Solved: Dynatrace IAM: Limit Access to Dashboard App Only

Irdina · ‎29 May 2025

Hello,

I’m new to Dynatrace and currently exploring Dynatrace IAM. I’d like to know if it’s possible to create a policy that allows a specific group to access only the Dashboard app and view dashboards, without any permissions to perform other actions.

I tried creating a policy with the permissions shown in the attached image (excluding permissions that involve more than read/view), but that led users to not even have access to the environment. To resolve that, I added the permission 'ALLOW environment:roles:viewer', but that ended up giving the users more than just read/view-only access.

How can I achieve the desired read-only access to dashboards without granting broader permissions?
Your help would be greatly appreciated!

Thank you!

p_devulapalli · ‎04 Jun 2025

@Irdina You can add additional restrictions by locking down by app-id for dashboards

https://docs.dynatrace.com/docs/shortlink/iam-policystatements#app-engine-apps-run

ALLOW app-engine:apps:run WHERE shared:app-id = "dynatrace.dashboards";

Phani Devulapalli

Irdina · ‎04 Jun 2025

Hye @p_devulapalli ,
Thank you for your assistance. I tried your suggested solution and further refined access by replacing 'ALLOW environment:roles:viewer' with 'ALLOW environment:roles:logviewer' to enhance restrictions. This adjustment worked as intended.🙏