Permission management API - PUT permissions

Sets permissions for a user group in your Dynatrace account. Existing permissions are overwritten.

The request consumes an application/json payload.

PUT

https://api.dynatrace.com/iam/v1/accounts/{accountUuid}/groups/{groupUuid}/permissions

Authentication

To execute this request, you need the Allow write access for identity resources (users and groups) (account-idm-write) scope assigned to your token. To learn how to obtain and use it, see OAuth clients.

Parameters

Parameter
Type
Description
In
Required
accountUuid
string

The ID of the required account.

You can find the UUID on the Account Management > Identity & access management > OAuth clients page, during creation of an OAuth client.

path
required
groupUuid
string

The UUID of the required user group.

path
required
body

The body of the request. Contains a list of permissions to be assigned to the group.

Existing permissions are overwritten.

body
required

Request body objects

The RequestBody object

The PermissionsDto object

Element
Type
Description
Required
permissionName
string

The name of the permission.

  • account-company-info
  • account-user-management
  • account-viewer
  • account-saml-flexible-federation
  • tenant-viewer
  • tenant-manage-settings
  • tenant-agent-install
  • tenant-logviewer
  • tenant-view-sensitive-request-data
  • tenant-configure-request-capture-data
  • tenant-replay-sessions-with-masking
  • tenant-replay-sessions-without-masking
  • tenant-manage-security-problems
  • tenant-view-security-problems
  • tenant-manage-support-tickets
required
scope
string

The scope of the permission. Depending on the scope type, it is defined by:

  • account: The UUID of the account.
  • tenant: The ID of the environment.
  • management-zone: The ID of the management zone from an environment in {environment-id}:{management-zone-id} format.
required
scopeType
string

The type of the permission scope.

  • account
  • tenant
  • management-zone
required
createdAt
string

The date and time of the permission creation in 2021-05-01T15:11:00Z format.

optional
updatedAt
string

The date and time of the most recent permission modification in 2021-05-01T15:11:00Z format.

optional

Request body JSON model

This is a model of the request body, showing the possible elements. It has to be adjusted for usage in an actual request.

[
  {
    "permissionName": "account-company-info",
    "scope": "string",
    "scopeType": "account",
    "createdAt": "string",
    "updatedAt": "string"
  }
]

Response

Response codes

Code
Description
200

Success. User group's permissions have been set. Response doesn't have a body.

Example

In this example, the request sets the following permissions for the user group with the ID of 7a1d224d-0ebc-4318-ab1e-64b217b7c156:

  • tenant-viewer (View environment)
  • tenant-replay-sessions-with-masking (Replay session data with masking)

The response code of 200 indicates that the modification was successful.

Curl

curl --request PUT \
  --url 'https://api.dynatrace.com/iam/v1/accounts/9ad20784-76c6-4167-bfba-9b0d8d72a71d/groups/7a1d224d-0ebc-4318-ab1e-64b217b7c156/permissions' \
  --header 'Authorization: Bearer abcdefjhij1234567890' \
  --header 'Content-Type: application/json' \
  --data '[
    {
      "permissionName": "tenant-viewer",
      "scope": "lde68092",
      "scopeType": "tenant"
    },
    {
      "permissionName": "tenant-replay-sessions-with-masking",
      "scope": "lde68092",
      "scopeType": "tenant"
    }
  ]'

Request URL

https://api.dynatrace.com/iam/v1/accounts/9ad20784-76c6-4167-bfba-9b0d8d72a71d/groups/7a1d224d-0ebc-4318-ab1e-64b217b7c156/permissions

Request body

[
  {
    "permissionName": "tenant-viewer",
    "scope": "lde68092",
    "scopeType": "tenant"
  },
  {
    "permissionName": "tenant-replay-sessions-with-masking",
    "scope": "lde68092",
    "scopeType": "tenant"
  }
]

Response code

200