cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Users Need for Settings Permissions to Close a problem now!?

ChadTurner
DynaMight Legend
DynaMight Legend

Can we talk about the elephant in the room.... with the latest cluster update to 1.263.115.20230329-073241 users will find that they can no longer close out problems unless they have full 'Change Monitoring Settings' on the given environment. 

Users will get the illusion that they indeed can close out a problem but will be confronted with an error once they close it. 

ChadTurner_0-1680184087197.png

 

ChadTurner_2-1680184217454.png

you can read the relapse notes here: https://www.dynatrace.com/support/help/shortlink/release-notes-saas-sprint-263#restriction-of-writin... 

I am in the process of seeing if there is a policy schema(s) that will allow us to grant 'change monitoring settings' but remove what the user can edit/have access to. 

I understand the need to prevent or hold users accountable for closing out problems, but why cant we have a blocker set in the settings, much like we limit the images and presets of dashboards for our basic users? And from an auditing standpoint, if you do close out a problem manually it is recorded, maybe remove the delete capability. 

ChadTurner_3-1680184481107.png

 

 

-Chad
21 REPLIES 21

DanielS
DynaMight Guru
DynaMight Guru

Agree @ChadTurner , I have lots of user claiming for this!!! A great headache for me!!!!

The true delight is in the finding out rather than in the knowing.

so there are a few potential solutions: 

Solution 1 – Posting Closure API via Web UI

Pros:

Users would be able to access a UI Web front that will allow them to post the closure comments along with the problem ID and trigger the closure of the ticket.

No additional access is granted to the user.

No change in account permissions needed.

 

Cons:

UI Web front would need to be built.

Tokens would need to be formulated.

 

Solution 2 – Granting Environment Wide Change Monitoring Settings Access

Pros:

Quick/Easy change.

Tickets closed form Dynatrace UI.

 

Cons:

Users will get Admin level permissions.

Ability to trigger upgrades, change monitoring settings, levels etc.. which will directly impact licensing.

 

Solution 3 - Granting Management Zone Change Monitoring Settings Access

Pros:

Allows us to provide the ability to close tickets via the UI.

Reduces the amount of admin permissions seen.

Can strip out permissions via Policy Schemas to lock down “Admin Level’ functionality.

 

Cons:

A New MZ is needed for teams.

Policy Schemas will need to be built and tested.

Run the Risk of Dynatrace Upgrades granting more access, leaving Administrators unaware of this new access.

Users might still have the ability to edit monitored entity settings such as trigger upgrades, change anomaly detection settings etc…

-Chad

Hi @ChadTurner I'm trying number 3 because I read the manage-settings environment role and discard it. I didn't see any valid scheme for escalating permissions.

The true delight is in the finding out rather than in the knowing.

Honestly, it should be an option in the setting for each individual tenant, just liek we have options for Dashboards: 

ChadTurner_0-1680202661558.png

 

-Chad

yes sir!

Dynatrace Certified Professional

I can confirm that with manage-settings for a MZ this works.

The true delight is in the finding out rather than in the knowing.

Kenny_Gillette
DynaMight Leader
DynaMight Leader

Where did this come from?  Did they ask the community if this should be implemented?  I am guessing this was a RFE

 

Solution 4:

Dynatrace roll this change back and allow users to close problem cards.

Dynatrace Certified Professional

I have an entire call center claiming for this, a schema would be great as Solution 5.

The true delight is in the finding out rather than in the knowing.

ChadTurner
DynaMight Legend
DynaMight Legend

I'm working on a set of Policy Schemas to grant the access but deny everything else. If someone beats me to it please share 😛

-Chad

The following Schema Set will remove the Settings option from the Menu for the environment: 

DENY settings:objects:read, settings:schemas:read WHERE settings:schemaId = "builtin:alerting.maintenance-window";
DENY settings:objects:read, settings:schemas:read WHERE settings:schemaId = "builtin:monitoring.slo";
DENY settings:objects:read, settings:schemas:read WHERE settings:schemaId = "builtin:anomaly-detection.metric-events";
DENY settings:objects:read, settings:schemas:read WHERE settings:schemaId = "builtin:alerting.profile";
DENY settings:objects:read, settings:schemas:read WHERE settings:schemaId = "builtin:problem.notifications";

 

RESULTS:

ChadTurner_0-1680203641245.png

Working on the monitored entity settings now

-Chad

DanielS
DynaMight Guru
DynaMight Guru

I created an admin NOT admin policy for people who need to close problems but need to restrict their role to the highest level. You must create two policies because only 100 lines per policy are allowed.

Admin NO Admin 1

DENY settings:objects:read, settings:objects:write, settings:schemas:read WHERE settings:schemaId = "builtin:metric.metadata";
DENY settings:objects:read, settings:objects:write, settings:schemas:read WHERE settings:schemaId = "builtin:synthetic.http.assigned-applications";
DENY settings:objects:read, settings:objects:write, settings:schemas:read WHERE settings:schemaId = "builtin:rum.web.custom-errors";
DENY settings:objects:read, settings:objects:write, settings:schemas:read WHERE settings:schemaId = "builtin:activegate-token";
DENY settings:objects:read, settings:objects:write, settings:schemas:read WHERE settings:schemaId = "builtin:rum.web.rum-javascript-updates";
DENY settings:objects:read, settings:objects:write, settings:schemas:read WHERE settings:schemaId = "builtin:service-detection.full-web-request";
DENY settings:objects:read, settings:objects:write, settings:schemas:read WHERE settings:schemaId = "builtin:user-action-custom-metrics";
DENY settings:objects:read, settings:objects:write, settings:schemas:read WHERE settings:schemaId = "builtin:process-group.simple-detection-rule";
DENY settings:objects:read, settings:objects:write, settings:schemas:read WHERE settings:schemaId = "builtin:anomaly-detection.rum-mobile";
DENY settings:objects:read, settings:objects:write, settings:schemas:read WHERE settings:schemaId = "builtin:alerting.connectivity-alerts";
DENY settings:objects:read, settings:objects:write, settings:schemas:read WHERE settings:schemaId = "builtin:anomaly-detection.rum-custom-crash-rate-increase";
DENY settings:objects:read, settings:objects:write, settings:schemas:read WHERE settings:schemaId = "builtin:monitored-technologies.php";
DENY settings:objects:read, settings:objects:write, settings:schemas:read WHERE settings:schemaId = "builtin:anomaly-detection.kubernetes.workload";
DENY settings:objects:read, settings:objects:write, settings:schemas:read WHERE settings:schemaId = "builtin:service-detection.external-web-service";
DENY settings:objects:read, settings:objects:write, settings:schemas:read WHERE settings:schemaId = "builtin:user-settings";
DENY settings:objects:read, settings:objects:write, settings:schemas:read WHERE settings:schemaId = "builtin:failure-detection.environment.parameters";
DENY settings:objects:read, settings:objects:write, settings:schemas:read WHERE settings:schemaId = "builtin:rum.host-headers";
DENY settings:objects:read, settings:objects:write, settings:schemas:read WHERE settings:schemaId = "builtin:rum.web.request-errors";
DENY settings:objects:read, settings:objects:write, settings:schemas:read WHERE settings:schemaId = "builtin:bizevents-processing-buckets.rule";
DENY settings:objects:read, settings:objects:write, settings:schemas:read WHERE settings:schemaId = "builtin:rum.mobile.enablement";
DENY settings:objects:read, settings:objects:write, settings:schemas:read WHERE settings:schemaId = "builtin:rum.custom.name";
DENY settings:objects:read, settings:objects:write, settings:schemas:read WHERE settings:schemaId = "builtin:synthetic.browser.name";
DENY settings:objects:read, settings:objects:write, settings:schemas:read WHERE settings:schemaId = "builtin:resource-attribute";
DENY settings:objects:read, settings:objects:write, settings:schemas:read WHERE settings:schemaId = "builtin:anomaly-detection.databases";
DENY settings:objects:read, settings:objects:write, settings:schemas:read WHERE settings:schemaId = "builtin:anomaly-detection.kubernetes.pvc";
DENY settings:objects:read, settings:objects:write, settings:schemas:read WHERE settings:schemaId = "builtin:tags.auto-tagging";
DENY settings:objects:read, settings:objects:write, settings:schemas:read WHERE settings:schemaId = "builtin:deployment.activegate.updates";
DENY settings:objects:read, settings:objects:write, settings:schemas:read WHERE settings:schemaId = "builtin:synthetic.browser.outage-handling";
DENY settings:objects:read, settings:objects:write, settings:schemas:read WHERE settings:schemaId = "builtin:container.built-in-monitoring-rule";
DENY settings:objects:read, settings:objects:write, settings:schemas:read WHERE settings:schemaId = "builtin:rum.mobile.request-errors";
DENY settings:objects:read, settings:objects:write, settings:schemas:read WHERE settings:schemaId = "builtin:bizevents-processing-pipelines.rule";
DENY settings:objects:read, settings:objects:write, settings:schemas:read WHERE settings:schemaId = "builtin:anomaly-detection.metric-events";
DENY settings:objects:read, settings:objects:write, settings:schemas:read WHERE settings:schemaId = "builtin:tokens.token-settings";
DENY settings:objects:read, settings:objects:write, settings:schemas:read WHERE settings:schemaId = "builtin:logmonitoring.log-events";
DENY settings:objects:read, settings:objects:write, settings:schemas:read WHERE settings:schemaId = "builtin:logmonitoring.log-custom-attributes";
DENY settings:objects:read, settings:objects:write, settings:schemas:read WHERE settings:schemaId = "builtin:span-entry-points";
DENY settings:objects:read, settings:objects:write, settings:schemas:read WHERE settings:schemaId = "builtin:monitoredentities.generic.relation";
DENY settings:objects:read, settings:objects:write, settings:schemas:read WHERE settings:schemaId = "builtin:anomaly-detection.kubernetes.node";
DENY settings:objects:read, settings:objects:write, settings:schemas:read WHERE settings:schemaId = "builtin:metric.query";
DENY settings:objects:read, settings:objects:write, settings:schemas:read WHERE settings:schemaId = "builtin:rum.mobile.key-performance-metrics";
DENY settings:objects:read, settings:objects:write, settings:schemas:read WHERE settings:schemaId = "builtin:rum.processgroup";
DENY settings:objects:read, settings:objects:write, settings:schemas:read WHERE settings:schemaId = "builtin:networkzones";
DENY settings:objects:read, settings:objects:write, settings:schemas:read WHERE settings:schemaId = "builtin:deployment.oneagent.updates";
DENY settings:objects:read, settings:objects:write, settings:schemas:read WHERE settings:schemaId = "builtin:mainframe.txstartfilters";
DENY settings:objects:read, settings:objects:write, settings:schemas:read WHERE settings:schemaId = "builtin:dashboards.presets";
DENY settings:objects:read, settings:objects:write, settings:schemas:read WHERE settings:schemaId = "builtin:span-attribute";
DENY settings:objects:read, settings:objects:write, settings:schemas:read WHERE settings:schemaId = "builtin:appsec.notification-alerting-profile-with-trigger-event";
DENY settings:objects:read, settings:objects:write, settings:schemas:read WHERE settings:schemaId = "builtin:service-detection.full-web-service";
DENY settings:objects:read, settings:objects:write, settings:schemas:read WHERE settings:schemaId = "builtin:rum.user-experience-score";
DENY settings:objects:read, settings:objects:write, settings:schemas:read WHERE settings:schemaId = "builtin:management-zones";
DENY settings:objects:read, settings:objects:write, settings:schemas:read WHERE settings:schemaId = "builtin:dashboards.image.allowlist";
DENY settings:objects:read, settings:objects:write, settings:schemas:read WHERE settings:schemaId = "builtin:monitored-technologies.nginx";
DENY settings:objects:read, settings:objects:write, settings:schemas:read WHERE settings:schemaId = "builtin:custom-metrics";
DENY settings:objects:read, settings:objects:write, settings:schemas:read WHERE settings:schemaId = "builtin:bizevents-processing-metrics.rule";
DENY settings:objects:read, settings:objects:write, settings:schemas:read WHERE settings:schemaId = "builtin:apis.detection-rules";
DENY settings:objects:read, settings:objects:write, settings:schemas:read WHERE settings:schemaId = "builtin:exclude.network.traffic";
DENY settings:objects:read, settings:objects:write, settings:schemas:read WHERE settings:schemaId = "builtin:alerting.maintenance-window";
DENY settings:objects:read, settings:objects:write, settings:schemas:read WHERE settings:schemaId = "builtin:os-services-monitoring";
DENY settings:objects:read, settings:objects:write, settings:schemas:read WHERE settings:schemaId = "builtin:rum.ip-mappings";
DENY settings:objects:read, settings:objects:write, settings:schemas:read WHERE settings:schemaId = "builtin:container.technology";
DENY settings:objects:read, settings:objects:write, settings:schemas:read WHERE settings:schemaId = "builtin:eec.local";
DENY settings:objects:read, settings:objects:write, settings:schemas:read WHERE settings:schemaId = "builtin:deployment.management.update-windows";
DENY settings:objects:read, settings:objects:write, settings:schemas:read WHERE settings:schemaId = "builtin:dashboards.general";
DENY settings:objects:read, settings:objects:write, settings:schemas:read WHERE settings:schemaId = "builtin:eula-settings";
DENY settings:objects:read, settings:objects:write, settings:schemas:read WHERE settings:schemaId = "builtin:synthetic.http.name";
DENY settings:objects:read, settings:objects:write, settings:schemas:read WHERE settings:schemaId = "builtin:problem.notifications";
DENY settings:objects:read, settings:objects:write, settings:schemas:read WHERE settings:schemaId = "builtin:process-visibility";
DENY settings:objects:read, settings:objects:write, settings:schemas:read WHERE settings:schemaId = "builtin:anomaly-detection.services";
DENY settings:objects:read, settings:objects:write, settings:schemas:read WHERE settings:schemaId = "builtin:monitored-technologies.iis";
DENY settings:objects:read, settings:objects:write, settings:schemas:read WHERE settings:schemaId = "builtin:anomaly-detection.kubernetes.namespace";
DENY settings:objects:read, settings:objects:write, settings:schemas:read WHERE settings:schemaId = "builtin:monitored-technologies.nodejs";
DENY settings:objects:read, settings:objects:write, settings:schemas:read WHERE settings:schemaId = "builtin:logmonitoring.log-buckets-rules";
DENY settings:objects:read, settings:objects:write, settings:schemas:read WHERE settings:schemaId = "builtin:rum.mobile.name";
DENY settings:objects:read, settings:objects:write, settings:schemas:read WHERE settings:schemaId = "builtin:rum.mobile.beacon-endpoint";
DENY settings:objects:read, settings:objects:write, settings:schemas:read WHERE settings:schemaId = "builtin:monitored-technologies.open-tracing-native";
DENY settings:objects:read, settings:objects:write, settings:schemas:read WHERE settings:schemaId = "builtin:oneagent.features";
DENY settings:objects:read, settings:objects:write, settings:schemas:read WHERE settings:schemaId = "builtin:rum.web.ipaddress-exclusion";
DENY settings:objects:read, settings:objects:write, settings:schemas:read WHERE settings:schemaId = "builtin:rum.web.name";
DENY settings:objects:read, settings:objects:write, settings:schemas:read WHERE settings:schemaId = "builtin:rum.web.resource-cleanup-rules";
DENY settings:objects:read, settings:objects:write, settings:schemas:read WHERE settings:schemaId = "builtin:deployment.oneagent.default-version";
DENY settings:objects:read, settings:objects:write, settings:schemas:read WHERE settings:schemaId = "builtin:rum.mobile.privacy";
DENY settings:objects:read, settings:objects:write, settings:schemas:read WHERE settings:schemaId = "builtin:process-group.detection-flags";
DENY settings:objects:read, settings:objects:write, settings:schemas:read WHERE settings:schemaId = "builtin:ibmmq.queue-sharing-group";
DENY settings:objects:read, settings:objects:write, settings:schemas:read WHERE settings:schemaId = "builtin:host.monitoring";
DENY settings:objects:read, settings:objects:write, settings:schemas:read WHERE settings:schemaId = "builtin:host.process-groups.monitoring-state";
DENY settings:objects:read, settings:objects:write, settings:schemas:read WHERE settings:schemaId = "builtin:span-capturing";
DENY settings:objects:read, settings:objects:write, settings:schemas:read WHERE settings:schemaId = "builtin:monitoredentities.generic.type";
DENY settings:objects:read, settings:objects:write, settings:schemas:read WHERE settings:schemaId = "builtin:synthetic.synthetic-availability-settings";
DENY settings:objects:read, settings:objects:write, settings:schemas:read WHERE settings:schemaId = "builtin:process.process-monitoring";
DENY settings:objects:read, settings:objects:write, settings:schemas:read WHERE settings:schemaId = "builtin:process-group.advanced-detection-rule";
DENY settings:objects:read, settings:objects:write, settings:schemas:read WHERE settings:schemaId = "builtin:rum.provider-breakdown";
DENY settings:objects:read, settings:objects:write, settings:schemas:read WHERE settings:schemaId = "builtin:logmonitoring.schemaless-log-metric";
DENY settings:objects:read, settings:objects:write, settings:schemas:read WHERE settings:schemaId = "builtin:monitored-technologies.java";
DENY settings:objects:read, settings:objects:write, settings:schemas:read WHERE settings:schemaId = "builtin:rum.web.xhr-exclusion";
DENY settings:objects:read, settings:objects:write, settings:schemas:read WHERE settings:schemaId = "builtin:rum.web.enablement";
DENY settings:objects:read, settings:objects:write, settings:schemas:read WHERE settings:schemaId = "builtin:processavailability";
DENY settings:objects:read, settings:objects:write, settings:schemas:read WHERE settings:schemaId = "builtin:process-group.monitoring.state";
DENY settings:objects:read, settings:objects:write, settings:schemas:read WHERE settings:schemaId = "builtin:process.built-in-process-monitoring-rule";
DENY settings:objects:read, settings:objects:write, settings:schemas:read WHERE settings:schemaId = "builtin:monitored-technologies.dotnet";
DENY settings:objects:read, settings:objects:write, settings:schemas:read WHERE settings:schemaId = "builtin:anomaly-detection.frequent-issues";

Admin NO Admin 2

DENY settings:objects:read, settings:objects:write, settings:schemas:read WHERE settings:schemaId = "builtin:synthetic.http.scheduling";
DENY settings:objects:read, settings:objects:write, settings:schemas:read WHERE settings:schemaId = "builtin:logmonitoring.log-dpp-rules";
DENY settings:objects:read, settings:objects:write, settings:schemas:read WHERE settings:schemaId = "builtin:settings.subscriptions.service";
DENY settings:objects:read, settings:objects:write, settings:schemas:read WHERE settings:schemaId = "builtin:sessionreplay.web.resource-capturing";
DENY settings:objects:read, settings:objects:write, settings:schemas:read WHERE settings:schemaId = "builtin:rum.web.custom-rum-javascript-version";
DENY settings:objects:read, settings:objects:write, settings:schemas:read WHERE settings:schemaId = "builtin:anomaly-detection.infrastructure-disks";
DENY settings:objects:read, settings:objects:write, settings:schemas:read WHERE settings:schemaId = "builtin:anomaly-detection.kubernetes.cluster";
DENY settings:objects:read, settings:objects:write, settings:schemas:read WHERE settings:schemaId = "builtin:synthetic.http.performance-thresholds";
DENY settings:objects:read, settings:objects:write, settings:schemas:read WHERE settings:schemaId = "builtin:span-event-attribute";
DENY settings:objects:read, settings:objects:write, settings:schemas:read WHERE settings:schemaId = "builtin:ibmmq.queue-managers";
DENY settings:objects:read, settings:objects:write, settings:schemas:read WHERE settings:schemaId = "builtin:synthetic.browser.kpms";
DENY settings:objects:read, settings:objects:write, settings:schemas:read WHERE settings:schemaId = "builtin:failure-detection.service.http-parameters";
DENY settings:objects:read, settings:objects:write, settings:schemas:read WHERE settings:schemaId = "builtin:failure-detection.environment.rules";
DENY settings:objects:read, settings:objects:write, settings:schemas:read WHERE settings:schemaId = "builtin:ibmmq.ims-bridges";
DENY settings:objects:read, settings:objects:write, settings:schemas:read WHERE settings:schemaId = "builtin:failure-detection.service.general-parameters";
DENY settings:objects:read, settings:objects:write, settings:schemas:read WHERE settings:schemaId = "builtin:usability-analytics";
DENY settings:objects:read, settings:objects:write, settings:schemas:read WHERE settings:schemaId = "builtin:synthetic.browser.scheduling";
DENY settings:objects:read, settings:objects:write, settings:schemas:read WHERE settings:schemaId = "builtin:rum.overload-prevention";
DENY settings:objects:read, settings:objects:write, settings:schemas:read WHERE settings:schemaId = "builtin:mainframe.txmonitoring";
DENY settings:objects:read, settings:objects:write, settings:schemas:read WHERE settings:schemaId = "builtin:disk.analytics.extension";
DENY settings:objects:read, settings:objects:write, settings:schemas:read WHERE settings:schemaId = "builtin:monitored-technologies.go";
DENY settings:objects:read, settings:objects:write, settings:schemas:read WHERE settings:schemaId = "builtin:service-detection.external-web-request";
DENY settings:objects:read, settings:objects:write, settings:schemas:read WHERE settings:schemaId = "builtin:mainframe.mqfilters";
DENY settings:objects:read, settings:objects:write, settings:schemas:read WHERE settings:schemaId = "builtin:anomaly-detection.rum-custom";
DENY settings:objects:read, settings:objects:write, settings:schemas:read WHERE settings:schemaId = "builtin:monitored-technologies.varnish";
DENY settings:objects:read, settings:objects:write, settings:schemas:read WHERE settings:schemaId = "builtin:nettracer.traffic";
DENY settings:objects:read, settings:objects:write, settings:schemas:read WHERE settings:schemaId = "builtin:anomaly-detection.rum-mobile-crash-rate-increase";
DENY settings:objects:read, settings:objects:write, settings:schemas:read WHERE settings:schemaId = "builtin:cloud.cloudfoundry";
DENY settings:objects:read, settings:objects:write, settings:schemas:read WHERE settings:schemaId = "builtin:anomaly-detection.infrastructure-disks.per-disk-override";
DENY settings:objects:read, settings:objects:write, settings:schemas:read WHERE settings:schemaId = "builtin:monitoring.slo";
DENY settings:objects:read, settings:objects:write, settings:schemas:read WHERE settings:schemaId = "builtin:issue-tracking.integration";
DENY settings:objects:read, settings:objects:write, settings:schemas:read WHERE settings:schemaId = "builtin:geo-settings";
DENY settings:objects:read, settings:objects:write, settings:schemas:read WHERE settings:schemaId = "builtin:logmonitoring.timestamp-configuration";
DENY settings:objects:read, settings:objects:write, settings:schemas:read WHERE settings:schemaId = "builtin:rum.custom.enablement";
DENY settings:objects:read, settings:objects:write, settings:schemas:read WHERE settings:schemaId = "builtin:anomaly-detection.infrastructure-hosts";
DENY settings:objects:read, settings:objects:write, settings:schemas:read WHERE settings:schemaId = "builtin:rum.web.beacon-domain-origins";
DENY settings:objects:read, settings:objects:write, settings:schemas:read WHERE settings:schemaId = "builtin:custom-unit";
DENY settings:objects:read, settings:objects:write, settings:schemas:read WHERE settings:schemaId = "builtin:preferences.privacy";
DENY settings:objects:read, settings:objects:write, settings:schemas:read WHERE settings:schemaId = "builtin:host.monitoring.aix-kernel-extension";
DENY settings:objects:read, settings:objects:write, settings:schemas:read WHERE settings:schemaId = "builtin:anomaly-detection.infrastructure-vmware";
DENY settings:objects:read, settings:objects:write, settings:schemas:read WHERE settings:schemaId = "builtin:rum.resource-timing-origins";
DENY settings:objects:read, settings:objects:write, settings:schemas:read WHERE settings:schemaId = "builtin:declarativegrouping";
DENY settings:objects:read, settings:objects:write, settings:schemas:read WHERE settings:schemaId = "builtin:span-context-propagation";
DENY settings:objects:read, settings:objects:write, settings:schemas:read WHERE settings:schemaId = "builtin:bizevents.http.incoming";
DENY settings:objects:read, settings:objects:write, settings:schemas:read WHERE settings:schemaId = "builtin:rum.ip-determination";
DENY settings:objects:read, settings:objects:write, settings:schemas:read WHERE settings:schemaId = "builtin:audit-log";
DENY settings:objects:read, settings:objects:write, settings:schemas:read WHERE settings:schemaId = "builtin:process-group.cloud-application-workload-detection";
DENY settings:objects:read, settings:objects:write, settings:schemas:read WHERE settings:schemaId = "builtin:monitored-technologies.wsmb";
DENY settings:objects:read, settings:objects:write, settings:schemas:read WHERE settings:schemaId = "builtin:eec.remote";
DENY settings:objects:read, settings:objects:write, settings:schemas:read WHERE settings:schemaId = "builtin:synthetic.browser.assigned-applications";
DENY settings:objects:read, settings:objects:write, settings:schemas:read WHERE settings:schemaId = "builtin:sessionreplay.web.privacy-preferences";
DENY settings:objects:read, settings:objects:write, settings:schemas:read WHERE settings:schemaId = "builtin:anomaly-detection.disk-rules";
DENY settings:objects:read, settings:objects:write, settings:schemas:read WHERE settings:schemaId = "builtin:availability.process-group-alerting";
DENY settings:objects:read, settings:objects:write, settings:schemas:read WHERE settings:schemaId = "builtin:logmonitoring.log-agent-configuration";
DENY settings:objects:read, settings:objects:write, settings:schemas:read WHERE settings:schemaId = "builtin:opentelemetry-metrics";
DENY settings:objects:read, settings:objects:write, settings:schemas:read WHERE settings:schemaId = "builtin:synthetic.http.cookies";
DENY settings:objects:read, settings:objects:write, settings:schemas:read WHERE settings:schemaId = "builtin:ownership.teams";
DENY settings:objects:read, settings:objects:write, settings:schemas:read WHERE settings:schemaId = "builtin:anomaly-detection.rum-web";
DENY settings:objects:read, settings:objects:write, settings:schemas:read WHERE settings:schemaId = "builtin:elasticsearch.user-session-export-settings-v2";
DENY settings:objects:read, settings:objects:write, settings:schemas:read WHERE settings:schemaId = "builtin:user-appfw-preferences";
DENY settings:objects:read, settings:objects:write, settings:schemas:read WHERE settings:schemaId = "builtin:accounting.ddu.limit";
DENY settings:objects:read, settings:objects:write, settings:schemas:read WHERE settings:schemaId = "builtin:rum.web.resource-types";
DENY settings:objects:read, settings:objects:write, settings:schemas:read WHERE settings:schemaId = "builtin:monitored-technologies.apache";
DENY settings:objects:read, settings:objects:write, settings:schemas:read WHERE settings:schemaId = "builtin:cloud.kubernetes";
DENY settings:objects:read, settings:objects:write, settings:schemas:read WHERE settings:schemaId = "builtin:monitoring.slo.normalization";
DENY settings:objects:read, settings:objects:write, settings:schemas:read WHERE settings:schemaId = "builtin:rum.web.browser-exclusion";
DENY settings:objects:read, settings:objects:write, settings:schemas:read WHERE settings:schemaId = "builtin:alerting.profile";
DENY settings:objects:read, settings:objects:write, settings:schemas:read WHERE settings:schemaId = "builtin:anomaly-detection.infrastructure-aws";
DENY settings:objects:read, settings:objects:write, settings:schemas:read WHERE settings:schemaId = "builtin:process.custom-process-monitoring-rule";
DENY settings:objects:read, settings:objects:write, settings:schemas:read WHERE settings:schemaId = "builtin:synthetic.http.outage-handling";
DENY settings:objects:read, settings:objects:write, settings:schemas:read WHERE settings:schemaId = "builtin:remote.environment";
DENY settings:objects:read, settings:objects:write, settings:schemas:read WHERE settings:schemaId = "builtin:container.monitoring-rule";
DENY settings:objects:read, settings:objects:write, settings:schemas:read WHERE settings:schemaId = "builtin:logmonitoring.logs-on-grail-activate";
DENY settings:objects:read, settings:objects:write, settings:schemas:read WHERE settings:schemaId = "builtin:synthetic.browser.performance-thresholds";
DENY settings:objects:read, settings:objects:write, settings:schemas:read WHERE settings:schemaId = "builtin:disk.options";
DENY settings:objects:read, settings:objects:write, settings:schemas:read WHERE settings:schemaId = "builtin:settings.mutedrequests";
DENY settings:objects:read, settings:objects:write, settings:schemas:read WHERE settings:schemaId = "builtin:rum.web.app-detection";
The true delight is in the finding out rather than in the knowing.

I did the same but as you mentioned we are limited to 100 rules. So i went to the group level for schemas that are included in a group. i got a total of 59 Rules to lock it down. 

DENY settings:objects:read, settings:objects:write, settings:schemas:read WHERE settings:schemaId = "builtin:alerting.connectivity-alerts";
DENY settings:objects:read, settings:objects:write, settings:schemas:read WHERE settings:schemaId = "builtin:availability.process-group-alerting";
DENY settings:objects:read, settings:objects:write, settings:schemas:read WHERE settings:schemaId = "builtin:cloud.kubernetes";
DENY settings:objects:read, settings:objects:write, settings:schemas:read WHERE settings:schemaId = "builtin:eec.remote";
DENY settings:objects:read, settings:objects:write, settings:schemas:read WHERE settings:schemaId = "builtin:event-trigger.rule";
DENY settings:objects:read, settings:objects:write, settings:schemas:read WHERE settings:schemaId = "builtin:geo-settings";
DENY settings:objects:read, settings:objects:write, settings:schemas:read WHERE settings:schemaId = "builtin:host.monitoring";
DENY settings:objects:read, settings:objects:write, settings:schemas:read WHERE settings:schemaId = "builtin:host.monitoring.aix-kernel-extension";
DENY settings:objects:read, settings:objects:write, settings:schemas:read WHERE settings:schemaId = "builtin:host.process-groups.monitoring-state";
DENY settings:objects:read, settings:objects:write, settings:schemas:read WHERE settings:schemaId = "builtin:monitored-technologies.apache";
DENY settings:objects:read, settings:objects:write, settings:schemas:read WHERE settings:schemaId = "builtin:monitored-technologies.dotnet";
DENY settings:objects:read, settings:objects:write, settings:schemas:read WHERE settings:schemaId = "builtin:monitored-technologies.go";
DENY settings:objects:read, settings:objects:write, settings:schemas:read WHERE settings:schemaId = "builtin:monitored-technologies.iis";
DENY settings:objects:read, settings:objects:write, settings:schemas:read WHERE settings:schemaId = "builtin:monitored-technologies.java";
DENY settings:objects:read, settings:objects:write, settings:schemas:read WHERE settings:schemaId = "builtin:monitored-technologies.nginx";
DENY settings:objects:read, settings:objects:write, settings:schemas:read WHERE settings:schemaId = "builtin:monitored-technologies.nodejs";
DENY settings:objects:read, settings:objects:write, settings:schemas:read WHERE settings:schemaId = "builtin:monitored-technologies.open-tracing-native";
DENY settings:objects:read, settings:objects:write, settings:schemas:read WHERE settings:schemaId = "builtin:monitored-technologies.php";
DENY settings:objects:read, settings:objects:write, settings:schemas:read WHERE settings:schemaId = "builtin:monitored-technologies.varnish";
DENY settings:objects:read, settings:objects:write, settings:schemas:read WHERE settings:schemaId = "builtin:monitored-technologies.wsmb";
DENY settings:objects:read, settings:objects:write, settings:schemas:read WHERE settings:schemaId = "builtin:process-group.monitoring.state";
DENY settings:objects:read, settings:objects:write, settings:schemas:read WHERE settings:schemaId = "builtin:rum.mobile.request-errors";
DENY settings:objects:read, settings:objects:write, settings:schemas:read WHERE settings:schemaId = "builtin:settings.mutedrequests";
DENY settings:objects:read, settings:objects:write, settings:schemas:read WHERE settings:schemaId = "builtin:settings.subscriptions.service";
DENY settings:objects:read, settings:objects:write, settings:schemas:read WHERE settings:schemaId = "builtin:synthetic.browser.performance-thresholds";
DENY settings:objects:read, settings:objects:write, settings:schemas:read WHERE settings:schemaId = "builtin:synthetic.browser.scheduling";
DENY settings:objects:read, settings:objects:write, settings:schemas:read WHERE settings:schemaId = "builtin:synthetic.http.performance-thresholds";
DENY settings:objects:read, settings:objects:write, settings:schemas:read WHERE settings:schemaId = "builtin:synthetic.http.scheduling";
DENY settings:objects:read, settings:objects:write, settings:schemas:read WHERE settings:schemaId = "builtin:user-appfw-preferences";
DENY settings:objects:read, settings:objects:write, settings:schemas:read WHERE settings:schemaId = "builtin:user-settings";
DENY settings:objects:read, settings:objects:write, settings:schemas:read WHERE settings:schemaGroup = "group:accounting";
DENY settings:objects:read, settings:objects:write, settings:schemas:read WHERE settings:schemaGroup = "group:preferences";
DENY settings:objects:read, settings:objects:write, settings:schemas:read WHERE settings:schemaGroup = "group:maintenance";
DENY settings:objects:read, settings:objects:write, settings:schemas:read WHERE settings:schemaGroup = "group:alerting";
DENY settings:objects:read, settings:objects:write, settings:schemas:read WHERE settings:schemaGroup = "group:anomaly-detection";
DENY settings:objects:read, settings:objects:write, settings:schemas:read WHERE settings:schemaGroup = "group:service-monitoring";
DENY settings:objects:read, settings:objects:write, settings:schemas:read WHERE settings:schemaGroup = "group:business-analytics";
DENY settings:objects:read, settings:objects:write, settings:schemas:read WHERE settings:schemaGroup = "group:cloud-and-virtualization";
DENY settings:objects:read, settings:objects:write, settings:schemas:read WHERE settings:schemaGroup = "group:processes-and-containers";
DENY settings:objects:read, settings:objects:write, settings:schemas:read WHERE settings:schemaGroup = "group:web-and-mobile-monitoring";
DENY settings:objects:read, settings:objects:write, settings:schemas:read WHERE settings:schemaGroup = "group:metrics";
DENY settings:objects:read, settings:objects:write, settings:schemas:read WHERE settings:schemaGroup = "group:dashboards";
DENY settings:objects:read, settings:objects:write, settings:schemas:read WHERE settings:schemaGroup = "group:updates";
DENY settings:objects:read, settings:objects:write, settings:schemas:read WHERE settings:schemaGroup = "group:integration";
DENY settings:objects:read, settings:objects:write, settings:schemas:read WHERE settings:schemaGroup = "group:monitoring";
DENY settings:objects:read, settings:objects:write, settings:schemas:read WHERE settings:schemaGroup = "group:failure-detection";
DENY settings:objects:read, settings:objects:write, settings:schemas:read WHERE settings:schemaGroup = "group:mainframe";
DENY settings:objects:read, settings:objects:write, settings:schemas:read WHERE settings:schemaGroup = "group:cloud-automation";
DENY settings:objects:read, settings:objects:write, settings:schemas:read WHERE settings:schemaGroup = "group:log-monitoring";
DENY settings:objects:read, settings:objects:write, settings:schemas:read WHERE settings:schemaGroup = "group:topology-model";
DENY settings:objects:read, settings:objects:write, settings:schemas:read WHERE settings:schemaGroup = "group:ownership";
DENY settings:objects:read, settings:objects:write, settings:schemas:read WHERE settings:schemaGroup = "group:rum-general";
DENY settings:objects:read, settings:objects:write, settings:schemas:read WHERE settings:schemaGroup = "group:capturing";
DENY settings:objects:read, settings:objects:write, settings:schemas:read WHERE settings:schemaGroup = "group:rum-errors";
DENY settings:objects:read, settings:objects:write, settings:schemas:read WHERE settings:schemaGroup = "group:rum-settings";
DENY settings:objects:read, settings:objects:write, settings:schemas:read WHERE settings:schemaGroup = "group:service-detection";
DENY settings:objects:read, settings:objects:write, settings:schemas:read WHERE settings:schemaGroup = "group:synthetic.browser";
DENY settings:objects:read, settings:objects:write, settings:schemas:read WHERE settings:schemaGroup = "group:synthetic.http";
DENY settings:objects:read, settings:objects:write, settings:schemas:read WHERE settings:schemaGroup = "group:tags";

 

Just Note the User is still able to do these admin function and maybe more: 

- Rename Hosts 

- Edit Monitored Technologies
- See deployment status page (OneAgents, Active Gates, Network Zones)

- See Credential Vault

- See Dynatrace Hub

 

-Chad

wolfgang_beer
Dynatrace Leader
Dynatrace Leader

Sorry for that inconvenience, but we had to change the policy here as all large enterprice customers were telling us that closing problems with environment viewer permissions is a no-go for them and that they see it as a critical blocker.

The change in policy was announced in release notes as it was mentioned by Chad. 

I agree that showing the button to users with viewer rights does not make sense at all, I have to admit that slipped through without me noticing it. We will fix that as soon as possible.

And you also asked about related community requests:

Best greetings,

Wolfgang

@wolfgang_beer thanks for addressing this. While I agree with the removal of problem closure for the basic read user, as the comments mentioned on those RFE's, having the option to turn on/off the closure restriction is needed. Not to just remove it and give it to admins only. 

I cant stress enough how Dynatrace Updates should not remove functionality, in this case, users have always had the option to close a problem. The true solution to this would have been to add in a flag/method to allow/deny users/user types the ability to close problems. Very similar to dashboard anonymous access. I'm sure customers have asked to lock that feature down, which Dynatrace did in a future release but that solution was provided as an enhancement rather then removing the ability to share dashboards anonymously.

ChadTurner_0-1680264101044.png

 

These changes impact all the customers. I just wish Dynatrace would ask the customers and maybe pilot features with us. I could think of a bunch of ways this could have been handled better, like even adding the functionality at the permissions page: 

ChadTurner_1-1680264223553.png

 

-Chad

Well that would be an option yes, but it also cloags a software solution over time with large amounts of tiny settings that nobody uses anyway after a change was made. So change in a product is really really hard I agree and we try to do it as sensible as possible. But sometimes change is necessary to remove critical issues or to adress bugs.

But I will try to do better next time we introduce something breaking.

Thanks@wolfgang_beer I understand the point and the criteria used, but as many other options in the product if you could add a schema to allow the close of problems would allow us to Allow or Deny that actions with more flexibility and avoid to add tiny settings as you mention. I think granular permissions that Dynatrace introduced to allow us to configure the product are great. I have several groups were viewer only have other roles as maintain synthetics, or tags, or the ability to set a Maintenance Window. In the current state I need to elevate a lot of users to the admin non admin state, in my case this poses a risk much higher than a problem closure.

Personal opinion, for me things like "We had situations that problem was closed by customer and application administrators missed important application failure because they didn't see the problem" are more process problems than tools problems but stand aside, please let me know if you need an RFE to add a schema for that action.

Thanks a lot for your answer.

The true delight is in the finding out rather than in the knowing.

Question, how do you define large enterprise customers?  We are a large enterprise customer and don't recall requesting this.

Please let us know.

Dynatrace Certified Professional

Dear @Kenny_Gillette ,

I understand that you represent a large enterprise customer that did not request this permission change and that did not experienced as a critical blocker. 

We will mitigate this change as good as possible by fixing and backporting the UI issue and maybe we can also come up with further possibilities.

Best greetings,

Wolfgang

wolfgang_beer
Dynatrace Leader
Dynatrace Leader

@ChadTurner UPDATE: After consulting with Development we agreed to roll back the permission change and introduce a config option one or two releases later. We will try to backport the rollback.

Best greetings,

Wolfgang

aaronm
Frequent Guest

Thank you @wolfgang_beer. When will customers be notified about the backport rollback being successful or not?

We backported the rollback to version 264, so all DT Managed customers will not have the issue in the first place and all SaaS customers will be back at the old logic within the next 2 weeks.

Featured Posts