This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
- Dynatrace Community
- Dynatrace
- Ask
- Dashboarding
- documentsClient not working with admin-access
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Pin this Topic for Current User
- Printer Friendly Page
documentsClient not working with admin-access
Options
- Mark as New
- Subscribe to RSS Feed
- Permalink
21 May 2025 11:51 AM
Hello,
I am trying use the Dashboard Code option to build a panel listing all the documents in the environment.
import { documentsClient } from "@dynatrace-sdk/client-document";
export default async function () {
const data = await documentsClient.listDocuments({
pageSize: 1000,
adminAccess: true,
filter: "type == 'dashboard'"
});
return data
}I am getting the below error
{
"error": {
"code": 540,
"message": "Execution crashed.",
"details": {
"logs": "",
"type": "UNCAUGHT_EXCEPTION",
"message": "Uncaught (in promise) Forbidden: Insufficient permissions to request admin-access. errorRef: \"8eb588de-a8ff-46bd-8134-5af3c0fd76bd\"",
"details": {
"lineNumber": 3809,
"startColumn": 19,
"stack": "Forbidden: Insufficient permissions to request admin-access. errorRef: \"8eb588de-a8ff-46bd-8134-5af3c0fd76bd\"\n at DocumentsClient.listDocuments (file:///opt/sdk_modules/@dynatrace-sdk/client-document/esm/index.js:3809:19)\n at eventLoopTick (ext:core/01_core.js:175:7)\n at async default (file:///script.ts:11:16)"
}
}
}
}
I tried the same using the Swagger API to list the documents and that is working as expected.
Is there some more permission to run the code in dashboards?
Kind Regards,
Kumaravel
Dynatrace Certified Associate
Labels:
- Labels:
-
dashboards
-
dynatrace sdk
3 REPLIES 3
Options
- Mark as New
- Subscribe to RSS Feed
- Permalink
21 May 2025 11:34 PM
Hi there. I reported this issue to support a couple of months back, and the short version is that invocation of admin access is not allowed in Dashboard or Notebook code tiles. Here's the full explanation I got from support:
Hello Marco,
Based on feedback from our lab, while listing documents is read-only it exposes more information than the current user can/should see. So it is still privileged even though much less dangerous than reading content or even modifying data. As such, right now we're not planning to change the access control for this operation either.
Notebooks are primarily intended for ad-hoc analysis of ingested data, while code tiles have the flexibility to enrich/transform data from additional sources. Using it as an admin tool is, of course, not wrong, but for now, it simply has some restrictions that we impose to ensure that the primary use case works well and safely, but we're actively considering options on improving these situations.
For now, you've got two options for working with document admin operations on the API: either with an external tool and a platform token that grants your user access using this tool or via Dynatrace Workflows, which allow you to automate whatever API actions you've figured out are helping you solve your use cases.
Regarding interactive admin features - yes, we're planning to bring interactive operations that allow you to transfer ownership, change sharing and removing any dashboard/notebooks if you have the correct permission. We're working on that, and it is likely planned for the October-December timeframe.
Interactive open/preview of non-owned documents is planned in a later step.
As a workaround I ended up implementing a workflow that invokes the document client, and then building a dashboard code tile to retrieve the output from the latest workflow execution.
Reply
Options
- Mark as New
- Subscribe to RSS Feed
- Permalink
22 May 2025 07:54 AM
Hello @marco_irmer
Thanks for sharing the detailed response from support.
When the code tile is executed, it is runs using the logged in users context and if the user is allowed to perform an admin access then I expect it should work from dashboard/notebook also. Apart from the Swagger UI, I am also able to write a JS code in the tile which makes a similar API request instead of the sdk and that allows the admin-access in dashboard/notebook.
So allowing with API and blocking it from the code tile using SDK does not really ensure security.
My usecase was more to list the number of dashboards created by various users.
Dynatrace Certified Associate
Options
- Mark as New
- Subscribe to RSS Feed
- Permalink
22 May 2025 09:14 PM - edited 23 May 2025 09:39 PM
I don't necessarily disagree with you here... As things stand though, Dynatrace has decided against enabling this function.
