Policy management API - POST a policy

Creates a new access policy. You can't create a global-level policy, as these are managed by Dynatrace.

The request consumes and produces an application/json payload.

POST

https://api.dynatrace.com/iam/v1/repo/{levelType}/{levelId}/policies

Authentication

To execute this request, you need the Allow IAM policy configuration for environments (iam-policies-management) permission assigned to your token. To learn how to obtain and use it, see OAuth clients.

Parameters

Parameter
Type
Description
In
Required
levelId
-

The ID of the policy level. Use one of the following values, depending on the level type:

  • account: use the UUID of the account.
  • environment: use the ID of the environment.
path
required
levelType
-

The type of the policy level. The following values are available:

  • account: An account policy applies to all environments of an account.
  • environment: An environment policy applies to a specific environment.

Each level inherits the policies of the higher level and extends them with its own policies.

path
required
body

The JSON body of the request. Contains the configuration of a new policy.

body
required

Request body objects

The CreateOrUpdateLevelPolicyRequestDto object

Element
Type
Description
Required
name
string

The display name of the policy.

required
description
string

A short description of the policy.

required
tags
string[]

A list of tags.

optional
statementQuery
string

The statement of the policy.

required
category
string

The category of the policy.

optional

Request body JSON model

This is a model of the request body, showing the possible elements. It has to be adjusted for usage in an actual request.

{
  "name": "string",
  "description": "string",
  "tags": [
    "string"
  ],
  "statementQuery": "string",
  "category": "string"
}

Response

Response codes

Code
Type
Description
201

Success. The policy has been created. The response contains the configuration of the policy.

400

Failed. The request is invalid

404

Failed. The specified resource is not found.

422

The specified response not found

Response body objects

The LevelPolicyDto object

Element
Type
Description
uuid
string

The ID of the policy.

name
string

The display name of the policy.

tags
string[]

A list of tags.

description
string

A short description of the policy.

statementQuery
string

The statement of the policy.

statements

The expanded form of the policy statement.

The Statement object

Element
Type
Description
effect
string

The effect of the policy (for example, allow something).

service
string

The service to which the policy applies.

permissions
string[]

A list of granted permissions.

conditions

A list of conditions limiting the granted permissions.

The Condition object

Element
Type
Description
name
string

The name of the condition.

It indicates which part of the services is checked by the condition.

operator
string

The operator of the condition.

values
string[]

A list of reference values of the condition.

Response body JSON model

{
  "uuid": "string",
  "name": "string",
  "tags": [
    "string"
  ],
  "description": "string",
  "statementQuery": "string",
  "statements": [
    {
      "effect": "string",
      "service": "string",
      "permissions": [
        "string"
      ],
      "conditions": [
        {
          "name": "string",
          "operator": "string",
          "values": [
            "string"
          ]
        }
      ]
    }
  ]
}

Validate payload

We recommend that you validate the payload before submitting it with an actual request. A response code of 200 indicates a valid payload.

The request consumes an application/json payload.

POST

https://api.dynatrace.com/iam/v1/repo/{levelType}/{levelId}/policies/validation

Authentication

To execute this request, you need the Allow IAM policy configuration for environments (iam-policies-management) permission assigned to your token. To learn how to obtain and use it, see OAuth clients.

Parameters

Parameter
Type
Description
In
Required
levelId
-

The ID of the policy level. Use one of the following values, depending on the level type:

  • account: use the UUID of the account.
  • environment: use the ID of the environment.
path
required
levelType
-

The type of the policy level. The following values are available:

  • account: An account policy applies to all environments of an account.
  • environment: An environment policy applies to a specific environment.

Each level inherits the policies of the higher level and extends them with its own policies.

path
required
body

The JSON body of the request. Contains the configuration of a policy to be validated.

body
required

Request body objects

The CreateOrUpdateLevelPolicyRequestDto object

Element
Type
Description
Required
name
string

The display name of the policy.

required
description
string

A short description of the policy.

required
tags
string[]

A list of tags.

optional
statementQuery
string

The statement of the policy.

required
category
string

The category of the policy.

optional

Request body JSON model

This is a model of the request body, showing the possible elements. It has to be adjusted for usage in an actual request.

{
  "name": "string",
  "description": "string",
  "tags": [
    "string"
  ],
  "statementQuery": "string",
  "category": "string"
}

Example

In this example, the request creates an environment-level policy for the mySampleEnv environment that allows usage of the anomaly detection for services (builtin:anomaly-detection.services) schema from the Settings 2.0 framework.

Curl

curl --request POST \
  --url https://api.dynatrace.com/iam/v1/repo/environment/mySampleEnv/policies/ \
  --header 'Authorization: Bearer abcdefjhij1234567890' \
  --header 'Content-Type: application/json' \
  --data '{
  "name": "apiExample",
  "description": "Example of an API request",
  "tags": [],
    "statementQuery": "ALLOW settings:schemas:read, settings:objects:write WHERE settings:schemaId = \"builtin:anomaly-detection.services\";"
}'

Request URL

https://api.dynatrace.com/iam/v1/repo/environment/mySampleEnv/policies/

Request body

{
  "name": "apiExample",
  "description": "Example of an API request",
  "tags": [],
    "statementQuery": "ALLOW settings:schemas:read, settings:objects:write WHERE settings:schemaId = \"builtin:anomaly-detection.services\";"
}

Response body

{
  "uuid": "0c621587-f978-4c7b-89ee-d2045f611b03",
  "name": "apiExample",
  "description": "Example of an API request",
  "tags": [],
  "statementQuery": "ALLOW settings:schemas:read, settings:objects:write WHERE settings:schemaId = \"builtin:anomaly-detection.services\";",
  "statements": [
    {
      "effect": "ALLOW",
      "permissions": [
        "settings:schemas:read",
        "settings:objects:write"
      ],
      "conditions": [
        {
          "name": "settings:schemaId",
          "operator": "EQ",
          "values": [
            "builtin:anomaly-detection.services"
          ]
        }
      ]
    }
  ]
}

Response code

201