Solved: Host Group settings

Mizső · ‎13 Feb 2024

Hi Folks,

I would like bind a policy to a user group to Allow the host group level log ingest and custom log source settings. This group has only MZ level change monitoring settings (whit this they have individual settings on host level eg. log ingest, but they not have host group settings :-().

What is the problem with this policy

ALLOW settings:schemas:read WHERE settings:schemaId = "builtin:logmonitoring.log-storage-settings";
ALLOW settings:schemas:read WHERE settings:schemaId = "builtin:logmonitoring.custom-log-source-settings";
ALLOW settings:objects:read, settings:objects:write WHERE settings:entity.hostGroup = "HOST_GROUP-XXXXXXXX" AND settings:schemaId = "builtin:logmonitoring.log-storage-settings" AND settings:schemaId = "builtin:logmonitoring.custom-log-source-settings";

Thanks in advance.

Best regards,

Mizső

Dynatrace Community RockStar 2024, Certified Dynatrace Professional

dannemca · ‎13 Feb 2024

You mention they have MZ access, have you added the hostgroup (as an entity) to their MZ settings?

Site Reliability Engineer @ Kyndryl

Mizső · ‎13 Feb 2024

Yeeep. I did not konw about this possibility. I have never added host group to MZ. I am going to try it with the clinet. In this case policy will not require...it would be more simple...Thanks for the tip. 😉

Dynatrace Community RockStar 2024, Certified Dynatrace Professional