28 Jan 2025 09:14 AM
How does policy templating help in managing security boundaries within user groups?
Solved! Go to Solution.
28 Jan 2025 09:15 AM
Policy templating allows for the creation of reusable policies that implement parameterized values in their WHERE condition. An example policy that uses these bind parameters could be the following
ALLOW storage:logs:read WHERE storage:dt.security_context = "${bindParam:team}";
The actual values of the bind parameter ‘team’ are set uniquely with each group->policy binding.
In conclusion, if your user groups also represent security boundaries, then one way to pass that information into the bound policies is through policy templating. Doing so also reduces the footprint of your IAM policies.
03 Feb 2025 07:02 AM
The Dynatrace IAM policy templating guide explains how to create reusable, parameterized policies to simplify permission management. Instead of writing multiple policies for different contexts, you can define a single policy with a parameter reference. Parameters are assigned during policy binding via REST API. If parameters mismatch, a 400 error is returned. Updates are allowed only if the parameter set remains unchanged. Policies can also support lists as binding parameters. https://docs.dynatrace.com/docs/manage/identity-access-management/permission-management/manage-user-...