This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
FAQ
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Problem with policies

Go to solution
gustavodutra
Advisor

‎14 May 2025 10:43 PM - last edited on ‎15 May 2025 07:57 AM by Community Team

Hi everyone,

How are you?

I received a request where users from another company want access to the Dynatrace configurations in clusters for which they are not responsible for the development.

In order not to expose all my configurations and permissions, I created rules based on schemaId and schemaGroup for a group and assigned them to the users.

However, I'm facing an issue with the Kubernetes visualization (new version). In Kubernetes Classic it works perfectly, but in the new version of Kubernetes, they are unable to view their clusters, namespaces, workloads, nodes, pods, etc. It only works in the Classic version.

I found that when I specify this rule inside the policies:

ALLOW storage:entities:read;

 

They are able to see the clusters, namespaces, etc., but they are seeing all the clusters in the environment.

Is there a way to define this rule only for the cluster they are responsible for and hide mine?

Labels:
0 Kudos
Reply
3 REPLIES 3

Go to solution
gustavodutra
Advisor

‎14 May 2025 10:43 PM

gustavodutra_0-1747259023478.png

 

0 Kudos
Reply

Go to solution
gustavodutra
Advisor

‎14 May 2025 10:47 PM

gustavodutra_1-1747259216263.png

It works like that without the mentioned rule, but once the rule is included, they can see everything.

 

0 Kudos
Reply

Go to solution
Julius_Loman
DynaMight Legend
DynaMight Legend

‎16 May 2025 07:46 AM

You need to set the boundaries for permission. You can do that either by creating a boundary and using it with the policy when you create a permission, or you can do it directly in the permission by specifying the security context.

Certified Dynatrace Master | Alanata a.s., Slovakia, Dynatrace Master Partner
Reply
Ask a question

Featured Posts