cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Accessing Host Settings Results in 403 for Read-Only Mode

shakib
Contributor

I want to create a role where my users can see settings by they cannot edit them (Read Only for Settings).

 

When I go to Policies for a group via Identity Management --> Group Management Group--> Policies --> and I add Settings Reader and bind it, this does indeed give a user Read Only access to Global Settings. Note that the Settings Reader policy referenced here is the default one within Dynatrace. 

 

However, when I go to the Host Settings (load up any host then go to settings for that host), that host settings page loads for 1 second and then immediately jumps to a 403 error page. Refreshing it just re-loads the 403 error page. I have no trouble viewing host settings normally for any other role, it's only for this instance.  

 

This 403 error ONLY shows up for Host Settings. I am able to go to settings in Read Only mode for Processes/Services/whatever else, but NOT host settings. I have had a support ticket open with Dynatrace for a while and I'm getting nowhere, I'm even getting the feeling that I'm the 1st person in history to have tried this (which I refuse to believe). 

 

I have also tried this:

 

Create and bind a custom policy that specifies the exact schema ID's of the various pages in host settings (as different pages have different schemaID's). 

Example: ALLOW settings:objects:read, settings:schemas:read WHERE settings:schemaId = " builtin:host.monitoring ";

 

Bind the custom policy above AND the default policy of Settings Reader to the specific group/user I am testing. 

6 REPLIES 6

techean
Dynatrace Champion
Dynatrace Champion

The support team should accept this as bug behavior and work on the fix because to be best of my knowledge it should work similarly as its working for service settings.

KG

andre_f
Dynatrace Advisor
Dynatrace Advisor

Can you maybe share a screenshot of the 403 page?

andre_f
Dynatrace Advisor
Dynatrace Advisor

I tested it on my tenant and it worked. But my tenant is probably already one version ahead.

shakib_0-1660073396066.png

Sorry, I'm just now seeing your replies. Here is the error of the page. 
What permissions are you assigning to your user/group? Are you using the default Settings Reader policy? Are you using the default groups that exist or did you create a new one? 

andre_f
Dynatrace Advisor
Dynatrace Advisor

Hi @shakib 

I tested it on my SaaS tenant (version 1.248) with these settings:

andre_f_0-1660122742877.png

This worked without any problems.

 

Because everything worked I tested the same again with a SaaS tenant version 1.247. Here I had the same problem as you described (also 403 when accessing host settings).
It looks like the problem is fixed with version 1.248. However, I'll check again with my colleagues and get back to you here again as soon as possible.

shakib
Contributor

Awesome, thank you, @andre_f, that is exactly what I am experiencing. I'm still on 1.247 and so I'll wait until I have 1.248 to test it again.