Access control for Connectors

  • Latest
  • Reference
  • 11min

Several Connectors require a connection to a third-party environment.

  • default A private connection can only be used by the owner who created it.

    Exception: a user with administrator rights can view and change any connection in the environment.

  • optional You can share a connection with others.

Prerequisites and permissions

User need

Permission required

Description

View connections

app-settings:objects:read

A user with app-settings:objects:read permission:

  • Can view and use existing connections created by other users that were shared with them.
  • Can not create new connections.

Create and edit connections

app-settings:objects:write

A user with app-settings:objects:write permission can:

  • Create new connections and edit their existing connections.
  • View or edit connections shared with them, depending on whether they have been given Can view or Can edit permission on the Share access tab for that connection.

You can use a connection for a workflow if you have either Can view or Can edit permission.

Administer all environment connections.

app-settings:objects:admin

A user with app-settings:objects:admin permission can:

  • Create new connections.
  • View and edit all existing connections created by anyone on their Dynatrace environment.

Multiple apps

settings:objects:read

app-settings:objects:write

Connectors that must access the connection settings of multiple Connectors have the settings:objects:read and app-settings:objects:write permissions.

For more on general Workflows user permissions, see User permissions for workflows.

Display connection overview

For an overview of all connections for a Connector

  1. Go to Settings Settings.
  2. Select Connections.
  3. Select the Connector from the Connectors table.

Your capabilities from here depend on your permissions.

  • The Connection table shows your own and shared connections. These are marked with the icon.
  • An admin can view and edit all connections.

From here, you can:

  • Search connections

    • Use the Search connections field at the top of the connections table to filter the table for a specific connection name.
    • Use the list next to the Search connections field to filter the table by the sharing option.
      • default All connections lists connections owned by you or shared with you.
      • My connections lists connections owned by you. These are the connections you created.
      • Shared with me lists connections shared with you. These are the connections with the Can view or Can edit options.

  • View a connection

    In the connections overview, select a connection to view it. The connection view consists of these two tabs:

    • Set up connection contains all fields necessary to connect to the third-party application of the used Connector.
    • Share access enables sharing of the connection with others.

  • Create a connection

    To create a new connection, select Connection.

    For details on creating a connection, see Create a connection.

  • Display a connection configuration

    To display a connection configuration, select its name in the table or select > Edit or View in that row.

  • Share a connection

    To share a connection, go to the Share access tab. Depending on your permissions, you can:

    • View or edit who has access to this connection.
    • View who the owner of the connection is.

    For details on sharing a connection, see Share a connection.

  • Delete a connection

    To delete a connection see Delete a connection.

View connection access

You can view a connection's access control settings via the Settings Settings or within a workflow.

Either way, this is your starting point for connection configuration and sharing.

View connection access via Settings Settings

  1. In Dynatrace, go to Settings Settings and select Connections.
  2. In the Connectors table, select the Connector.
  3. On the Connector-specific page, do one of the following:
    • To view or edit an existing connection, find and select the connection.
    • To create a new connection, select Connection and configure the connection on the Set up connection tab.
  4. Select the Share access tab to view or configure access control for that connection.

For details on sharing a connection, see Share a connection.

View connection access via Workflows Workflows

  1. In Dynatrace, go to Workflows Workflows and select an existing workflow or select Workflow to create a new workflow.
  2. Select an existing task or create a new one.
  3. In the side panel, search the actions for the Connector, for example, Jira, and select one.
  4. In the Configure connection section, do one of the following:
    • To edit an existing connection, select the connection from the Connection list if you need to change the connection, select Edit Edit this connection, and then select the Share access tab.
    • To create a new connection, select Create a new connection and configure the connection. The Share access tab determines who has access to the connection.

For details on sharing a connection, see Share a connection.

Create a connection

To create a connection

  1. Go to Settings Settings.

  2. Select Connections.

  3. In the Connectors table, select the Connector.

    This displays the connection overview for the selected Connector.

  4. Select Connection.

  5. Define the connection. This varies from Connector to Connector.

    • Connection name needs to be unique. It will be listed and selectable in the connection field in the connector.

  6. Select Create.

Share a connection

By default, a connection is only visible to its owner. It is not shared with anyone other than the administrator who always has access to all connections in the environment.

However, you can share a connection with other users, groups, service users, or, in general, anyone in the environment.

To share a connection

  1. Go to the Share access tab for the connection.
    See View connection access.
  2. The Share access window lists Who has access:
    • Anyone in your environment is always at the top of the Who has access list. It's set to No access by default.
    • The connection owner who created the connection is always in the Who has access list and is set to Owner. This is you if you created a connection.

Share with a user, group, or service user

To share a connection with a user, group, or service user

  1. Type part of the name in the search box and select the checkbox for the user, group, or service user with whom you want to share the connection.

    Tip: you can select more than one user, group, or service user at a time.

  2. Select the permission level such as Can view or Can edit to apply to that row.

  3. Select Add in that row.

  4. Select Create, while creating a connection, or Save, while editing an existing connection, to save your changes.

    The user, group, or service user is now listed under Who has access with a permission level displayed Can view or Can edit.

Share with everyone

To share a connection with all users in your environment

  1. Locate the Anyone in your environment entry, which is always at the top of the Who has access list. By default, this entry is set to No access, meaning no general access is shared with other users in the environment.
  2. Change the access setting in this row as needed.
    • Can view lets everyone in the environment view the connection.
    • Can edit lets everyone in the environment change the connection.
    • No access default makes your connection private unless you have shared the connection with more specific share options.
  3. Either select Create for creating a connection or Save for editing an existing connection, and then save your changes.

Change sharing

To change sharing

  1. Find the entry in the Who has access list. This could be a user, group, service user, or Anyone in your environment.

  2. Select a new access level in that row:

    • Can view to give the selected entry read-only permission to the connection. They can use the connection but not change it.
    • Can edit to give the selected entry read-write permission to the connection. They can use and change the connection and who has access to it.
    • Remove access to remove all access to this sharing entry. They will no longer have access to the connection and be removed from the Who has access list.

  3. Either select Create for creating a connection or Save for editing an existing connection, and then save your changes.

    Individual users may also have access through group membership if you share the connection with a group to which that user belongs. If you give Can edit permission to the group, and a user is a group member, that user has Can edit permission.

Stop all sharing

If you need to stop all sharing through a connection, you can make it private only to you if you're the owner of this connection.

In the Who has access list

  1. Set Anyone in your environment to No access.

  2. Set all other entries in the list to Remove access, which removes them from the Who has access list.

  3. Either select Create for creating a connection or Save for editing an existing connection, and then save your changes.

    Now, only you (and admins) can use the connection.

Alternatively, you can delete the connection, in which case no one can access the connection because it would no longer exist.

Delete a connection

To delete a connection if you have edit permissions, > Delete in the table of connections.

Frequently Asked Questions (FAQ)

Why is the ID shown instead of the name of the owner?

If the ID is shown instead of the owner's name, the owner does not exist in the environment. Possible reasons:

  • The owner of the connection was not invited to the Dynatrace environment
  • The connection is shared with a user that does not exist on this Dynatrace environment
  • The user has been removed from the Dynatrace environment (for example, the user has left the company)

Why can't I search for names on the "Share access" tab?

If the logged-in user is not invited to this Dynatrace environment, it is not possible to look up users and therefore it is not possible to share the connection.

The following message will be displayed: "Environment does not exist or the calling user is not assigned to it: You cannot share access to connections until you are assigned to this environment. Please contact an admin to invite you to this environment."

It is still possible to change the existing settings of this connection and share it with everyone in the environment.

Why is the secret or token reset when a connection field changes?

For security reasons, the secret or token needs to be re-entered as soon as any related field is changed.

Can I change the owner of an existing connection?

No, it is not yet possible to change the owner of an existing connection. If you have edit permissions, however, you can add users, groups, service users, or permissions for the whole tenant to a connection, independently of who the owner is.

I had connections that were created before the introduction of access control for Connectors management. Who has access to these connections?

  • Connections created before the introduction of access control for connectors are still shared with the whole environment (view and edit permissions) and continue to work as before.
  • Connections created after introducing access control for Connectors are private to the owner by default.

To change the sharing options of a connection, select ShareIcon: Share or EditIcon: Edit in the actions menu and choose the environment, groups, or individuals with whom you want to share the connection.