Configuration types and access permissions
Dynatrace Configuration as Code via Monaco (the Dynatrace Monaco CLI) supports the following configuration types:
- All Settings 2.0
- Most Configuration APIs
- Dynatrace Platform Automation API
For details on how to define configuration types, see Configuration.
Settings 2.0
This type of configuration is available on the latest Dynatrace Platform and previous Dynatrace environments.
Settings 2.0 requires an API access token or OAuth credentials.
The Dynatrace Monaco CLI provides general support for any Settings 2.0 schema available in your environment.
-
For details on Settings 2.0 schemas, see Settings 2.0 - Available schemas.
-
To configure Settings 2.0 settings, your access token requires the following permissions:
- Read settings (
settings.read
) - Write settings (
settings.write
)
- Read settings (
-
Dynatrace Platform App settings require OAuth credentials. See our OAuth client guide for configuring them.
For Settings 2.0, the required permissions are:
- View settings objects for schema (
settings:objects:read
) - Create settings objects for schema (
settings:objects:write
) - View settings schemas (
settings:schemas:read
)
- View settings objects for schema (
App settings may require more permissions than those listed above. Consult the App's documentation for details.
Supported configuration API types
This type of configuration is available for the latest Dynatrace Platform and previous Dynatrace environments.
Note that most configuration APIs are deprecated in favor of Settings 2.0.
Configuration requires an API access token.
The Dynatrace Monaco CLI provides support for most Configuration APIs.
-
The supported configuration types, their API endpoints, and the access token permissions required for interacting with any endpoint are listed below.
-
If there's a link in the Configuration type column, be sure to follow it for important additional information about that configuration type.
Single Configuration Endpoint
Single Configuration Endpoint
Single Configuration Endpoint
/api/config/v1/applicationDetectionRules/hostDetection
Special Name requirements
Special Name requirements
Cannot be downloaded
Single Configuration Endpoint
/api/config/v1/extensions/dynatrace.python.elasticsearch/global
/api/config/v1/service/failureDetection/parameterSelection/parameterSets
/api/config/v1/service/failureDetection/parameterSelection/rules
Single Configuration Endpoint
/api/config/v1/hosts/autoupdate
Scoped Configuration
/api/config/v1/applications/mobile/{APPLICATION_ID}/keyUserActions
Scoped Configuration
/api/config/v1/applications/web/{APPLICATION_ID}/keyUserActions
Dynatrace Monaco CLI version 2.10.0+
/api/config/v1/service/detectionRules/FULL_WEB_REQUEST
/api/config/v1/service/detectionRules/FULL_WEB_SERVICE
/api/config/v1/service/detectionRules/OPAQUE_AND_EXTERNAL_WEB_REQUEST
/api/config/v1/service/detectionRules/OPAQUE_AND_EXTERNAL_WEB_SERVICE
Scoped Configuration
"/api/config/v1/applications/mobile/{APPLICATION_ID}/userActionAndSessionProperties"
For more information about each token permission, see Dynatrace API - Tokens and authentication.
Supported platform API types
The Dynatrace Monaco CLI provides support for the following Dynatrace platform API types.
To target platform APIs, you need to provide OAuth credentials.
automation:calendars:read
, automation:calendars:write
automation:rules:read
, automation:rules:write
automation:workflows:read
, automation:workflows:write
storage:bucket-definitions:read
, storage:bucket-definitions:write
, storage:bucket-definitions:delete
document:documents:write
, document:documents:read
, document:documents:delete
, document:trash.documents:delete
openpipeline:configurations:read
, openpipeline:configurations:write
Account management permissions
To manage account resources, you need to provide OAuth credentials with the following permissions:
account-idm-readaccount-idm-writeaccount-env-readaccount-env-writeiam-policies-managementiam:policies:writeiam:policies:readiam:bindings:writeiam:bindings:read