Policy management API - GET a policy

Gets parameters of an access policy.

The request produces an application/json payload.

GET

https://api.dynatrace.com/iam/v1/repo/{levelType}/{levelId}/policies/{policyUuid}

Authentication

To execute this request, you need the Allow IAM policy configuration for environments (iam-policies-management) permission assigned to your token. To learn how to obtain and use it, see OAuth clients.

Parameters

Parameter
Type
Description
In
Required
policyUuid
-

The ID of the required policy.

path
required
levelId
-

The ID of the policy level. Use one of the following values, depending on the level type:

  • global: use the global value.
  • account: use the UUID of the account.
  • environment: use the ID of the environment.
path
required
levelType
-

The type of the policy level. The following values are available:

  • global: A global policy applies to all accounts and environments. It is defined and managed by Dynatrace.
  • account: An account policy applies to all environments of an account.
  • environment: An environment policy applies to a specific environment.

Each level inherits the policies of the higher level and extends them with its own policies.

path
required

Response

Response codes

Code
Type
Description
200

Success. The response contains the configuration of the policy.

404

Failed. The specified resource is not found.

Response body objects

The LevelPolicyDto object

Element
Type
Description
uuid
string

The ID of the policy.

name
string

The display name of the policy.

tags
string[]

A list of tags.

description
string

A short description of the policy.

statementQuery
string

The statement of the policy.

statements

The expanded form of the policy statement.

The Statement object

Element
Type
Description
effect
string

The effect of the policy (for example, allow something).

service
string

The service to which the policy applies.

permissions
string[]

A list of granted permissions.

conditions

A list of conditions limiting the granted permissions.

The Condition object

Element
Type
Description
name
string

The name of the condition.

It indicates which part of the services is checked by the condition.

operator
string

The operator of the condition.

values
string[]

A list of reference values of the condition.

Response body JSON model

{
  "uuid": "string",
  "name": "string",
  "tags": [
    "string"
  ],
  "description": "string",
  "statementQuery": "string",
  "statements": [
    {
      "effect": "string",
      "service": "string",
      "permissions": [
        "string"
      ],
      "conditions": [
        {
          "name": "string",
          "operator": "string",
          "values": [
            "string"
          ]
        }
      ]
    }
  ]
}

Example

In this example, the request lists parameters of the Settings Writer global policy (UUID is d10eb8e0-875a-40c8-821c-6214c23ac0b3).

Curl

curl --request GET \
  --url 'https://api.dynatrace.com/iam/v1/repo/global/global/policies/d10eb8e0-875a-40c8-821c-6214c23ac0b3' \
  --header 'Authorization: Bearer abcdefjhij1234567890'

Request URL

https://api.dynatrace.com/iam/v1/repo/global/global/policies/d10eb8e0-875a-40c8-821c-6214c23ac0b3

Response body

{
  "uuid": "d10eb8e0-875a-40c8-821c-6214c23ac0b3",
  "name": "Settings Writer",
  "description": "Settings Writer Policy",
  "tags": [],
  "statementQuery": "ALLOW settings:objects:read, settings:objects:write, settings:schemas:read;",
  "statements": [
    {
      "effect": "ALLOW",
      "permissions": [
        "settings:objects:read",
        "settings:objects:write",
        "settings:schemas:read"
      ],
      "conditions": null
    }
  ]
}

Response code

200