cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Settings 2.0 - Policy to set key user actions

PedroDeodato
DynaMight Mentor
DynaMight Mentor

I was trying to create a policy so that I can give a user the permission to set Key User Actions, without giving them permissions to Edit the whole application, nor giving them access to the Environment's whole Settings page (i.e., I do not want to put them in the Monitoring Admin user group).

This user just needs to be able to set a User Action as key (and remove it from key, afterwards, if needed).

 

I notice that something similar can be done at the Services level: one can be given the permission to Write on the "Key Requests" list, and so set requests as Key...

As sugested on the "Key Requests" settings page on a given service:

PedroDeodato_0-1692012385509.png

The policy should look something like:

ALLOW settings:objects:read, settings:objects:write, settings:schemas:read
WHERE settings:schemaId = "builtin:settings.subscriptions.service";

 

Is something similar available to Key User Actions?
I know that this sort of page does not exist at the Application level, but I was wondering if the permission to set a User Action as Key (which does not require access to any settings page, just the button on the User Action page) could be granted via any existing policy?

Best regards, Pedro Deodato
8 REPLIES 8

Julius_Loman
DynaMight Legend
DynaMight Legend

Afaik there is no such schema you can use for key user action (at this time).

Certified Dynatrace Master | Alanata a.s., Slovakia, Dynatrace Master Partner

Thanks, @Julius_Loman !
I've searched and searched, so I assume that as well... I'll probably post it as a Product Idea 🙂

Best regards, Pedro Deodato

If there is no schema for it, then you can't use the settings API to modify it. Such schema is not listed in the docs, you can check the settings API to fetch a current schema list - maybe there is already something not yet listed in the docs.

Certified Dynatrace Master | Alanata a.s., Slovakia, Dynatrace Master Partner

Yep, that was what we did and found nothing to address our issue...

In the process, besides this one case, we found other interesting settings that have no schema for them... maybe we'll gather a list to post as Ideas, because such cases with the need for more granular permissions keep arising here and there: and, as you said, without schemas, there's nothing we can do about it 😞

Best regards, Pedro Deodato

I have documented everything that I can think of in a spreadsheet for Schema 1.0, 2.0 and no schema.

Here is link on no schema:

https://community.dynatrace.com/t5/Open-Q-A/Settings-1-0-2-0-and-some-settings-are-on-neither/m-p/23...

 

Dynatrace Certified Professional

@Kenny_Gillette You have done a super job! It seems to be all there.

Have a nice day!

DanielS
DynaMight Leader
DynaMight Leader

Hi @PedroDeodato Same issue here, only role to access the button is change monitoring settings at least under Management Zone permissions, not doable via policy.

The true delight is in the finding out rather than in the knowing.

Yes, I've faced the same issue but with extensions configurations 

https://www.dynatrace.com/support/help/shortlink/iam-policystatements#extensions-configurations-writ...

 

Certified Dynatrace Professional | Certified Dynatrace Services Delivery - Observability & CloudOps | Dynatrace Partner - yourcompass.ca

Featured Posts