Permission management API - POST permissions

Assigns permissions to a user group in your Dynatrace account. Existing permissions remain unaffected.

The request consumes an application/json payload.

POST

https://api.dynatrace.com/iam/v1/accounts/{accountUuid}/groups/{groupUuid}/permissions

Authentication

To execute this request, you need the Allow write access for identity resources (users and groups) (account-idm-write) scope assigned to your token. To learn how to obtain and use it, see OAuth clients.

Parameters

Parameter
Type
Description
In
Required
accountUuid
string

The ID of the required account.

You can find the UUID on the Account Management > Identity & access management > OAuth clients page, during creation of an OAuth client.

path
required
groupUuid
string

The UUID of the required user group.

path
required
body

The body of the request. Contains a list of permissions to be assigned to the group.

Existing permissions remain unaffected.

body
required

Request body objects

The RequestBody object

The PermissionsDto object

Element
Type
Description
Required
permissionName
string

The name of the permission.

  • account-company-info
  • account-user-management
  • account-viewer
  • account-saml-flexible-federation
  • tenant-viewer
  • tenant-manage-settings
  • tenant-agent-install
  • tenant-logviewer
  • tenant-view-sensitive-request-data
  • tenant-configure-request-capture-data
  • tenant-replay-sessions-with-masking
  • tenant-replay-sessions-without-masking
  • tenant-manage-security-problems
  • tenant-view-security-problems
  • tenant-manage-support-tickets
required
scope
string

The scope of the permission. Depending on the scope type, it is defined by:

  • account: The UUID of the account.
  • tenant: The ID of the environment.
  • management-zone: The ID of the management zone from an environment in {environment-id}:{management-zone-id} format.
required
scopeType
string

The type of the permission scope.

  • account
  • tenant
  • management-zone
required
createdAt
string

The date and time of the permission creation in 2021-05-01T15:11:00Z format.

optional
updatedAt
string

The date and time of the most recent permission modification in 2021-05-01T15:11:00Z format.

optional

Request body JSON model

This is a model of the request body, showing the possible elements. It has to be adjusted for usage in an actual request.

[
  {
    "permissionName": "account-company-info",
    "scope": "string",
    "scopeType": "account",
    "createdAt": "string",
    "updatedAt": "string"
  }
]

Response

Response codes

Code
Description
201

Success. Permissions have been assigned to the user group. Response doesn't have a body.

Example

In this example, the request assigns the tenant-manage-security-problems (Manage security problems) permission to the user group with the ID of 7a1d224d-0ebc-4318-ab1e-64b217b7c156. The response code of 201 indicates that the modification was successful.

Curl

curl --request POST \
  --url 'https://api.dynatrace.com/iam/v1/accounts/9ad20784-76c6-4167-bfba-9b0d8d72a71d/groups/7a1d224d-0ebc-4318-ab1e-64b217b7c156/permissions' \
  --header 'Authorization: Bearer abcdefjhij1234567890' \
  --header 'Content-Type: application/json' \
  --data '[
  {
      "permissionName": "tenant-manage-security-problems",
      "scope": "mySampleEnv",
      "scopeType": "tenant"
    }
]'

Request URL

https://api.dynatrace.com/iam/v1/accounts/9ad20784-76c6-4167-bfba-9b0d8d72a71d/groups/7a1d224d-0ebc-4318-ab1e-64b217b7c156/permissions

Request body

[
  {
      "permissionName": "tenant-manage-security-problems",
      "scope": "mySampleEnv",
      "scopeType": "tenant"
    }
]

Response code

201