Manage IAM policies
Use these procedures in the Dynatrace web UI to manage Dynatrace IAM policies.
To instead use the API to manage IAM policies, go to:
- Dynatrace SaaS: Dynatrace Account Management API 1.0
- Dynatrace Managed: IAM API is available as part of Cluster API v2
List IAM policies
To list configured IAM policies
Built-in policies
To let you use policies right away, Dynatrace IAM is shipped with built-in global policies.
- On the Policies page, in the Source column, they're all set to
Dynatrace They're predefined and managed by Dynatrace
- You can apply a built-in policy by assigning it to a group for the whole account or to any environment.
- You can inspect them—select View policy in the Actions column—but you can't edit them
Create a policy
To create a policy
SchemaId condition
A schemaId condition defines which part of the settings a user can have access to in the settings UI.
Example schemaId condition in policy statement:
1ALLOW settings:schemas:read, settings:objects:write WHERE settings:schemaId = "builtin:container.monitoring-rule";
Services
Currently, only Dynatrace Settings 2.0 service is supported. We plan to add more services.
Available services include:
| Service name | Service description |
|---|---|
| Dynatrace Settings 2.0 service. |
Edit a policy
To edit an existing policy
Delete a policy
To delete a policy
Copy a policy
To copy an existing policy
Apply a policy to a group
To apply a policy to a group, you need to bind the policy to the group. For details on managing group permissions with IAM, see Manage group permissions with IAM policies.