Policy global attributes
For some global conditions, the policy framework provides attributes that can be used in policy syntax. These attributes don’t require any additional configuration in the form of defining binding parameters.
List of available global attributes:
Global attribute
Description
${global:userId}
User's UUID
${global:userGroup}
List of UUIDs of groups user is assigned to
Example
This policy grants permission to all users if they have the necessary role assigned within the scope of the given account. This enables creating a single policy on the Dynatrace internal level instead of creating a dedicated policy for each account where the account ID is explicitly specified.
ALLOW storage:logs:read WHERE storage:dt.security_context = "${global:userId}";ALLOW storage:logs:read WHERE storage:dt.security_context IN ("${global:userGroup}");