-Q-A/Properly-provide-access-to-New-UI-based-on-Management-Zones/m-p/236647#M30957 <P>I believe the access issue can be managed using custom buckets and polices, as per this blog: <A href="https://www.dynatrace.com/news/blog/enhance-data-management-with-grail-ultimate-guide-to-custom-buckets-and-security-policies/" target="_blank">https://www.dynatrace.com/news/blog/enhance-data-management-with-grail-ultimate-guide-to-custom-buckets-and-security-policies/</A> and this video: <A href="https://info.dynatrace.com/global-rm-enhanced-access-controls-with-record-level-permissions-23267-fulfillment.html" target="_blank">https://info.dynatrace.com/global-rm-enhanced-access-controls-with-record-level-permissions-23267-fulfillment.html</A></P><P>It does mention logs, but I believe it can be also applied to metrics buckets too.</P><P>I will do some tests and see if that works.</P> Thu, 08 Feb 2024 17:37:10 GMT https://community.dynatrace.com/t5/Open-Q-A/Properly-provide-access-to-New-UI-based-on-Management-Zones/m-p/236647#M30957 dannemca 2024-02-08T17:37:10Z https://community.dynatrace.com/t5/Open-Q-A/Properly-provide-access-to-New-UI-based-on-Management-Zones/m-p/236650#M30959 <P>Yep, just tested and worked as expected.</P><P>I have still used the Management Zones to limit the entity access in general UI views (host classic page, dashboard classic, data explorer, etc.) And for Grail access with DQL, I had to use the polices limiting the access by hostgroup (but I do assume it can be any metadata)</P><P>Example:</P><P>&nbsp;</P><P>&nbsp;</P><LI-CODE lang="markup">ALLOW storage:buckets:read; ALLOW storage:entities:read; ALLOW storage:system:read; ALLOW storage:metrics:read WHERE storage:dt.host_group.id STARTSWITH "my_host_group";</LI-CODE><P>&nbsp;</P><P>&nbsp;</P><P>It is not easy, but doable.</P> Thu, 08 Feb 2024 18:18:19 GMT https://community.dynatrace.com/t5/Open-Q-A/Properly-provide-access-to-New-UI-based-on-Management-Zones/m-p/236650#M30959 dannemca 2024-02-08T18:18:19Z