cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

API-token only for Maintenance Windows via Dynatrace API

miliseclen
Dynatrace Enthusiast
Dynatrace Enthusiast

Is there a way to give READ&WRITE permissions only to manage maintenance windows via Dynatrace API?

Currently, to use maintenance windows with API we need an API token with READ&WRITE all config permissions, which it's not convenient because people who only need to manage maintenance windows, could have access to other DT configurations.

Thank you in advance for your help.

 

3 REPLIES 3

miliseclen
Dynatrace Enthusiast
Dynatrace Enthusiast

mark_bley
Dynatrace Champion
Dynatrace Champion

Hi @miliseclen,

 

yes that should be possible.

First you would need to create a policy like following:

ALLOW settings:schemas:read, settings:objects:write WHERE settings:schemaId = "builtin:alerting.maintenance-window";

This policy you can assign to the group of users that needs to be able to modify MWs.

Using a personal access token (PTA) from an account of said user group, that token given the settings.read and setting.write permissions will be able to modify and create MWs.

 

Hope this helps!

Best,

Mark

I did not know this.  Going to test this!!!

Clarification: I setup IAM Policies, but didn't realize they use same permissions for API.  

Dynatrace Certified Professional

Featured Posts