I want to create a role where my users can see settings by they cannot edit them (Read Only for Settings).
When I go to Policies for a group via Identity Management --> Group Management Group--> Policies --> and I add Settings Reader and bind it, this does indeed give a user Read Only access to Global Settings. Note that the Settings Reader policy referenced here is the default one within Dynatrace.
However, when I go to the Host Settings (load up any host then go to settings for that host), that host settings page loads for 1 second and then immediately jumps to a 403 error page. Refreshing it just re-loads the 403 error page. I have no trouble viewing host settings normally for any other role, it's only for this instance.
This 403 error ONLY shows up for Host Settings. I am able to go to settings in Read Only mode for Processes/Services/whatever else, but NOT host settings. I have had a support ticket open with Dynatrace for a while and I'm getting nowhere, I'm even getting the feeling that I'm the 1st person in history to have tried this (which I refuse to believe).
I have also tried this:
Create and bind a custom policy that specifies the exact schema ID's of the various pages in host settings (as different pages have different schemaID's).
Example: ALLOW settings:objects:read, settings:schemas:read WHERE settings:schemaId = " builtin:host.monitoring ";
Bind the custom policy above AND the default policy of Settings Reader to the specific group/user I am testing.
Solved! Go to Solution.
I tested it on my SaaS tenant (version 1.248) with these settings:
This worked without any problems.
Because everything worked I tested the same again with a SaaS tenant version 1.247. Here I had the same problem as you described (also 403 when accessing host settings).
It looks like the problem is fixed with version 1.248. However, I'll check again with my colleagues and get back to you here again as soon as possible.