cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Create and manage custom log buckets - Grail Dynatrace API

hallstev5
Frequent Guest

I am attempting to create custom grail buckets following the instructions from the following link

Grail data model | Dynatrace Docs

I select the Bucket Management under the definition after going to the Dynatrace API.  I create a OAuth client in account management under Identity and Access management.  For this client I selected the following scopes:  "storage:buckets:read, storage:bucket-definitions:read, storage:bucket-definitions:write, storage:bucket-definitions:delete, storage:bucket-definitions:truncate, account-env-read"

I wrote a powershell script to get the OAuth2 access token:

used:

grant_type = 'client_credentials'

client_id = <My client id from the oauth client i created"

client_secret = <from the oauth client i created"

resource = <URN from oauth client"

scope = "storage:bucket-definitions:read"

 

I got the access token and when i make the API call to get the bucket definitions (should be only the default bucket) i receive 403, required permissions not met

 

What permissions am i missing from the OAuth client to get this to work?

 

 

3 REPLIES 3

mferstl
Participant

Hi,

I have the same issue, did you already find which permissions are missing?

 

br

Michael

mferstl
Participant

did you maybe forget this step:
-> Make sure the User who is creating the Buckets via the API has the following permissions:
--> Create a Policy with the definition:
ALLOW storage:bucket-definitions:read;
ALLOW storage:bucket-definitions:write;

DanielS
DynaMight Leader
DynaMight Leader

Hello, your powershell script is missing the scope storage:bucket-definitions:write. Also I leave you this guide https://community.dynatrace.com/t5/Dynatrace-tips/PRO-TIP-Dynatrace-Grail-Storage-Management-API-Pos...

The true delight is in the finding out rather than in the knowing.