https://community.dynatrace.com/t5/Open-Q-A/Restrict-namespace-level-access-for-user-groups-in-SaaS/m-p/293066#M38467 <P>We have similar situation and what we did was to create a separate management zone and assign just the necessary namespaces to it. And then we created a role that has view rights over this management zone + one that has edit rights as well, to modify the settings.<BR /><BR />By doing this we now have:<BR />1 MZ that has access to the whole cluster and they see and can edit settings for all namespaces<BR />1 MZ that contains just some namespaces - with two roles - one read only and one with edin rights over settings.<BR /><BR />I hope this helps.</P> Wed, 14 Jan 2026 13:58:50 GMT Georgi_Vuldzhev 2026-01-14T13:58:50Z https://community.dynatrace.com/t5/Open-Q-A/Restrict-namespace-level-access-for-user-groups-in-SaaS/m-p/292966#M38460 <DIV class=""> <DIV class=""> <DIV class=""> <DIV class=""> <DIV class=""> <DIV class=""> <DIV class=""> <DIV class=""> <DIV class=""> <DIV class=""> <DIV class=""> <DIV class="">Hi Team,<BR />I’m working with a customer who needs to set permissions so that users can view and access details for specific namespaces within a cluster, including their services and related issues.<BR />For example:</DIV> <UL class=""> <LI><STRONG>Team 1 (User Group)</STRONG><SPAN>&nbsp;</SPAN>should only be able to see namespaces 1, 2, and 3.</LI> <LI><STRONG>Team 2</STRONG><SPAN>&nbsp;</SPAN>should only be able to see namespaces 4, 5, and 6.</LI> </UL> <DIV class="">Additionally, they do not want these teams to see each other’s namespaces or services.<BR />Is there a way to achieve this in SaaS?<BR />Regards,<BR />Vikas A goud</DIV> </DIV> </DIV> </DIV> </DIV> </DIV> </DIV> </DIV> </DIV> </DIV> </DIV> </DIV> <DIV class="">&nbsp;</DIV> <DIV class=""> <DIV class=""> <DIV class=""> <DIV class=""> <DIV class=""> <DIV class="">&nbsp;</DIV> </DIV> </DIV> </DIV> </DIV> </DIV> Thu, 15 Jan 2026 07:46:47 GMT https://community.dynatrace.com/t5/Open-Q-A/Restrict-namespace-level-access-for-user-groups-in-SaaS/m-p/292966#M38460 Vikas_g1997 2026-01-15T07:46:47Z https://community.dynatrace.com/t5/Open-Q-A/Restrict-namespace-level-access-for-user-groups-in-SaaS/m-p/293007#M38462 <P>Hi,</P><P>Have a look to <A title="Policy boundaries" href="https://docs.dynatrace.com/docs/shortlink/iam-policy-boundaries" target="_blank" rel="noopener">Policy boundaries</A>. You have namespaces examples there.</P><P>Best regards</P> Wed, 14 Jan 2026 07:53:21 GMT https://community.dynatrace.com/t5/Open-Q-A/Restrict-namespace-level-access-for-user-groups-in-SaaS/m-p/293007#M38462 AntonPineiro 2026-01-14T07:53:21Z https://community.dynatrace.com/t5/Open-Q-A/Restrict-namespace-level-access-for-user-groups-in-SaaS/m-p/293066#M38467 <P>We have similar situation and what we did was to create a separate management zone and assign just the necessary namespaces to it. And then we created a role that has view rights over this management zone + one that has edit rights as well, to modify the settings.<BR /><BR />By doing this we now have:<BR />1 MZ that has access to the whole cluster and they see and can edit settings for all namespaces<BR />1 MZ that contains just some namespaces - with two roles - one read only and one with edin rights over settings.<BR /><BR />I hope this helps.</P> Wed, 14 Jan 2026 13:58:50 GMT https://community.dynatrace.com/t5/Open-Q-A/Restrict-namespace-level-access-for-user-groups-in-SaaS/m-p/293066#M38467 Georgi_Vuldzhev 2026-01-14T13:58:50Z https://community.dynatrace.com/t5/Open-Q-A/Restrict-namespace-level-access-for-user-groups-in-SaaS/m-p/293286#M38486 <P>Hi&nbsp;<a href="https://community.dynatrace.com/t5/user/viewprofilepage/user-id/71493">@Georgi_Vuldzhev</a>&nbsp;,</P><DIV><P>Thanks for the suggestion — I was thinking along the same lines. One potential concern, however, is whether users who access the cluster might be able to see or name other namespaces. Could this become an issue?</P></DIV> Mon, 19 Jan 2026 15:36:47 GMT https://community.dynatrace.com/t5/Open-Q-A/Restrict-namespace-level-access-for-user-groups-in-SaaS/m-p/293286#M38486 Vikas_g1997 2026-01-19T15:36:47Z https://community.dynatrace.com/t5/Open-Q-A/Restrict-namespace-level-access-for-user-groups-in-SaaS/m-p/293314#M38491 <P>Hi,</P><P>Maybe <A title="this recent video" href="https://www.youtube.com/watch?v=ChgiqA63hiE" target="_blank" rel="noopener">this recent video</A> about Dynatrace IAM might be helpful.</P><P>Best regards</P> Tue, 20 Jan 2026 09:22:01 GMT https://community.dynatrace.com/t5/Open-Q-A/Restrict-namespace-level-access-for-user-groups-in-SaaS/m-p/293314#M38491 AntonPineiro 2026-01-20T09:22:01Z https://community.dynatrace.com/t5/Open-Q-A/Restrict-namespace-level-access-for-user-groups-in-SaaS/m-p/293326#M38492 <P>Hi&nbsp;<a href="https://community.dynatrace.com/t5/user/viewprofilepage/user-id/57336">@Vikas_g1997</a>&nbsp;,<BR /><BR />In our case we have separate management zones like this<BR />MZ1: Has access over the whole k8s cluster and sees all namespaces and components below them<BR />MZ2: Has access to namespaceX, namespaceY, namespace7, etc. and all resources below them<BR />MZ3: Has access to namespaceA, namespaceB, namespaceC, etc. and all esources belowe them<BR /><BR />When users access Dynatrace all of them see the k8s cluster but when they go to the k8s app they only see the namespaces they have access to. This works with the k8s classic app only as it uses MZs. If you want to use the new k8s app you would need to use Segments, I assume it would be something similar.<BR /><BR />I hope this answers your question!<BR /><BR />All the best,<BR />Georgi</P> Tue, 20 Jan 2026 12:43:37 GMT https://community.dynatrace.com/t5/Open-Q-A/Restrict-namespace-level-access-for-user-groups-in-SaaS/m-p/293326#M38492 Georgi_Vuldzhev 2026-01-20T12:43:37Z