Permission management API - DELETE permissions

Removes permissions from a user group in your Dynatrace account.

DELETE

https://api.dynatrace.com/iam/v1/accounts/{accountUuid}/groups/{groupUuid}/permissions

Authentication

To execute this request, you need the Allow write access for identity resources (users and groups) (account-idm-write) scope assigned to your token. To learn how to obtain and use it, see Authentication.

Parameters

ParameterTypeDescriptionInRequired
accountUuidstring

The ID of the required account.

You can find the UUID on the Account Management > Identity & access management > OAuth clients page, during creation of an OAuth client.

pathrequired
groupUuidstring

The UUID of the required user group.

pathrequired
scopestring

The scope of the permission to be deleted. Depending on the type of the scope, specify one of the following:

  • account: The UUID of the account.
  • tenant: The ID of the environment.
  • management-zone: The ID of the management zone from an environment in {environment-id}:{management-zone-id} format.
queryrequired
permission-namestring

The name of the permission to be deleted.

  • account-company-info
  • account-user-management
  • account-viewer
  • account-saml-flexible-federation
  • tenant-viewer
  • tenant-manage-settings
  • tenant-agent-install
  • tenant-logviewer
  • tenant-view-sensitive-request-data
  • tenant-configure-request-capture-data
  • tenant-replay-sessions-with-masking
  • tenant-replay-sessions-without-masking
  • tenant-manage-security-problems
  • tenant-view-security-problems
  • tenant-manage-support-tickets
queryrequired
scope-typestring

The scope type of the permission to be deleted.

  • account
  • tenant
  • management-zone
queryrequired

Response

Response codes

CodeDescription
200

Success. The permission has been deleted from the group.

Example

In this example, the request revokes the tenant-manage-security-problems permission with scope of the mySampleEnv environment for the user group with the UUID of 7a1d224d-0ebc-4318-ab1e-64b217b7c156. The response code of 200 indicates that the modification was successful.

curl --request DELETE \
--url 'https://api.dynatrace.com/iam/v1/accounts/9ad20784-76c6-4167-bfba-9b0d8d72a71d/groups/7a1d224d-0ebc-4318-ab1e-64b217b7c156/permissions?scope-type=tenant&scope=mySampleEnv&permission-name=tenant-manage-security-problems' \
--header 'Authorization: Bearer abcdefjhij1234567890'

Request URL

https://api.dynatrace.com/iam/v1/accounts/9ad20784-76c6-4167-bfba-9b0d8d72a71d/groups/7a1d224d-0ebc-4318-ab1e-64b217b7c156/permissions?scope-type=tenant&scope=mySampleEnv&permission-name=tenant-manage-security-problems

Response code

200