cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

RBAC to ABAC migration helper scripts: Notebook and PowerShell

Jon2
Dynatrace Advocate
Dynatrace Advocate

The attached Zip file contains two scripts that are provided 'as is' to help Administrators planning on migrating their Dynatrace role-based permissions to attribute-based ones in order to leverage the IAM policies.

One script comes in the form of a Notebook export, which you can import and execute in your Dynatrace. The other is a PowerShell script which you can run from any machine with PowerShell installed and access to the Internet.

Both script serve the same purpose; they generate a list of RBAC permissions you have currently assigned to your groups. For each discoveredRBAC permission they also recommend potential replacement with permissions defined within policies.

Scripts connect to your Dynatrace using your provided OAuth token and generate  current RBAC role assignments within your Dynatrace.

Pre-Reqs:

  • Generate an OAuth Client within Account Management -> Identity and access management -> OAuth clients) with following permissions:
    • "View users and groups" = account-idm-read
    • "View and manage policies" = iam-policies-management, iam:policies:write, iam:policies:read, iam:bindings:write, iam:bindings:read, iam:effective-permissions:read
    • "View environments" = account-env-read, which allows reading ClientID and Secret from a credential
0 REPLIES 0

Featured Posts