Latest Dynatrace
This guide outlines the necessary permissions for the Kubernetes app and describes how to tailor them to fit specific roles and requirements.
To fully utilize all use cases of the Kubernetes app, a specific set of permissions is required. You can find the complete list of these permissions via Dynatrace Hub.
In Dynatrace Hub, select Kubernetes to view the necessary permissions.
To manage permissions within the Kubernetes app, you can assign default policies to different roles assigned to user groups (such as AppEngine User, Storage All Grail Data Read).
Dynatrace IAM allows for a highly detailed and flexible definition and assignment of permissions. These permissions can be grouped into policies and then assigned to users or groups. Additionally, permissions can be targeted to specific subsets of Kubernetes objects by using conditions, such as for particular clusters and/or namespaces.
For more information, see Identity and access management (IAM).
The permission storage:entities:read
currently does not yet support conditions.
ALLOW hub:catalog:read;ALLOW storage:buckets:read, storage:entities:read storage:events:read,storage:logs:read,storage:metrics:read;ALLOW environment-api:api-tokens:write, environment-api:entities:read, environment-api:entities:write, environment-api:metrics:read, environment-api:security-problems:read, environment-api:slo:read;ALLOW settings:objects:read, settings:objects:write, state:user-app-states:read, state:user-app-states:write;ALLOW davis:analyzers:execute, unified-analysis:screen-definition:read;