cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

User Permission resolution for conflicting roles

john_rath
Dynatrace Guide
Dynatrace Guide

When assigning a user roles, specifically from a directory lookup, an admin may not have any control over which roles/groups are added and in which order. A question came up regarding this recently and I'm hoping someone has an idea on how this functionality is resolved in Dynatrace.

If a user is assigned permissions from a role A and role B, and these defined roles have conflicting permissions - i.e., role A is read/write access to a profile, while role B is simply read - is there a precedence in which these conflicts are resolved? I have heard this was based on which permission was 'found' first by Dynatrace and that it is not an 'add' system.

Any insight into how Dynatrace manages conflicts such as these would be very helpful. Thanks.

4 REPLIES 4

brett_b2
Inactive


Hey John,


Thanks for asking. I also had a similar question but nobody responded to it.

Hey Brett,

Didn't see it during my original search, sorry for the repeat. Let's hope someone gets to one of these.

No problem on the repeat. Just hoping for clarity 🙂

Hi John,
Roles in Dynatrace are additive - that is, a user gets permissions allowed in any role to which the user belongs.


Example:
role A has the permission to analyze visits (but no permission to analyze method calls)
role B has the permission to analyze method calls (but no permission to analyze visits)
a user with both roles has the permission to analyze visits and to analyze method calls.