Policy management API - POST a policy
Creates a new access policy. You can't create a global-level policy, as these are managed by Dynatrace.
The request consumes and produces an application/json payload.
POST |
|
Authentication
To execute this request, you need the Allow IAM policy configuration for environments (iam-policies-management) permission assigned to your token. To learn how to obtain and use it, see Authentication.
Parameters
| Parameter | Type | Description | In | Required |
|---|---|---|---|---|
| levelType | string | The type of the policy level. The following values are available:
Each level inherits policies of a higher level and extends it with its own policies. | path | required |
| levelId | string | The ID of the policy level. Use one of the following values, depending on the level type:
| path | required |
| body | CreateOrUpdateLevelPolicyRequestDto | The JSON body of the request. Contains the configuration of a new policy. | body | required |
Request body objects
The CreateOrUpdateLevelPolicyRequestDto object
| Element | Type | Description | Required |
|---|---|---|---|
| name | string | The display name of the policy. | required |
| description | string | A short description of the policy. | required |
| tags | string[] | A list of tags. | required |
| statementQuery | string | The statement of the policy. | required |
Request body JSON model
This is a model of the request body, showing the possible elements. It has to be adjusted for usage in an actual request.
1{2 "name": "string",3 "description": "string",4 "tags": [5 "string"6 ],7 "statementQuery": "string"8}
Response
Response codes
| Code | Type | Description |
|---|---|---|
| 201 | LevelPolicyDto | Success. The policy has been created. The response contains the configuration of the policy. |
| 400 | ErrorDto | Failed. The request is invalid |
| 404 | ErrorDto | Failed. The specified resource is not found. |
| 422 | ErrorDto | The specified response not found |
Response body objects
The LevelPolicyDto object
| Element | Type | Description |
|---|---|---|
| uuid | string | The ID of the policy. |
| name | string | The display name of the policy. |
| tags | string[] | A list of tags. |
| description | string | A short description of the policy. |
| statementQuery | string | The statement of the policy. |
| statements | Statement[] | The expanded form of the policy statement. |
The Statement object
| Element | Type | Description |
|---|---|---|
| effect | string | The effect of the policy (for example, allow something). |
| service | string | The service to which the policy applies. |
| permissions | string[] | A list of granted permissions. |
| conditions | Condition[] | A list of conditions limiting the granted permissions. |
The Condition object
| Element | Type | Description |
|---|---|---|
| name | string | The name of the condition. It indicates which part of the services is checked by the condition. |
| operator | string | The operator of the condition. |
| values | string[] | A list of reference values of the condition. |
Response body JSON model
1{2 "uuid": "string",3 "name": "string",4 "tags": [5 "string"6 ],7 "description": "string",8 "statementQuery": "string",9 "statements": [10 {11 "effect": "string",12 "service": "string",13 "permissions": [14 "string"15 ],16 "conditions": [17 {18 "name": "string",19 "operator": "string",20 "values": [21 "string"22 ]23 }24 ]25 }26 ]27}
Validate payload
We recommend that you validate the payload before submitting it with an actual request. A response code of 200 indicates a valid payload.
The request consumes an application/json payload.
POST |
|
Authentication
To execute this request, you need the Allow IAM policy configuration for environments (iam-policies-management) permission assigned to your token. To learn how to obtain and use it, see Authentication.
Parameters
| Parameter | Type | Description | In | Required |
|---|---|---|---|---|
| levelType | string | The type of the policy level. The following values are available:
Each level inherits policies of a higher level and extends it with its own policies. | path | required |
| levelId | string | The ID of the policy level. Use one of the following values, depending on the level type:
| path | required |
| body | CreateOrUpdateLevelPolicyRequestDto | The JSON body of the request. Contains the configuration of a policy to be validated. | body | required |
Request body objects
The CreateOrUpdateLevelPolicyRequestDto object
| Element | Type | Description | Required |
|---|---|---|---|
| name | string | The display name of the policy. | required |
| description | string | A short description of the policy. | required |
| tags | string[] | A list of tags. | required |
| statementQuery | string | The statement of the policy. | required |
Request body JSON model
This is a model of the request body, showing the possible elements. It has to be adjusted for usage in an actual request.
1{2 "name": "string",3 "description": "string",4 "tags": [5 "string"6 ],7 "statementQuery": "string"8}
Example
In this example, the request creates an environment-level policy for the mySampleEnv environment that allows usage of the anomaly detection for services (builtin:anomaly-detection.services) schema from the Settings 2.0 framework.
Curl
1curl --request POST \2 --url https://api.dynatrace.com/iam/v1/repo/environment/mySampleEnv/policies/ \3 --header 'Authorization: Bearer abcdefjhij1234567890' \4 --header 'Content-Type: application/json' \5 --data '{6 "name": "apiExample",7 "description": "Example of an API request",8 "tags": [],9 "statementQuery": "ALLOW settings:schemas:read, settings:objects:write WHERE settings:schemaId = \"builtin:anomaly-detection.services\";"10}'
Request URL
1https://api.dynatrace.com/iam/v1/repo/environment/mySampleEnv/policies/
Request body
1{2 "name": "apiExample",3 "description": "Example of an API request",4 "tags": [],5 "statementQuery": "ALLOW settings:schemas:read, settings:objects:write WHERE settings:schemaId = \"builtin:anomaly-detection.services\";"6}
Response body
1{2 "uuid": "0c621587-f978-4c7b-89ee-d2045f611b03",3 "name": "apiExample",4 "description": "Example of an API request",5 "tags": [],6 "statementQuery": "ALLOW settings:schemas:read, settings:objects:write WHERE settings:schemaId = \"builtin:anomaly-detection.services\";",7 "statements": [8 {9 "effect": "ALLOW",10 "permissions": [11 "settings:schemas:read",12 "settings:objects:write"13 ],14 "conditions": [15 {16 "name": "settings:schemaId",17 "operator": "EQ",18 "values": [19 "builtin:anomaly-detection.services"20 ]21 }22 ]23 }24 ]25}
Response code
201