Is there a way to give READ&WRITE permissions only to manage maintenance windows via Dynatrace API?.
Currently, to use maintenance windows with API we need an api-token with READ&WRITE all config permissions, which it's not convenient because people who only need to manage maintenance windows, could have access to others DT configurations.
Thank you in advance for your help.
Solved! Go to Solution.
yes that should be possible.
First you would need to create a policy like following:
ALLOW settings:schemas:read, settings:objects:write WHERE settings:schemaId = "builtin:alerting.maintenance-window";
This policy you can assign to the group of users that needs to be able to modify MWs.
Using a personal access token (PTA) from an account of said user group, that token given the settings.read and setting.write permissions will be able to modify and create MWs.
Hope this helps!