Solved: Re: Forbidden Access to Query Internal Data

kwangxi · ‎12 Apr 2023

Hi,

I was trying to access Dynatrace's internal data via Notebook. However, I came across HTTP 403 - Forbidden. I was curious about the root cause behind it as we did not do anything on our end and were still able to access it yesterday.

Philipp_Kastner · ‎12 Apr 2023

Hi @kwangxi

Thanks for the feedback. Could you share the query you tried to execute?

Kind regards, Philipp

kwangxi · ‎12 Apr 2023

Hi Philipp,

Some are affected, some are not.

Working fine: fetch logs
Not working fine such as fetch dt.entity.host and my custom query:

fetch dt.entity.host, timeframe:"2023-03-01T00:00:00Z/2023-04-05T12:00:00Z"
|fieldsAdd osVersion, cpuCores, memory = (memoryTotal/1000/1000000), ipAddress, monitoringMode
|lookup [fetch dt.entity.process_group_instance |fieldsAdd softwareTechnologies, tags |filterOut contains (entityName, "OneAgent") OR contains (entityName, "Linux") OR contains (entityName, "sshd") OR contains (entityName, "Short-live") OR contains (entityName, "master") ], sourceField:tags, lookupField:tags

Philipp_Kastner · ‎13 Apr 2023

Thanks, @kwangxi for following up. I believe you're missing the permission to read entity data.
You need the

storage:entities:read

permission to execute the query mentioned above.

There were some recent changes to the permission model in the scope of the preview, I'll email you a document on this with further details.

Kind regards, Philipp

yuesong_teh · ‎13 Apr 2023

Hi @Philipp_Kastner

Wondering if we can refer to any release note whenever there is change to permission model?
For the benefit where in future we can refer and update our policy statements if necessary?

Thanks.
Regards,
Teh

Forbidden access to query internal Dynatrace data