08 Oct 2024 10:33 AM
Dear Team,
We have a requirement from customer where they are seeking an information to create a user having permission specifically to create management zone, Synthetics and Credential vault.
Is it possible? If yes kindly suggest how will configure it.
Thanks
Dharmender Singh
08 Oct 2024 03:44 PM
Hello Dharm,
From your list the only one I know is possible to filter is the creation of management zones, you can achieve it using:
ALLOW settings:objects:write WHERE settings:schemaId = "builtin:management-zones";
For the rest I don't think is it possible at the moment.
Hope you a good monitoring!
18 Oct 2024 02:36 PM
Hi Jaume,
How will configure this "ALLOW settings:objects:write WHERE settings:schemaId = "builtin:management-zones"; "can you please suggest?
19 Oct 2024 09:53 AM
Hello @dharm_0101
You can create a policy as per attached example and bind this policy to a user group.
So:
BR,
Peter
19 Oct 2024 10:05 AM
Dear Peter,
can you please suggest how will create the policy so that user can create management zone specifically?
BR
Dharm
18 Oct 2024 12:16 PM
Hello @dharm_0101
Regarding user permissions assignments:
On the management zone permission to be able to adjust the settings on very narrow scope the below permissions should be assigned.
Hoping it adds value.
KR,
Peter
18 Oct 2024 12:59 PM - edited 18 Oct 2024 01:01 PM
Hi @peter
Thanks for suggesting, We are not using Dynatrace managed we are using Dynatrace SaaS, so can you please suggest for Dynatrace SaaS?
How we can create a user having permission specifically to create management zone, Synthetics and Credential vault.
Thanks
19 Oct 2024 09:51 AM
Hi @dharm_0101
I know I've sent you an example to follow, the same will be applied on SaaS
In SaaS. it's better to create a policy and bind it to group.
KR,
Peter
19 Oct 2024 10:03 AM
Dear Peter,
if we give enviornment permission with change monitoring setting I believe user belongs to that group having permission to change any type of settings in Dynatrace right?
correct me if my understanding is wrong?
BR
Dharm
19 Oct 2024 02:58 PM
Hi @dharm_0101
KR,
Peter.
19 Oct 2024 03:43 PM
Dear Peter,
Thanks for suggesting!
We have created multiple management zones yet no monitored entities added on those management zones, but we are planning to import synthetics from another Dynatrace environment and add them in these multiple management zones.
If we will give environment and management zone permissions manage monitoring settings and view environment this will limit user's who belongs to this group are able to see and configure/add synthetics on these management zones only or he will have control(View and Change) over other Global or individual monitoring setting configurations for other monitoring entities?
And with these settings user's is able to create New Management zone, Synthetics and credential vaults or not? Kindly suggest?
BR
Dharm
19 Oct 2024 04:26 PM - edited 19 Oct 2024 04:30 PM
Hi @dharm_0101
Good to hear good news.
Make it simple as much as you can to facilitate the DT administration tasks:
Hoping this adds value.
BR,
Peter.