Site Reliability Guardian Role Permissions

Latest Dynatrace

To control permissions to work with the Site Reliability Guardian, you can define policies for different roles assigned to user groups.

Define policies

Create the three default policies with the viewer, validator, or admin permissions to group your Site Reliability Guardian users based on their roles.

REQUIRED
app-engine:apps:run,
app-settings:objects:read,
storage:bizevents:read,
storage:buckets:read,
storage:events:read,
storage:metrics:read;

RECOMMENDED
automation:workflows:read,
iam:users:read;

A validator is a role that executes the guardians.

REQUIRED
app-engine:apps:run,
app-engine:functions:run,
app-settings:objects:read,
automation:workflows:read,
automation:workflows:run,
environment-api:metrics:read,
environment-api:slo:read,
state:app-states:read,
state:user-app-states:read,
storage:bizevents:read,
storage:buckets:read,
storage:entities:read,
storage:events:read,
storage:events:write,
storage:logs:read,
storage:metrics:read,
storage:spans:read,
storage:system:read;

RECOMMENDED
automation:workflows:write,
davis:analyzers:execute,
iam:users:read,
state:app-states:write,
state:user-app-states:write;

An admin is a role that creates or maintains the guardians.

REQUIRED
app-engine:apps:run,
app-engine:functions:run,
app-settings:objects:read,
app-settings:objects:write,
environment-api:metrics:read,
environment-api:slo:read,
state:app-states:read,
state:app-states:write,
state:app-states:delete,
state:user-app-states:read,
state:user-app-states:write,
storage:bizevents:read,
storage:buckets:read,
storage:entities:read,
storage:events:read,
storage:events:write,
storage:logs:read,
storage:metrics:read,
storage:spans:read,
storage:system:read;

RECOMMENDED
automation:workflows:read,
automation:workflows:run,
automation:workflows:write,
davis:analyzers:execute,
iam:users:read;

For more information, see Add or remove group policies.

Workflows

In Workflows, the actor or owner of a workflow must have at least Validator permissions. For details, see AutomationEngine authorization settings.

View role permissions

The Dynatrace Hub entry for the Site Reliability Guardian lists the required permissions.

To view the available permissions

In Dynatrace Hub, select Site Reliability Guardian.
Go to the Technical Information tab.
Check the User Permissions section for a list of all the permissions you need to include in the policies bound to user groups that are allowed to use Site Reliability Guardian.

For more information, see Working with policies and Run and monitor workflows created in Dynatrace Workflows.