This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
FAQ
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

How do you bind “Segments” (saved filters) to IAM/RBAC policies?

Go to solution
JonhBk201
Participant

‎15 Sep 2025 04:47 PM - last edited on ‎16 Sep 2025 09:05 AM by Community Team

We want Group A to use only Segments S1 and S2—and see only that data. They should not see or find any other Segments. Is this supported? If yes, how do we configure it (permissions/settings/API)? A short example would help.

 

Thank you in advance for your help and any concrete examples—much appreciated.

 

Labels:
0 Kudos
Reply
4 REPLIES 4

Go to solution
michiel_otten
Pro

‎15 Sep 2025 04:55 PM

Segments cannot be used in IAM policies. You should use the dt security context in your permissions. You can use this to prevent people from accessing certain data in Grail.

#Performance matter!
Reply

Go to solution
JonhBk201
Participant
In response to michiel_otten

‎15 Sep 2025 05:35 PM

Thanks. One concern: we’re in a shared environment. If we enforce dt security context for Grail, will that limit Davis’ correlation scope and risk hiding true root causes? Does Davis analyze all data and then filter by permissions, or is its analysis itself constrained by the security context? Any best-practice for shared envs?

0 Kudos
Reply

Go to solution
michiel_otten
Pro
In response to JonhBk201

‎15 Sep 2025 06:36 PM

Hi John,

Setting up IAM policies gives or remove access to metrics, traces,  logs and entities for users in a group, not Davis itself.  So root cause analysis will work. Also problem correlation will work accordingly.

The only challenge you can face is that users are not allowed to view every event or entities that is referred to in the problem (dt security context prevents this of course).

I guess for a best practice I would recommend only reduce access if absolutely needed: f.e vendor 1 cannot see information of vendor B.

 

Tip: create a group that users policy boundaries, that way you can use 1 permission to access data and bound the group to different boundaries. 

 

https://docs.dynatrace.com/docs/manage/identity-access-management/permission-management/manage-user-...

 

KR.

Michiel

#Performance matter!
Reply

Go to solution
JonhBk201
Participant
In response to michiel_otten

‎15 Sep 2025 07:08 PM

Appreciate the thorough explanation, Michiel. Knowing Davis isn’t constrained by user IAM lets us proceed confidently. We’ll minimize restrictions (mainly to separate vendors/teams), adopt policy boundaries per group to reuse the same permission set, and set expectations that some events/entities in a problem may be hidden by dt security context. Thanks again for the guidance.

 

 

Kind regards,

Jonh

 

 

0 Kudos
Reply
Ask a question

Featured Posts