Showing results for 
Show  only  | Search instead for 
Did you mean: 

IAM Policy to allow non-DynatraceAdmins to maintain their own custom service detection rules



In our environment (single environment, multi-tenant), user access is "governed" by Management Zone/rules. 

One of the challenges in administering Dynatrace in the single environment/multi-tenant setup is the inability to enable developers/application teams to maintain their own monitoring settings in a secure/safe manner.

A few changes/features have been added since we started our journey with Dynatrace almost 3 years ago. 

Does anyone know any trick/insight to allow read/write of custom service detection rules by Management Zone (MZ). The specific object is not configurable by MZ. I'm asking if anything could be done.  Trying to do the same via API runs into the same issue since token access can't be scoped to MZ (RFE has been out there from 2+ years ago).



DynaMight Legend
DynaMight Legend

Have you tried to leverage the Policy Schemas for this? You can grant granular access even at the Management Zone level to allow or deny permissions to read or write certain constructs. 


DynaMight Legend
DynaMight Legend

@ChadTurner  this is not possible. Schemas such as builtin:service-detection.full-web-request have only environment scope and are global. 

Certified Dynatrace Master | Alanata a.s., Slovakia, Dynatrace Master Partner

@Julius_Loman it is, but it isn't. Access can be granted by the user being a user with access to your given MZ in which has a Schema applied that allows the ability to create service detection at the global level. 


Featured Posts