Dynatrace is near perfection, but has one fatal flaw - Lack of granular permissions
A quick search of the community forum shows just how far back this request for granular permissions within Dynatrace goes and the hole is deep. The community has provided questions and RFE after RFE on this topic and in return we have seen very little from Dynatrace in response through bringing such features forward and / or communicating any updates or what we might expect in terms of timing around this.
The big 3 questions that at least I feel need and deserve to be answered directly by Dynatrace are:
Dynatrace is by far the best APM software on the market and what it does, it excels at and leaves all other competition striving to follow Dynatrace's lead.
However, this is a critical lack of features that should be considered a basic requirement for any enterprise ready tool and the silence on this topic is becoming deafening. I am confident that this problem is well known and that it has been acknowledged internally at Dynatrace but that is where the information to date starts and stops.
This is a request for Dynatrace leadership to please provide answers to these longer overdue open questions. Reference RFE.
Solved! Go to Solution.
First off, thanks for the (mostly :)) kind words regarding the state of the product! I do understand your concerns regarding permissions and settings and I am aware that there has been little proactive communication on the topic yet.
Let me stick to your questions to explain the current situation:
Where is this on the priority list for Dynatrace?
The topic does have a high priority for us. High enough to occupy multiple teams full time at the moment to develop the infrastructure to realize the requirements this area has.
What features can we expect around providing granular enterprise permission settings? /
What is the timeframe for such features?
The first planned stage will allow users to manage a small set of notification-related settings based on management groups. This means if you have "modify settings" permission in a management zone you also are able to modify the notification settings for that management zone. Planned to be released in early Q4 2020.
In the second stage we plan to split the single, currently existing permission into a much more fine-grained structure. This will effectively allow you to define the access of a user/group to an individual settings page which will affect both UI and REST API. This step also brings the benefit of a consistent UI workflow for settings and REST APIs for both permissions and settings. We're targeting Q1 2021 with this step.
The next planned stage will improve how entities are grouped and settings are applied to these groups. Rules will be definable which map entities into distinct scopes of ownership. These scopes serve two main purposes: To define settings for the contained entities and to be the target of permissions to define who may modify these settings. There is no defined target date for this step yet.
I hope this helps!
Thank you @Michael K. ! This detailed information is of huge value! I very much appreciate you taking to time to provide it. It also sounds like it is all heading down the exact direction needed. When and if Dynatrace would like assistance via a customer to test at any point, please feel free to reach out to me. I would be very happy to help.
I think anyone who has ever met me knows just how much I love the Dynatrace product :-))
Thank you again! This is all great news!
Are we going to have available some granular permission that let us the opportunity of having the following one:
1.- First group can only modify settings related to applications connected to a management zone
2.- Second group can only modify settings related to services, processes and infraestructure.
Can it be possible? We will need it.
I was really hoping and thinking that this for sure would be talked about during PERFORM 2021, but there was no mention of it. I did ask in a few of the rooms and was told they would get back with me which never happened. Can we get an update on where this is at and when it might be expected? Settings are still an all or nothing approach.
apologies for the delays here and thank you and everybody else watching this thread for your patience!
We had so many great announcements for Perform that some news of settings improvements had to take a back seat. This doesn't mean that there is nothing to show; let me sum it up in short:
The mentioned notification-related settings, unfortunately, slipped into the end of Q1 but we are on schedule to be released in Q1.
A closed preview program granular permission management is also launching at the end of Q1. Its focus will be on the management of permissions because it will not yet be applicable to many settings - this will be expanded in the following time.
Please stay tuned for more in-depth updates on these topics in the blog.
Yes - SLO configuration is already available in the new settings framework. Granting access to the SLO settings screen individually will be possible once the permission policy system is released.
Hi @AlanZ , I also want to strongly recommend to have a look at configuring Dynatrace via files in repositories - the Configuration-as-Code or GitOps approach. We have an open-sourced solution for that ready to do the scale-out and developer enablement of Dynatrace configuration this way, as you just have configs in repos with fine-grained edit permissions there (and if needed, approval workflows there).
Please see GitHub - dynatrace-oss/dynatrace-monitoring-as-code: This tool automates deployment of Dynatrace Mon...
Hi, oh no - sorry for any confusion. Everything said before is still correct.
On UIs of the new settings framework it will be possible to define more fine grained permission policies. SLOs are already implemented with the new settings framework. Other settings will follow into the new framework. The policy management is at works to be ready soon.