Policy global attributes

For some global conditions, the policy framework provides attributes that can be used in policy syntax. These attributes don’t require any additional configuration in the form of defining binding parameters.

List of available global attributes:

Global attribute

Description

${global:userId}

User's UUID

${global:userGroup}

List of UUIDs of groups user is assigned to

Example

This policy grants permission to all users if they have the necessary role assigned within the scope of the given account. This enables creating a single policy on the Dynatrace internal level instead of creating a dedicated policy for each account where the account ID is explicitly specified.

ALLOW storage:logs:read WHERE storage:security_context = "${global:userId}";
ALLOW storage:logs:read WHERE storage:security_context IN ("${global:userGroup}");