Solved: Create and manage custom log buckets - Grail Dynatrace API

hallstev5 · ‎11 Oct 2023

I am attempting to create custom grail buckets following the instructions from the following link

I select the Bucket Management under the definition after going to the Dynatrace API. I create a OAuth client in account management under Identity and Access management. For this client I selected the following scopes: "storage:buckets:read, storage:bucket-definitions:read, storage:bucket-definitions:write, storage:bucket-definitions:delete, storage:bucket-definitions:truncate, account-env-read"

I wrote a powershell script to get the OAuth2 access token:

used:

grant_type = 'client_credentials'

client_id = <My client id from the oauth client i created"

client_secret = <from the oauth client i created"

resource = <URN from oauth client"

scope = "storage:bucket-definitions:read"

I got the access token and when i make the API call to get the bucket definitions (should be only the default bucket) i receive 403, required permissions not met

What permissions am i missing from the OAuth client to get this to work?

mferstl · ‎18 Oct 2023

Hi,

I have the same issue, did you already find which permissions are missing?

br

Michael

mferstl · ‎18 Oct 2023

did you maybe forget this step:
-> Make sure the User who is creating the Buckets via the API has the following permissions:
--> Create a Policy with the definition:
ALLOW storage:bucket-definitions:read;
ALLOW storage:bucket-definitions:write;

DanielS · ‎15 Nov 2023

Hello, your powershell script is missing the scope storage:bucket-definitions:write. Also I leave you this guide https://community.dynatrace.com/t5/Dynatrace-tips/PRO-TIP-Dynatrace-Grail-Storage-Management-API-Pos...

The true delight is in the finding out rather than in the knowing.