Manage IAM policies
Use these procedures in the Dynatrace web UI to manage Dynatrace IAM policies.
List IAM policies
To list configured IAM policies
To let you use policies right away, Dynatrace IAM is shipped with built-in global policies.
- On the Policies page, in the Source column, they're all set to
They're predefined and managed by Dynatrace
- You can apply a built-in policy by assigning it to a group for the whole account or to any environment.
- You can inspect them—select View policy in the Actions column—but you can't edit them
Create a policy
To create a policy
A schemaId condition defines which part of the settings a user can have access to in the settings UI.
Example schemaId condition in policy statement:
1ALLOW settings:schemas:read, settings:objects:write WHERE settings:schemaId = "builtin:container.monitoring-rule";
Currently, only Dynatrace Settings 2.0 service is supported. We plan to add more services.
Available services include:
|Service name||Service description|
Dynatrace Settings 2.0 service.
Edit a policy
To edit an existing policy
Delete a policy
To delete a policy
Copy a policy
To copy an existing policy
Apply a policy to a group
To apply a policy to a group, you need to bind the policy to the group. For details on managing group permissions with IAM, see Manage group permissions with IAM policies.