Configuration types and access permissions

Latest Dynatrace
Reference
7-min read

Dynatrace Configuration as Code via Monaco (the Dynatrace Monaco CLI) supports the following configuration types:

For details on how to define configuration types, see Configuration.

Settings 2.0

This type of configuration is available on the latest Dynatrace platform and previous Dynatrace environments.

Settings 2.0 requires an access token, OAuth credentials or platform token.

The Dynatrace Monaco CLI provides general support for any Settings 2.0 schema available in your environment.

For details on Settings 2.0 schemas, see Settings 2.0 - Available schemas.
To configure Settings 2.0 settings, your access token requires the following permissions:
- Read settings (settings.read)
- Write settings (settings.write)

Dynatrace platform app settings require OAuth credentials or a platform token. For configuration details, see Create an OAuth client for the Dynatrace Monaco CLI or Create a platform token for the Dynatrace Monaco CLI.

For Settings 2.0, the required permissions are:
- View settings objects for schema (settings:objects:read)
- Create settings objects for schema (settings:objects:write)
- View settings schemas (settings:schemas:read)

App settings may require more permissions than those listed above. Consult the App's documentation for details.

Settings 2.0 permissions

This type of configuration is only available on the latest Dynatrace platform environment and on schemas that support owner based access control.

Settings 2.0 permissions require OAuth credentials or a platform token. Access tokens can't be used.

The Dynatrace Monaco CLI only provides support for updating the all-users permissions.

For Settings 2.0 permissions, the required permissions are:

View settings objects and its permissions (settings:objects:read)
Create settings objects and permissions (settings:objects:write)
View settings schemas (settings:schemas:read)

Supported configuration API types

This type of configuration is available for the latest Dynatrace platform and previous Dynatrace environments.

Note that most configuration APIs are deprecated in favor of Settings 2.0.

Configuration requires an access token.

The Dynatrace Monaco CLI provides support for most Configuration APIs.

The supported configuration types, their API endpoints, and the access token permissions required for interacting with any endpoint are listed below.
If there's a link in the Configuration type column, be sure to follow it for important additional information about that configuration type.

Configuration type	Endpoint	Access token permissions
alerting-profile Non-Unique Name Configuration	Alerting profiles API - POST a profile `/api/config/v1/alertingProfiles`	Read Configuration and Write Configuration
allowed-beacon-origins Single Configuration Endpoint	Allowed beacon domains API - PUT configuration `/api/config/v1/allowedBeaconOriginsForCors`	Read Configuration and Write Configuration
anomaly-detection-applications Single Configuration Endpoint	Application anomaly detection API - PUT configuration `/api/config/v1/anomalyDetection/applications`	Read Configuration and Write Configuration
anomaly-detection-aws Single Configuration Endpoint	AWS anomaly detection API - PUT configuration `/api/config/v1/anomalyDetection/aws`	Read Configuration and Write Configuration
anomaly-detection-database-services Single Configuration Endpoint	Database anomaly detection API - PUT configuration `/api/config/v1/anomalyDetection/databaseServices`	Read Configuration and Write Configuration
anomaly-detection-disks	Disk events anomaly detection API - POST an event `/api/config/v1/anomalyDetection/diskEvents`	Read Configuration and Write Configuration
anomaly-detection-hosts Single Configuration Endpoint	Host anomaly detection API - PUT configuration `/api/config/v1/anomalyDetection/hosts`	Read Configuration and Write Configuration
anomaly-detection-metrics Non-Unique Name Configuration	Metric events anomaly detection API - POST an event `/api/config/v1/anomalyDetection/metricEvents`	Read Configuration and Write Configuration
anomaly-detection-services Single Configuration Endpoint	Services anomaly detection API - PUT configuration `/api/config/v1/anomalyDetection/services`	Read Configuration and Write Configuration
anomaly-detection-vmware Single Configuration Endpoint	VMware anomaly detection API - PUT configuration `/api/config/v1/anomalyDetection/applications`	Read Configuration and Write Configuration
app-detection-rule Non-Unique Name Configuration	Applications detection rules API - POST a rule `/api/config/v1/applicationDetectionRules`	Read Configuration and Write Configuration
app-detection-rule-host Single Configuration Endpoint	Applications detection rules API - PUT host detection headers `/api/config/v1/applicationDetectionRules/hostDetection`	Read Configuration and Write Configuration
application-web Non-Unique Name Configuration	Web application configuration API - POST a web application `/api/config/v1/applications/web`	Read Configuration and Write Configuration
application-mobile	Mobile and custom app API - POST an app `/api/config/v1/applications/mobile`	Read Configuration and Write Configuration
auto-tag	Automatically applied tags API - POST an auto-tag `/api/config/v1/autoTags`	Read Configuration and Write Configuration
aws-credentials Cannot be downloaded	AWS credentials API - POST new credentials `/api/config/v1/aws/credentials`	Read Configuration and Write Configuration
azure-credentials Cannot be downloaded	Azure credentials API - POST new credentials `/api/config/v1/azure/credentials`	Read Configuration and Write Configuration
calculated-metrics-application-mobile Special Name requirements	Mobile app metrics API - POST a metric `/api/config/v1/calculatedMetrics/mobile`	Read Configuration and Write Configuration
calculated-metrics-application-web Special Name requirements	Mobile app metrics API - POST a metric `/api/config/v1/calculatedMetrics/rum`	Read Configuration and Write Configuration
calculated-metrics-log Special Name requirements	Log Monitoring metrics API - PUT a metric `/api/config/v1/calculatedMetrics/log`	Read Configuration and Write Configuration
calculated-metrics-service Special Name requirements	Service metrics API - POST a metric `/api/config/v1/calculatedMetrics/service`	Read Configuration and Write Configuration
calculated-metrics-synthetic Special Name requirements	Synthetic metrics API - POST a metric `/api/config/v1/calculatedMetrics/synthetic`	Read Configuration and Write Configuration
conditional-naming-host	Conditional naming API - POST a new naming rule `/api/config/v1/conditionalNaming/host`	Read Configuration and Write Configuration
conditional-naming-processgroup	Conditional naming API - POST a new naming rule `/api/config/v1/conditionalNaming/processGroup`	Read Configuration and Write Configuration
conditional-naming-service	Conditional naming API - POST a new naming rule `/api/config/v1/conditionalNaming/service`	Read Configuration and Write Configuration
content-resources Single Configuration Endpoint	Content resources API - PUT configuration `/api/config/v1/contentResources`	Read Configuration and Write Configuration
credential-vault Cannot be downloaded	Credential vault API - POST a set of credentials `/api/config/v1/credentials`	Read credential vault entries and Write credential vault entries
custom-service-java	Custom services API - POST a custom service rule `/api/config/v1/service/customServices/java`	Read Configuration and Write Configuration
custom-service-dotnet	Custom services API - POST a custom service rule `/api/config/v1/service/customServices/dotnet`	Read Configuration and Write Configuration
custom-service-go	Custom services API - POST a custom service rule `/api/config/v1/service/customServices/go`	Read Configuration and Write Configuration
custom-service-nodejs	Custom services API - POST a custom service rule `/api/config/v1/service/customServices/nodejs`	Read Configuration and Write Configuration
custom-service-php	Custom services API - POST a custom service rule `/api/config/v1/service/customServices/php`	Read Configuration and Write Configuration
dashboard Non-Unique Name Configuration	Dashboards Classic API - POST a dashboard `/api/config/v1/dashboards`	Read Configuration and Write Configuration
dashboard-share-settings Single Configuration Endpoint Scoped Configuration	Dashboards Classic API - GET sharing configuration `/api/config/v1/dashboards/{SCOPE}/shareSettings`	Read Configuration and Write Configuration
data-privacy Single Configuration Endpoint	Data privacy API - PUT configuration `/api/config/v1/dataPrivacy`	Read Configuration, DataPrivacy
extension Cannot be downloaded	Extensions API - POST an extension .zip file `/api/config/v1/extensions`	Read Configuration and Write Configuration
extension-elasticsearch Single Configuration Endpoint	Extensions API - POST an extension .zip file `/api/config/v1/extensions/dynatrace.python.elasticsearch/global`	Read Configuration and Write Configuration
failure-detection-parametersets	Failure detection API - POST a parameter set `/api/config/v1/service/failureDetection/parameterSelection/parameterSets`	Read Configuration and Write Configuration
failure-detection-rules	Failure detection API - POST a detection rule `/api/config/v1/service/failureDetection/parameterSelection/rules`	Read Configuration and Write Configuration
frequent-issue-detection Single Configuration Endpoint	Frequent issue detection API - PUT configuration `/api/config/v1/frequentIssueDetection`	Read Configuration and Write Configuration
geo-ip-address-mappings Single Configuration Endpoint	IP address mapping rules - PUT configuration `/api/config/v1/geographicRegions/ipAddressMappings`	Read Configuration and Write Configuration
geo-ip-detection-headers Single Configuration Endpoint	IP mapping header rules - PUT configuration `/api/config/v1/geographicRegions/ipDetectionHeaders`	Read Configuration and Write Configuration
hosts-auto-update Single Configuration Endpoint	OneAgent environment-wide configuration API - PUT auto-update configuration `/api/config/v1/hosts/autoupdate`	Read Configuration and Write Configuration
key-user-actions-mobile Scoped Configuration	Mobile and custom app API - GET key user actions `/api/config/v1/applications/mobile/{APPLICATION_ID}/keyUserActions`	Read Configuration and Write Configuration
key-user-actions-web Scoped Configuration	Web application configuration API - GET key user actions `/api/config/v1/applications/web/{APPLICATION_ID}/keyUserActions`	Read Configuration and Write Configuration
kubernetes-credentials Cannot be downloaded	Kubernetes credentials API - POST new credentials `/api/config/v1/kubernetes/credentials`	Read Configuration and Write Configuration
maintenance-window	Maintenance windows API - POST a maintenance window `/api/config/v1/maintenanceWindows`	Read Configuration and Write Configuration
management-zone	Management zones API - POST a management zone `/api/config/v1/managementZones`	Read Configuration and Write Configuration
network-zone Dynatrace Monaco CLI version 2.10.0+	Network zones API `/api/v2/networkZones`	Read network zones and Write network zones
notification	Notifications API - POST a notification configuration `/api/config/v1/notifications`	Read Configuration and Write Configuration
reports	Reports API - POST a report `/api/config/v1/reports`	Read Configuration and Write Configuration
request-attributes	Request attributes API - POST a request attribute `/api/config/v1/service/requestAttributes`	Read Configuration and Capture request data
request-naming-service Non-Unique Name Configuration	Request naming API - POST a new request naming rule `/api/config/v1/service/requestNaming`	Read Configuration and Write Configuration
slo	Service-level objectives API - POST an SLO `/api/v2/slo`	Read SLO and Write SLO
service-detection-full-web-request	Service detection API - POST a full web request rule `/api/config/v1/service/detectionRules/FULL_WEB_REQUEST`	Read Configuration and Write Configuration
service-detection-full-web-service	Service detection API - POST a full web service rule `/api/config/v1/service/detectionRules/FULL_WEB_SERVICE`	Read Configuration and Write Configuration
service-detection-opaque-web-request	Service detection API - POST an opaque web request rule `/api/config/v1/service/detectionRules/OPAQUE_AND_EXTERNAL_WEB_REQUEST`	Read Configuration and Write Configuration
service-detection-opaque-web-service	Service detection API - POST an opaque web service rule `/api/config/v1/service/detectionRules/OPAQUE_AND_EXTERNAL_WEB_SERVICE`	Read Configuration and Write Configuration
service-resource-naming Single Configuration Endpoint	Services configuration API `/api/config/v1/service/resourceNaming`	Read Configuration and Write Configuration
synthetic-location	Synthetic locations API - POST a location `/api/v1/synthetic/locations`	Access problem and event feed, metrics, and topology and Create and read synthetic monitors, locations, and nodes
synthetic-monitor	Synthetic monitors API - POST a monitor `/api/v1/synthetic/monitors`	Create and read synthetic monitors, locations, and nodes
user-action-and-session-properties-mobile Scoped Configuration	Mobile and custom app API - GET all user session properties `"/api/config/v1/applications/mobile/{APPLICATION_ID}/userActionAndSessionProperties"`	Read Configuration and Write Configuration

For more information about each access token permission, see Dynatrace API - Tokens and authentication.

Supported platform API types

The Dynatrace Monaco CLI provides support for the following Dynatrace platform API types.

To target platform APIs, you need to provide OAuth credentials or a platform token.

Configuration type	Endpoint	Platform permissions	Dynatrace Monaco CLI version
business-calendars	/platform/automation/v1/business-calendars	`automation:calendars:read`, `automation:calendars:write`	2.6.0+
scheduling-rules	/platform/automation/v1/scheduling-rules	`automation:rules:read`, `automation:rules:write`	2.6.0+
workflows	/platform/automation/v1/workflows	`automation:workflows:read`, `automation:workflows:write`	2.6.0+
buckets	/platform/storage/management/v1/bucket-definitions	`storage:bucket-definitions:read`, `storage:bucket-definitions:write`, `storage:bucket-definitions:delete`	2.9.0+
documents	/platform/document/v1/documents	`document:documents:write`, `document:documents:read`, `document:documents:delete`, `document:trash.documents:delete`	2.15.0+
openpipelines	/platform/openpipeline/v1/configurations	`openpipeline:configurations:read`, `openpipeline:configurations:write`	2.15.0+
segment	/platform/storage/filter-segments/v1/filter-segments	`storage:filter-segments:read`, `storage:filter-segments:write`, `storage:filter-segments:delete`, `storage:filter-segments:admin`	2.19.0+
slo-v2	/platform/slo/v1/slos	`slo:slos:read`, `slo:slos:write`	2.22.0+

Account management permissions

To manage account resources, you need to provide OAuth credentials with the following permissions:

account-idm-read
account-idm-write
account-env-read
account-env-write
iam-policies-management
iam:policies:write
iam:policies:read
iam:bindings:write
iam:bindings:read