Hello @mmevanson!

I believe the reason is that Admin User is not intended to be a true “god mode” permission set. It gives very broad administrative access, but Dynatrace still keeps some high-impact capabilities separate, especially when they can affect data storage, retention, or governance.

Bucket creation is a good example of that. Managing Grail buckets is more than just another admin action in the UI. It influences where data is stored and how it is retained, so Dynatrace treats it as a separate area that must be granted intentionally, instead of being included automatically in the Admin User policy.

From that perspective, the current model seems to be built around avoiding accidental over-permissioning. Someone may need to administer users, settings, or parts of the platform without necessarily being allowed to manage storage-level resources.

That said, I completely understand the frustration. The name “Admin User” naturally gives the impression that it should cover everything, so finding out that it does not include something as fundamental as creating a bucket feels unexpected.

I also think your request is reasonable. It would be helpful to have a separate, clearly named full-access administrator policy that Dynatrace maintains automatically as new permissions are introduced. To keep it safe, assigning that kind of “god mode” role could require an extra confirmation step, for example:

“This grants unrestricted access across the platform. Are you sure you want to assign it?”

That would keep the current safer Admin User model, while still giving customers a clear and deliberate way to grant truly complete administrative access when needed. I haven’t checked the Product Ideas section to see whether something similar has already been submitted, but it would definitely be worth taking a look there and adding your support if one already exists.

I hope it helps you 😄