Use these procedures in the Dynatrace web UI to manage Dynatrace IAM policies.
To instead use the API to manage IAM policies, go to Dynatrace Account Management API 1.0.
To list configured IAM policies
Go to Account Management > Identity & access management > Policies.
Review the table of all existing policies that you can bind to user groups.
global
, account
, or environment
To let you use policies right away, Dynatrace IAM is shipped with built-in global policies.
Dynatrace
To create a policy
Go to Account Management > Identity & access management > Policies.
Select Create policy.
Enter the following information.
Element
Description
Name
The name of the policy.
Description
A brief description of the policy.
Organization level
Each policy has a level that determines its scope:
global
: These policies are predefined and managed by Dynatrace, and they apply to all accounts and environments. They cannot be edited.
account
: These policies apply to all environments under that account (customer). Use them to set company-wide policies.
environment
: These policies apply only to a single customer environment.
Organization levels are restricted in the UI to the account
level (other levels are still available via API).
Restriction in UI was provided to avoid confusion between creating and binding.
Commonly creating multiple identical policies on the environment
levels can be achieved in a more efficient way by defining one policy on the account
level and binding it to environment
levels.
Policy statement
A statement specifying exactly what this policy allows.
Example: Policy for Settings 2.0 Write
ALLOW settings:objects:read;ALLOW settings:objects:write;ALLOW settings:schemas:read;
You can combine multiple permissions in a single statement. Here is the same example combined into a single statement:
ALLOW settings:objects:read, settings:objects:write, settings:schemas:read;
Combining statements is particularly useful for managing policies with complicated conditions.
For a complete and up-to-date list of Dynatrace services that support permission management via IAM policies, see IAM policy reference.
To edit an existing policy
To delete a policy
To copy an existing policy
To apply a policy to a group, you need to bind the policy to the group. For details on managing group permissions with IAM, see Manage group permissions with IAM policies.