This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
FAQ
Open Q&A
If there's no good subforum for your question - ask it here!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Restrict namespace-level access for user groups in SaaS

Go to solution
Vikas_g1997
Dynatrace Organizer
Dynatrace Organizer

‎13 Jan 2026 07:56 PM - last edited on ‎15 Jan 2026 07:46 AM by Community Team

Hi Team,
I’m working with a customer who needs to set permissions so that users can view and access details for specific namespaces within a cluster, including their services and related issues.
For example:
  • Team 1 (User Group) should only be able to see namespaces 1, 2, and 3.
  • Team 2 should only be able to see namespaces 4, 5, and 6.
Additionally, they do not want these teams to see each other’s namespaces or services.
Is there a way to achieve this in SaaS?
Regards,
Vikas A goud
 
 
0 Kudos
Reply
5 REPLIES 5

Go to solution
AntonPineiro
DynaMight Guru
DynaMight Guru

‎14 Jan 2026 07:53 AM

Hi,

Have a look to Policy boundaries. You have namespaces examples there.

Best regards

❤️ Emacs ❤️ Vim ❤️ Bash ❤️ Perl
Reply

Go to solution
Georgi_Vuldzhev
Helper

‎14 Jan 2026 12:57 PM - edited ‎14 Jan 2026 01:58 PM

We have similar situation and what we did was to create a separate management zone and assign just the necessary namespaces to it. And then we created a role that has view rights over this management zone + one that has edit rights as well, to modify the settings.

By doing this we now have:
1 MZ that has access to the whole cluster and they see and can edit settings for all namespaces
1 MZ that contains just some namespaces - with two roles - one read only and one with edin rights over settings.

I hope this helps.

Dynatrace Associate | Monitoring Engineer | Product Owner - Observability
0 Kudos
Reply

Go to solution
Vikas_g1997
Dynatrace Organizer
Dynatrace Organizer
In response to Georgi_Vuldzhev

‎19 Jan 2026 03:36 PM

Hi @Georgi_Vuldzhev ,

Thanks for the suggestion — I was thinking along the same lines. One potential concern, however, is whether users who access the cluster might be able to see or name other namespaces. Could this become an issue?

0 Kudos
Reply

Go to solution
Georgi_Vuldzhev
Helper
In response to Vikas_g1997

‎20 Jan 2026 12:43 PM

Hi @Vikas_g1997 ,

In our case we have separate management zones like this
MZ1: Has access over the whole k8s cluster and sees all namespaces and components below them
MZ2: Has access to namespaceX, namespaceY, namespace7, etc. and all resources below them
MZ3: Has access to namespaceA, namespaceB, namespaceC, etc. and all esources belowe them

When users access Dynatrace all of them see the k8s cluster but when they go to the k8s app they only see the namespaces they have access to. This works with the k8s classic app only as it uses MZs. If you want to use the new k8s app you would need to use Segments, I assume it would be something similar.

I hope this answers your question!

All the best,
Georgi

Dynatrace Associate | Monitoring Engineer | Product Owner - Observability
0 Kudos
Reply

Go to solution
AntonPineiro
DynaMight Guru
DynaMight Guru

‎20 Jan 2026 09:22 AM

Hi,

Maybe this recent video about Dynatrace IAM might be helpful.

Best regards

❤️ Emacs ❤️ Vim ❤️ Bash ❤️ Perl
0 Kudos
Reply
Ask a question

Featured Posts