21 Nov 2023 10:09 PM - last edited on 22 Nov 2023 09:51 AM by MaciejNeumann
Hello, nice to ask again. I have the following issue: I need to create a new bucket to manage log retention. To do this, I followed the guide, but I'm encountering issues with OAuth 2.0 permissions. I'm searching within the Dynatrace API Swagger for the required permissions. Can you help me identify the necessary permissions?"
I create the OAuth with the permissions specified by OAuth 2.0, and I generate the token from Postman. However, upon execution, I still lack the necessary permissions. What could be the issue?
Furthermore, I created the precise permissions and generated another OAuth with all the storage permissions. I created tokens with both OAuths and tested them separately, but with the same result.
The token is successfully created, but upon executing the query, it still complains about a lack of permissions. Am I missing any other permission?
Solved! Go to Solution.
21 Nov 2023 10:42 PM
Hello @Ellery The permission not met means that the user executing the API call needs to have the policy assigned with at least the storage:bucket-definitions permissions:
ALLOW storage:events:read;
ALLOW storage:metrics:read;
ALLOW storage:logs:read;
ALLOW storage:entities:read;
ALLOW storage:bizevents:read;
ALLOW storage:system:read;
ALLOW storage:buckets:read;
ALLOW storage:bucket-definitions:read;
ALLOW storage:bucket-definitions:write;
ALLOW storage:bucket-definitions:delete;
ALLOW storage:bucket-definitions:truncate;
I leave you a wide policy to apply to a "Storage Admin Group" to have full control over grail buckets.
21 Nov 2023 10:52 PM
I also leave you the link to this PRO TIP.
Maybe it will be useful to you.
22 Nov 2023 01:03 PM
First of all, thank you very much for the response, but it seems that there's something I'm doing wrong, as even though the API responds, it is not the expected result from the API.
23 Nov 2023 12:23 AM
Hello @Ellery I'm going to try to help you with a very detailed guide.
At this point, if you are receiving Required permissions not met it means that the Oauth 2.0 Token is working, but you are lacking the Dynatrace identity and access management (IAM) framework permissions on the user you assign the Oauth 2.0 Token.
23 Nov 2023 12:31 AM
Also I've updated the guide to reflect a way to troubleshoot your problem. Because I saw other post with the problem. Thanks for your feedback.