Solved: Session replay button greyed out

Gewo · ‎21 Apr 2026

Hello everyone,

I'm trying to restrict access to specific web applications with Session Replay enabled.

I created a management zone for those apps and assigned Read User Sessions and Read User Replays to a user group. However, when testing, the replay button is still greyed out.

Based on the documentation, this usually means missing permissions, but I can't find any other relevant permission to assign.

Is there something I'm overlooking in terms of permissions, boundaries, or management zone configuration?

Thanks!

MaximilianoML · ‎21 Apr 2026

Hello @Gewo,

From what you described, it sounds like the missing part is the specific Session Replay permission, not only the general session access permissions.

In Dynatrace, access to Session Replay is controlled by Replay session data with masking or Replay session data without masking. In the IAM policy statements, these appear as:

environment:roles:replay-sessions-without-masking;
environment:roles:replay-sessions-with-masking.

These permissions can also be scoped using a management zone condition: See here

So even if the user already has Read User Sessions and Read User Replays, the replay button may still remain greyed out if the group does not also have one of the dedicated replay permissions above.

I would also double-check the management zone boundary. If replay access is limited through a management zone, the user must have access to the relevant web applications inside that same management zone. If the applications or sessions fall outside the zone definition, replay access may still not work as expected.

A few things I would verify:

the user group has Replay session data with masking or Replay session data without masking
the permission is assigned for the correct management zone
the affected web applications are actually included in that management zone
the tested session really contains replay data

As a quick test, you could temporarily grant the replay permission at the environment level. If it starts working there, then the issue is most likely related to the management zone configuration or boundary.

Hope this helps 😀

Max Lopes

Gewo · ‎21 Apr 2026

Hi Maximiliano!
Thank you very much.
For anyone having the same issue in the future:
The reason i was missing the permission to Replay session data with masking or Replay session data without masking was because by default in my tenant it was not available. The only permissions i had were Read user sessions and Read user replays.
I had to add the permissions by going to Identity & access management > Policies > Create policy and adding the permissions by hand with ALLOW environment:roles:replay-sessions-with-masking; in the policy statement.

Thank you again,
Have a nice day!

TheophileDURAND · ‎21 Apr 2026

Hi Gewo,

First of all — are you on a Managed or SaaS environment? The approach differs depending on your setup.

If you are on the new SaaS version, here are two things to check:

Navigate to OpenPipeline → User Sessions and make sure the relevant permissions are assigned there.
Please note that permission scoping at the entity level is not yet supported in the new version, so some restrictions may not be applicable.

If you are on a Managed environment, this is most likely a permission or boundary configuration issue. Could you share your current policy/boundary setup? You may also want to verify that the following permissions are correctly configured: 👉 https://docs.dynatrace.com/docs/shortlink/iam-policystatements#session-replay-resources-read

Hope this helps!

Dynatrace Consultant @ Packet Perf | I don't always look at logs, but when I do, I query all of them 