Dynatrace Monaco CLI version 2.24.0+
This guide shows you how to create a platform token for use with Dynatrace Configuration as Code via Monaco.
A platform token for the Dynatrace Monaco CLI typically needs the scopes outlined in the table that follows.
| Purpose | Scopes |
|---|---|
| Access platform metadata like Classic URLs and version information | app-engine:apps:run |
| Manage Settings 2.0 objects and its all-users permission | settings:objects:read, settings:objects:write |
| View Settings 2.0 schemas | settings:schemas:read |
| Manage automation workflows | automation:workflows:read, automation:workflows:write, automation:calendars:read, automation:calendars:write, automation:rules:read, automation:rules:write |
| Access all Automation Workflows1 | automation:workflows:admin |
| Manage Grail buckets | storage:bucket-definitions:read, storage:bucket-definitions:write, storage:bucket-definitions:delete |
| Manage documents | document:documents:read, document:documents:write, document:documents:delete, document:trash.documents:delete |
| Manage segments | storage:filter-segments:read, storage:filter-segments:write, storage:filter-segments:delete, storage:filter-segments:admin |
| Manage Service-Level Objectives (SLOs) | slo:slos:read, slo:slos:write |
To use the automation:workflows:admin scope, you need to create a custom policy granting that scope, bind a group to it, and assign your user to that group in Account Management before creating the OAuth client. For detailed information on managing policies, see Manage IAM policies.