Solved: Re: Api-token only for maintenance windows via Dynatrace API

miliseclen · ‎14 Apr 2022

Is there a way to give READ&WRITE permissions only to manage maintenance windows via Dynatrace API?

Currently, to use maintenance windows with API we need an API token with READ&WRITE all config permissions, which it's not convenient because people who only need to manage maintenance windows, could have access to other DT configurations.

Thank you in advance for your help.

miliseclen · ‎14 Apr 2022

@EvelinAcosta @Lassehansen

mark_bley · ‎21 Apr 2022

Hi @miliseclen,

yes that should be possible.

First you would need to create a policy like following:

ALLOW settings:schemas:read, settings:objects:write WHERE settings:schemaId = "builtin:alerting.maintenance-window";

This policy you can assign to the group of users that needs to be able to modify MWs.

Using a personal access token (PTA) from an account of said user group, that token given the settings.read and setting.write permissions will be able to modify and create MWs.

Hope this helps!

Best,

Mark

Kenny_Gillette · ‎04 Nov 2024

I did not know this. Going to test this!!!

Clarification: I setup IAM Policies, but didn't realize they use same permissions for API.

Dynatrace Certified Professional

API-token only for Maintenance Windows via Dynatrace API