Set up permissions for Distributed Tracing

  • Latest Dynatrace
  • How-to guide
  • 1-min read

This article contains information on the required permissions to perform specific actions. The format of the policy statements is

ALLOW <table permission> WHERE <conditions>;

To learn how to set permissions, see Permissions in Grail.

Policy scope

Table permission

Where

Access to trace data

storage:buckets:read, storage:spans:read, storage:entities:read, storage:fieldsets:read

storage:bucket-name = "spans"

View sensitive fields trace data 1 2

storage:fieldsets:read

storage:fieldset-name="builtin-sensitive-spans" IN ("<bucket-name>")

View confidential request attributes trace data 2

storage:fieldsets:read

storage:fieldset-name="builtin-request-attributes-spans" IN ("<bucket-name>")

View segments in the Distributed Tracing app

storage:filter-segments:read

storage:bucket-name = "spans"

View log data in the Distributed Tracing app

storage:logs:read

storage:bucket-name = "spans"

Manage facet in the Distributed Tracing app

state:user-app-states:read, state:user-app-states:write, state:user-app-states:delete

storage:bucket-name = "spans"

1

Sensitive attributes for spans are tagged as sensitive-spans in Global field reference.

2

To learn more about restricted view access to personal data and confidential request attributes, see Masking at display.

Related tags
Application ObservabilityDistributed TracingDistributed Tracing