This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
FAQ
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Looking to upgrade from Dynatrace Managed to SaaS? See how

Control Tagging via IAM policy

GilesDay
Advisor

‎01 Apr 2025 03:08 PM - last edited on ‎02 Apr 2025 07:46 AM by Community Team

Has anyone looked into how to give a RO user access to create/edit tags?  (ie Access Environment only with policy bound.

We have a very controlled environment with limited users who have change monitoring settings. We're looking to give out more permissions, starting with adding/updating tags to Synthetics. Ideally we could limit this to certain tags as well so that users don't mess up management zone/event management tags, but could change a MaintenanceWindow Tag. to On or Off.

Why do App Developers have high insurance rates? (gnihsarc peek yehT)
0 Kudos
Reply
2 REPLIES 2

jason_gs
Dynatrace Contributor
Dynatrace Contributor

‎03 Apr 2025 08:33 PM

you maybe able to to control access to Settings->Tags via a schema + policy, but not sub-group of Tags from the list within. 

Reply

DanielS
DynaMight Guru
DynaMight Guru

‎03 Apr 2025 11:28 PM

Yes @GilesDay what you can do is to create a policy like the following one:

ALLOW settings:objects:read, settings:objects:write, settings:schemas:read WHERE settings:schemaId IN ("builtin:tags.auto-tagging", "builtin:tags.manual-tagging", "builtin:alerting.maintenance-window");

 as @jason_gs already told you, you can't control sub-groups of tags.

Dynatrace Certified Professional @ www.dosbyte.com
Reply
Ask a question

Featured Posts