New RUM Experience permissions

• Latest Dynatrace
• Reference
• 1-min read
• Updated on Jan 19, 2026

Using the New RUM Experience requires the permissions described below. For details on granting permissions, see Working with policies.

Permissions for apps

To list and run the apps provided by the New RUM Experience, you need app-engine:apps:run permissions for them. The table below lists the apps and their IDs.

Table permissions

To access the data captured by the New RUM Experience in Grail, the following table permissions are required:

Record-level permissions

Grail supports the definition of fine-grained permissions at the level of individual records by adding a WHERE clause to table permissions; see Permissions in Grail. Among the supported fields, the following are relevant for the New RUM Experience.

Frontend name

The field storage:frontend.name allows the definition of policies at frontend level, for example:

ALLOW storage:user.events:read WHERE storage:frontend.name="my_frontend";

Security context

Dynatrace allows fine-grained permissions by adding a dt.security_context attribute to specific data using OpenPipeline; see Configure advanced permissions with security context. This field is also applicable to user events and user sessions.

Settings permissions

Several settings schemas are available for RUM. These schemas start with the prefix builtin:rum and are listed in Settings 2.0 - Available schemas. Most of these schemas are not only relevant for RUM Classic, but also for the New RUM Experience.

Read permissions for RUM settings are recommended for all users of the New RUM Experience. If you need to instrument and configure frontends in the New RUM Experience, you also need write permissions. For details about controlling access to settings, see Grant access to Settings.