04 Aug 2022 08:39 AM - last edited on 28 Sep 2022 02:22 AM by MaciejNeumann
I want to create a role where my users can see settings by they cannot edit them (Read Only for Settings).
When I go to Policies for a group via Identity Management --> Group Management Group--> Policies --> and I add Settings Reader and bind it, this does indeed give a user Read Only access to Global Settings. Note that the Settings Reader policy referenced here is the default one within Dynatrace.
However, when I go to the Host Settings (load up any host then go to settings for that host), that host settings page loads for 1 second and then immediately jumps to a 403 error page. Refreshing it just re-loads the 403 error page. I have no trouble viewing host settings normally for any other role, it's only for this instance.
This 403 error ONLY shows up for Host Settings. I am able to go to settings in Read Only mode for Processes/Services/whatever else, but NOT host settings. I have had a support ticket open with Dynatrace for a while and I'm getting nowhere, I'm even getting the feeling that I'm the 1st person in history to have tried this (which I refuse to believe).
I have also tried this:
Create and bind a custom policy that specifies the exact schema ID's of the various pages in host settings (as different pages have different schemaID's).
Example: ALLOW settings:objects:read, settings:schemas:read WHERE settings:schemaId = " builtin:host.monitoring ";
Bind the custom policy above AND the default policy of Settings Reader to the specific group/user I am testing.
Solved! Go to Solution.
The support team should accept this as bug behavior and work on the fix because to be best of my knowledge it should work similarly as its working for service settings.
Can you maybe share a screenshot of the 403 page?
I tested it on my tenant and it worked. But my tenant is probably already one version ahead.
Sorry, I'm just now seeing your replies. Here is the error of the page.
What permissions are you assigning to your user/group? Are you using the default Settings Reader policy? Are you using the default groups that exist or did you create a new one?
I tested it on my SaaS tenant (version 1.248) with these settings:
This worked without any problems.
Because everything worked I tested the same again with a SaaS tenant version 1.247. Here I had the same problem as you described (also 403 when accessing host settings).
It looks like the problem is fixed with version 1.248. However, I'll check again with my colleagues and get back to you here again as soon as possible.