Permission management API - PUT permissions

Sets permissions for a user group in your Dynatrace account. Existing permissions are overwritten.

The request consumes an application/json payload.

PUT

https://api.dynatrace.com/iam/v1/accounts/{accountUuid}/groups/{groupUuid}/permissions

Authentication

To execute this request, you need the Allow write access for identity resources (users and groups) (account-idm-write) scope assigned to your token. To learn how to obtain and use it, see OAuth clients.

Parameters

ParameterTypeDescriptionInRequired
accountUuidstring

The ID of the required account.

You can find the UUID on the Account Management > Identity & access management > OAuth clients page, during creation of an OAuth client.

pathrequired
groupUuidstring

The UUID of the required user group.

pathrequired
bodyPermissionsDto[]

The body of the request. Contains a list of permissions to be assigned to the group.

Existing permissions are overwritten.

bodyrequired

Request body objects

The RequestBody object

The PermissionsDto object

ElementTypeDescriptionRequired
permissionNamestring

The name of the permission.

  • account-company-info
  • account-user-management
  • account-viewer
  • account-saml-flexible-federation
  • tenant-viewer
  • tenant-manage-settings
  • tenant-agent-install
  • tenant-logviewer
  • tenant-view-sensitive-request-data
  • tenant-configure-request-capture-data
  • tenant-replay-sessions-with-masking
  • tenant-replay-sessions-without-masking
  • tenant-manage-security-problems
  • tenant-view-security-problems
  • tenant-manage-support-tickets
required
scopestring

The scope of the permission. Depending on the scope type, it is defined by:

  • account: The UUID of the account.
  • tenant: The ID of the environment.
  • management-zone: The ID of the management zone from an environment in {environment-id}:{management-zone-id} format.
required
scopeTypestring

The type of the permission scope.

  • account
  • tenant
  • management-zone
required
createdAtstring

The date and time of the permission creation in 2021-05-01T15:11:00Z format.

optional
updatedAtstring

The date and time of the most recent permission modification in 2021-05-01T15:11:00Z format.

optional

Request body JSON model

This is a model of the request body, showing the possible elements. It has to be adjusted for usage in an actual request.

[
  {
    "permissionName": "account-company-info",
    "scope": "string",
    "scopeType": "account",
    "createdAt": "string",
    "updatedAt": "string"
  }
]

Response

Response codes

CodeDescription
200

Success. User group's permissions have been set. Response doesn't have a body.

Example

In this example, the request sets the following permissions for the user group with the ID of 7a1d224d-0ebc-4318-ab1e-64b217b7c156:

  • tenant-viewer (View environment)
  • tenant-replay-sessions-with-masking (Replay session data with masking)

The response code of 200 indicates that the modification was successful.

Curl

curl --request PUT \
  --url 'https://api.dynatrace.com/iam/v1/accounts/9ad20784-76c6-4167-bfba-9b0d8d72a71d/groups/7a1d224d-0ebc-4318-ab1e-64b217b7c156/permissions' \
  --header 'Authorization: Bearer abcdefjhij1234567890' \
  --header 'Content-Type: application/json' \
  --data '[
    {
      "permissionName": "tenant-viewer",
      "scope": "lde68092",
      "scopeType": "tenant"
    },
    {
      "permissionName": "tenant-replay-sessions-with-masking",
      "scope": "lde68092",
      "scopeType": "tenant"
    }
  ]'

Request URL

https://api.dynatrace.com/iam/v1/accounts/9ad20784-76c6-4167-bfba-9b0d8d72a71d/groups/7a1d224d-0ebc-4318-ab1e-64b217b7c156/permissions

Request body

[
  {
    "permissionName": "tenant-viewer",
    "scope": "lde68092",
    "scopeType": "tenant"
  },
  {
    "permissionName": "tenant-replay-sessions-with-masking",
    "scope": "lde68092",
    "scopeType": "tenant"
  }
]

Response code

200