FAQ
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

PostMan and OAuth 2.0

Go to solution
Ellery
Helper

‎21 Nov 2023 10:09 PM - last edited on ‎22 Nov 2023 09:51 AM by Community Team

Hello, nice to ask again. I have the following issue: I need to create a new bucket to manage log retention. To do this, I followed the guide, but I'm encountering issues with OAuth 2.0 permissions. I'm searching within the Dynatrace API Swagger for the required permissions. Can you help me identify the necessary permissions?"

Ellery_0-1700604094278.png

I create the OAuth with the permissions specified by OAuth 2.0, and I generate the token from Postman. However, upon execution, I still lack the necessary permissions. What could be the issue?

Ellery_1-1700604283867.png

Furthermore, I created the precise permissions and generated another OAuth with all the storage permissions. I created tokens with both OAuths and tested them separately, but with the same result.

Ellery_2-1700604474782.png

The token is successfully created, but upon executing the query, it still complains about a lack of permissions. Am I missing any other permission?

 

 

 

Labels:
Reply
5 REPLIES 5

Go to solution
DanielS
DynaMight Guru
DynaMight Guru

‎21 Nov 2023 10:42 PM

Hello @Ellery The permission not met means that the user executing the API call needs to have the policy assigned with at least the storage:bucket-definitions permissions:

ALLOW storage:events:read;
ALLOW storage:metrics:read;
ALLOW storage:logs:read;
ALLOW storage:entities:read;
ALLOW storage:bizevents:read;
ALLOW storage:system:read;
ALLOW storage:buckets:read;
ALLOW storage:bucket-definitions:read;
ALLOW storage:bucket-definitions:write;
ALLOW storage:bucket-definitions:delete;
ALLOW storage:bucket-definitions:truncate;

 I leave you a wide policy to apply to a "Storage Admin Group" to have full control over grail buckets.

 

The true delight is in the finding out rather than in the knowing.
0 Kudos
Reply

Go to solution
DanielS
DynaMight Guru
DynaMight Guru

‎21 Nov 2023 10:52 PM

I also leave you the link to this PRO TIP.

Maybe it will be useful to you.

The true delight is in the finding out rather than in the knowing.
Reply

Go to solution
Ellery
Helper

‎22 Nov 2023 01:03 PM

First of all, thank you very much for the response, but it seems that there's something I'm doing wrong, as even though the API responds, it is not the expected result from the API.

Ellery_1-1700658189758.png

 

 

 

0 Kudos
Reply

Go to solution
DanielS
DynaMight Guru
DynaMight Guru

‎23 Nov 2023 12:23 AM

Hello @Ellery I'm going to try to help you with a very detailed guide.

1. Troubleshooting Grail IAM Permissions.

DanielS_0-1700695087937.png

At this point, if you are receiving Required permissions not met it means that the Oauth  2.0 Token is working, but you are lacking the Dynatrace identity and access management (IAM) framework permissions on the user you assign the Oauth 2.0 Token.

2. Create Grail Storage Admin Policy.

DanielS_1-1700695712062.png

  1. Open the User menu and select Account settings (in latest Dynatrace, Account Management).
    On the top navigation bar, go to Identity & access management > Policies.
  2. Select Create policy, and set a name.
  3. Write the policy statements as seen in the image. Note that for bucket management you only need the storage:bucket-definitions statements (8,9,10,11). But this policy is intended to be used by an Admin so it's a bit more permissive.
  4. Save it and you are ready with the policy.

3. Create Storage Manager Group.

DanielS_2-1700696776667.png

 

  1. Open the User menu and select Account settings (in latest Dynatrace, Account Management).
    On the top navigation bar, go to Identity & access management > Groups.
  2. Select Create group, and set a name.
  3. Under the Policies section click edit and assign the Policy Storage - Admin you created on the previous section Create Grail Storage Admin Policy.
  4. Save it and we are ready with the group and policy assignment.

4. Assign Storage Manager Group to your Grail Admin User.

DanielS_3-1700696984127.png

 

  1. Open the User menu and select Account settings (in latest Dynatrace, Account Management).
    On the top navigation bar, go to Identity & access management > People.
  2. DanielS_6-1700697149006.pngSearch for the same user to which you assign the Oauth 2.0 Token. DanielS_6-1700697149006.png
  3. Edit the user and assign the Storage Manager Group you created in the previous step Create Storage Manager Group.
  4. All set.

5. Ready to invoke the API call.

DanielS_8-1700697413508.png

  1. Go back to Postman and invoke the API call. You should now get Code 200 and a response like the image.
The true delight is in the finding out rather than in the knowing.
0 Kudos
Reply

Go to solution
DanielS
DynaMight Guru
DynaMight Guru

‎23 Nov 2023 12:31 AM

Also I've updated the guide to reflect a way to troubleshoot your problem. Because I saw other post with the problem. Thanks for your feedback.

The true delight is in the finding out rather than in the knowing.
0 Kudos
Reply
Ask a question

Featured Posts