I think the synthetic browser monitors are missing a critical policy to allow individual usergroupt to only administrate synthetic monitors. I would say it's a bug.
We can create a policy like:
ALLOW settings:objects:read, settings:objects:write, settings:schemas:read WHERE settings:schemaId IN ("builtin:synthetic.browser.name","builtin:synthetic.browser.scheduling","builtin:synthetic.http.name","builtin:synthetic.synthetic-availability-settings","builtin:synthetic.synthetic-availability-settings","builtin:synthetic.browser.outage-handling","builtin:synthetic.http.scheduling","builtin:synthetic.browser.assigned-applications","builtin:synthetic.http.performance-thresholds","builtin:synthetic.browser.kpms","builtin:synthetic.http.assigned-applications","builtin:synthetic.http.outage-handling","builtin:synthetic.http.cookies","builtin:synthetic.browser.performance-thresholds");
This will allow a group member with this policy assigned to change almost any setting of that monitor. But you will not be able to edit/change the script execution, edit individual steps or use the script recorder to basically change the ESSENTIAL parts of the browser monitor.
It seems this was simply forgotten to add to a schema.
Any solution for this, without giving users full config permissions on the environment?
Certified Dynatrace Master, Dynatrace Partner - 360Performance.net
