Permission management API - DELETE permissions

Removes permissions from a user group in your Dynatrace account.

DELETE

https://api.dynatrace.com/iam/v1/accounts/{accountUuid}/groups/{groupUuid}/permissions

Authentication

To execute this request, you need the Allow write access for identity resources (users and groups) (account-idm-write) scope assigned to your token. To learn how to obtain and use it, see OAuth clients.

Parameters

Parameter
Type
Description
In
Required
accountUuid
string

The ID of the required account.

You can find the UUID on the Account Management > Identity & access management > OAuth clients page, during creation of an OAuth client.

path
required
groupUuid
string

The UUID of the required user group.

path
required
scope
string

The scope of the permission to be deleted. Depending on the type of the scope, specify one of the following:

  • account: The UUID of the account.
  • tenant: The ID of the environment.
  • management-zone: The ID of the management zone from an environment in {environment-id}:{management-zone-id} format.
query
required
permission-name
string

The name of the permission to be deleted.

  • account-company-info
  • account-user-management
  • account-viewer
  • account-saml-flexible-federation
  • tenant-viewer
  • tenant-manage-settings
  • tenant-agent-install
  • tenant-logviewer
  • tenant-view-sensitive-request-data
  • tenant-configure-request-capture-data
  • tenant-replay-sessions-with-masking
  • tenant-replay-sessions-without-masking
  • tenant-manage-security-problems
  • tenant-view-security-problems
  • tenant-manage-support-tickets
query
required
scope-type
string

The scope type of the permission to be deleted.

  • account
  • tenant
  • management-zone
query
required

Response

Response codes

Code
Description
200

Success. The permission has been deleted from the group.

Example

In this example, the request revokes the tenant-manage-security-problems permission with scope of the mySampleEnv environment for the user group with the UUID of 7a1d224d-0ebc-4318-ab1e-64b217b7c156. The response code of 200 indicates that the modification was successful.

curl --request DELETE \
  --url 'https://api.dynatrace.com/iam/v1/accounts/9ad20784-76c6-4167-bfba-9b0d8d72a71d/groups/7a1d224d-0ebc-4318-ab1e-64b217b7c156/permissions?scope-type=tenant&scope=mySampleEnv&permission-name=tenant-manage-security-problems' \
  --header 'Authorization: Bearer abcdefjhij1234567890'

Request URL

https://api.dynatrace.com/iam/v1/accounts/9ad20784-76c6-4167-bfba-9b0d8d72a71d/groups/7a1d224d-0ebc-4318-ab1e-64b217b7c156/permissions?scope-type=tenant&scope=mySampleEnv&permission-name=tenant-manage-security-problems

Response code

200