https://community.dynatrace.com/t5/Open-Q-A/Why-would-I-consider-using-Policy-Templating/m-p/268547#M35530 <P>How does policy templating help in managing security boundaries within user groups?</P> Tue, 28 Jan 2025 09:14:30 GMT GosiaMurawska 2025-01-28T09:14:30Z https://community.dynatrace.com/t5/Open-Q-A/Why-would-I-consider-using-Policy-Templating/m-p/268547#M35530 <P>How does policy templating help in managing security boundaries within user groups?</P> Tue, 28 Jan 2025 09:14:30 GMT https://community.dynatrace.com/t5/Open-Q-A/Why-would-I-consider-using-Policy-Templating/m-p/268547#M35530 GosiaMurawska 2025-01-28T09:14:30Z https://community.dynatrace.com/t5/Open-Q-A/Why-would-I-consider-using-Policy-Templating/m-p/268548#M35531 <P><A href="https://docs.dynatrace.com/docs/manage/identity-access-management/permission-management/manage-user-permissions-policies/advanced/iam-policy-templating" target="_blank"><SPAN data-contrast="none">Policy templating</SPAN></A><SPAN data-contrast="auto"> allows for the creation of reusable policies that implement parameterized values in their WHERE condition. An example policy that uses these bind parameters could be the following</SPAN><SPAN data-ccp-props="{&quot;335559685&quot;:720}">&nbsp;</SPAN></P> <P><SPAN data-ccp-props="{&quot;335559685&quot;:720}">&nbsp;</SPAN></P> <P><SPAN data-contrast="auto">ALLOW storage:logs:read WHERE storage:dt.security_context = "${bindParam:team}";</SPAN><SPAN data-ccp-props="{&quot;335559685&quot;:720}">&nbsp;</SPAN></P> <P><SPAN data-ccp-props="{&quot;335559685&quot;:720}">&nbsp;</SPAN></P> <P><SPAN data-contrast="auto">The actual values of the bind parameter ‘team’ are set uniquely with each group-&gt;policy binding.</SPAN><SPAN data-ccp-props="{&quot;335559685&quot;:720}">&nbsp;</SPAN></P> <P><SPAN data-ccp-props="{&quot;335559685&quot;:720}">&nbsp;</SPAN></P> <P><SPAN data-contrast="auto">In conclusion, if your user groups also represent security boundaries, then one way to pass that information into the bound policies is through policy templating. Doing so also reduces the footprint of your IAM policies.</SPAN><SPAN data-ccp-props="{&quot;335559685&quot;:720}">&nbsp;</SPAN></P> Tue, 28 Jan 2025 09:15:33 GMT https://community.dynatrace.com/t5/Open-Q-A/Why-would-I-consider-using-Policy-Templating/m-p/268548#M35531 Jon2 2025-01-28T09:15:33Z https://community.dynatrace.com/t5/Open-Q-A/Why-would-I-consider-using-Policy-Templating/m-p/269011#M35583 <P>The Dynatrace IAM policy templating guide explains how to create reusable, parameterized policies to simplify permission management. Instead of writing multiple policies for different contexts, you can define a single policy with a parameter reference. Parameters are assigned during policy binding via REST API. If parameters mismatch, a 400 error is returned. Updates are allowed only if the parameter set remains unchanged. Policies can also support lists as binding parameters.&nbsp;&nbsp;<A href="https://docs.dynatrace.com/docs/manage/identity-access-management/permission-management/manage-user-permissions-policies/advanced/iam-policy-templating?_gl=1*1x9rpg*_gcl_aw*R0NMLjE3MzQ0MjkwNDQuQ2p3S0NBaUEzNFM3QmhBdEVpd0FDWnp2NGN6ajZPNG96NGNLdmVUMVFNT041LVp3M2ZUR18xUU0zTGNpR3VXaEF5WmotNUFFU042LWRCb0NsUzRRQXZEX0J3RQ..*_gcl_dc*R0NMLjE3MzQ0MjkwNDQuQ2p3S0NBaUEzNFM3QmhBdEVpd0FDWnp2NGN6ajZPNG96NGNLdmVUMVFNT041LVp3M2ZUR18xUU0zTGNpR3VXaEF5WmotNUFFU042LWRCb0NsUzRRQXZEX0J3RQ..*_gcl_au*MTYyOTc2MjU5OC4xNzM1ODE1MTk5*_ga*MTQxNDI3MjUwOC4xNzEwODUzMzY5*_ga_1MEMV02JXV*MTczODU2NDM5Ni4zMzUuMS4xNzM4NTY1ODQzLjAuMC4w" target="_blank">https://docs.dynatrace.com/docs/manage/identity-access-management/permission-management/manage-user-permissions-policies/advanced/iam-policy-templating?_gl=1*1x9rpg*_gcl_aw*R0NMLjE3MzQ0MjkwNDQuQ2p3S0NBaUEzNFM3QmhBdEVpd0FDWnp2NGN6ajZPNG96NGNLdmVUMVFNT041LVp3M2ZUR18xUU0zTGNpR3VXaEF5WmotNUFFU042LWRCb0NsUzRRQXZEX0J3RQ..*_gcl_dc*R0NMLjE3MzQ0MjkwNDQuQ2p3S0NBaUEzNFM3QmhBdEVpd0FDWnp2NGN6ajZPNG96NGNLdmVUMVFNT041LVp3M2ZUR18xUU0zTGNpR3VXaEF5WmotNUFFU042LWRCb0NsUzRRQXZEX0J3RQ..*_gcl_au*MTYyOTc2MjU5OC4xNzM1ODE1MTk5*_ga*MTQxNDI3MjUwOC4xNzEwODUzMzY5*_ga_1MEMV02JXV*MTczODU2NDM5Ni4zMzUuMS4xNzM4NTY1ODQzLjAuMC4w</A></P><P>&nbsp;</P> Mon, 03 Feb 2025 07:02:15 GMT https://community.dynatrace.com/t5/Open-Q-A/Why-would-I-consider-using-Policy-Templating/m-p/269011#M35583 Abidyaseen 2025-02-03T07:02:15Z