This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
FAQ
Dashboarding
Dynatrace dashboards, notebooks, and data explorer explained.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

DQL available for viewing and modifying in Dashboards Tiles with viewer role

luisbsantos
Frequent Guest

‎15 Jun 2026 07:19 PM

I am working on some Dashboards that will be shared with other teams. My current solution, after trying to give the least possible available permissions, still lets anyone not only see but also modify and run DQL queries however they want - they just can't save the dashboard afterwards.

So a user with the least possible permissions (viewer only) can go to a simple dashboard, modify the DQL to something as simple as "fetch events" and have access to all the events within the timeframe. Or any other DQL query.

I tried restricting the accessm through exploring the Users/Groups Policies and also the Boundaries, but the only working solutions I got still let me run DQL queries with my test user. 

Does anyone know how can I disable/block this behaviour? 

Labels:
0 Kudos
Reply
2 REPLIES 2

p_devulapalli
Leader

‎16 Jun 2026 02:11 AM

@luisbsantos If you are giving access to a dashboard for a user , you may not be able to block that user from running queries based on the way permissions work in Dynatrace at this point of time.  When a user tries to access a dashboard the system would need to execute a DQL query in the backend to fetch the data based on the user permissions. So, we may not be able to allow dashboard access while explicitly preventing DQL execution.

If the concern is about unauthorized data access you can try limiting the access to data with policies instead 

Phani Devulapalli
Reply

luisbsantos
Frequent Guest

‎16 Jun 2026 12:08 PM

@p_devulapalli thank you for your response!

I obviously want the Dashboard to execute DQL - I need to display data with it so the clients can actually observe their systems. What I am very uncomfortable allowing is in any user being able to see and execute DQL queries after the initial DQL queries are displayed. 

I've been reading the Dynatrace documentation but couldn't solve the unauthorized data access problem with policies, but I'm still on this (specially around the IAM policy reference - link here) Do you have any suggestion that might be useful?

0 Kudos
Reply
Ask a question

Featured Posts