Grant access to Dynatrace through default groups and permissions
To get you started, Dynatrace provides a default set of editable groups for account and environment users. You can edit and adapt these default groups to fit your needs or you can create new groups.
Default environment permissions
These groups are created for users who work with Dynatrace to monitor the health of the hosts, services, and infrastructure in their application environments.
Dynatrace offers the following user groups with environment permissions.
Confidential data admin
Can view personal data (for example, method arguments) and configure request-data capture rules.
Default roles:
- View environment
- Replay sessions with masking
- View sensitive request data
- Manage capturing of sensitive request data
- Manage monitoring settings
Default polices:
- AppEngine - Admin
- AutomationEngine - Admin access
- Storage All Grail Data Read
Deployment admin
Can download and install OneAgent. Has read-only access to the environment. Can’t change settings.
Default roles:
- View environment
- Replay sessions with masking
- Install OneAgent
Default policies:
- AppEngine - User
- AutomationEngine - User access
- Storage Default Monitoring Read
Log viewer
Can access and view the contents of log files. Reserved for users who need access to sensitive log file data. No other access rights.
Default roles:
- View environment
- Replay sessions with masking
- View logs
Default policies:
- AppEngine - User
- Storage Logs Read
- AutomationEngine - User access
Monitoring admin
Has full environment access. Can change monitoring settings. Can download and install OneAgent.
Default roles:
- View environment
- Replay sessions with masking
- Manage monitoring settings
- Manage support tickets
- Install OneAgent
Default policies:
- AppEngine - Admin
- Ingest Events write
- Storage All Grail Data Read
- AutomationEngine - Admin access
Monitoring viewer
Can access the environment in read-only mode. Can’t change settings. Can’t download or install OneAgent.
Default roles:
- View environment
- Replay sessions with masking
Default policies:
- AutomationEngine - User access
- AppEngine - User
- Storage Default Monitoring Read
Security admin
Can view and manage vulnerabilities.
Default roles:
- Manage security problems
Default account permissions
These groups are created for users who are involved in managing account details such as company addresses, billing, payment information, and user management.
Dynatrace offers the following user groups with account permissions.
Account manager
Has full account access. Can view and edit company data, enter credit card data, review invoices, create and edit groups, and add users to groups. Also has access to environment consumption data, Documentation, and Support.
Default permissions:
- View account
- View and manage account and billing information
- View and manage users and groups
Account viewer
Has access to environment consumption data, Documentation, and Support. No access to credit card data, invoices, or company/billing address info. Can’t edit groups or assign users to groups.
Default permissions:
- View account
Finance admin
Can enter credit card data and review invoices. Has access to environment consumption data, Documentation, and Support. Can’t edit groups or assign users to groups. No access to company/billing address info.
Default permissions:
- View account
- View and manage account and billing information