topic Re: Restrict metric_ingest OneAgent API access in Open Q&A https://community.dynatrace.com/t5/Open-Q-A/Restrict-metric-ingest-OneAgent-API-access/m-p/273003#M36036 <P>Hello <a href="https://community.dynatrace.com/t5/user/viewprofilepage/user-id/11931">@andre_vdveen</a> as <a href="https://community.dynatrace.com/t5/user/viewprofilepage/user-id/3364">@Julius_Loman</a> says we managed to control this using local firewalls controlled centrally. You can make a rule to permit or deny connections to your configured port.</P> Wed, 19 Mar 2025 20:20:09 GMT DanielS 2025-03-19T20:20:09Z Restrict metric_ingest OneAgent API access https://community.dynatrace.com/t5/Open-Q-A/Restrict-metric-ingest-OneAgent-API-access/m-p/273000#M36033 <P>Is there a way to restric access or usage of the&nbsp;<A title="OneAgent metric API" href="https://docs.dynatrace.com/docs/shortlink/local-api" target="_blank" rel="noopener">OneAgent metric API</A>&nbsp;so that certain users or groups cannot use it?<BR />I don't see a way to do this via RBAC or ABAC.</P> Wed, 19 Mar 2025 19:36:39 GMT https://community.dynatrace.com/t5/Open-Q-A/Restrict-metric-ingest-OneAgent-API-access/m-p/273000#M36033 andre_vdveen 2025-03-19T19:36:39Z Re: Restrict metric_ingest OneAgent API access https://community.dynatrace.com/t5/Open-Q-A/Restrict-metric-ingest-OneAgent-API-access/m-p/273001#M36034 <P>No.&nbsp; Not using Dynatrace. The endpoint is available if you enable it for local ingest. You must use other options on the host to prevent specific users from accessing it like local firewall, selinux or apparmor.</P> Wed, 19 Mar 2025 20:08:04 GMT https://community.dynatrace.com/t5/Open-Q-A/Restrict-metric-ingest-OneAgent-API-access/m-p/273001#M36034 Julius_Loman 2025-03-19T20:08:04Z Re: Restrict metric_ingest OneAgent API access https://community.dynatrace.com/t5/Open-Q-A/Restrict-metric-ingest-OneAgent-API-access/m-p/273003#M36036 <P>Hello <a href="https://community.dynatrace.com/t5/user/viewprofilepage/user-id/11931">@andre_vdveen</a> as <a href="https://community.dynatrace.com/t5/user/viewprofilepage/user-id/3364">@Julius_Loman</a> says we managed to control this using local firewalls controlled centrally. You can make a rule to permit or deny connections to your configured port.</P> Wed, 19 Mar 2025 20:20:09 GMT https://community.dynatrace.com/t5/Open-Q-A/Restrict-metric-ingest-OneAgent-API-access/m-p/273003#M36036 DanielS 2025-03-19T20:20:09Z