This tutorial shows how to use the Dynatrace default policies to grant access to features and services inside of Dynatrace. The default policies are managed and maintained by Dynatrace and provide pre-built access to Dynatrace.
This tutorial is for Dynatrace account administrators who need to grant users access to platform features and data stored inside of Dynatrace. The tutorial will help you to set up least-privilege access for your users.
In this tutorial, you'll learn
Dynatrace comes preconfigured with a set of user groups that reflect the main access patterns from a feature and data perspective.
The default user groups have default policies for Dynatrace and data access assigned on the account level and provide an easy way to grant your users access. Since the policy assignments are defined on the account level, they cover every tenant in the account.
To see which default groups are available and how they are configured, see Dynatrace default groups.
Users can be simply added to the default user groups to provide access to Dynatrace.
If you want to provide a more refined way of accessing Dynatrace, the Dynatrace default policies are the best starting point.
The Dynatrace default policies provide access to Dynatrace in two categories:
For an overview of which default policies exist in the two categories, see Dynatrace default policies.
Dynatrace default policies can be assigned to any user group. To learn more about policy assignment, follow this guide: Manage group permissions with IAM policies.
With policy boundaries, you can define a set of resource/record-based restrictions that can be applied to your assigned policies.
You can use policy boundaries to further restrict the Dynatrace default policies, which gives you the benefit of maintained permissions sets with the added value of restrictions on the resource/record level.
Policy boundaries can be used for scenarios such as:
To learn more about policy boundaries, follow the Policy boundaries guide.