Business events security context

Dynatrace allows you to tweak your ingested business events data by adding a dt.security_context attribute to specific business events records. This enables you to set additional options, for example, permissions for individual records. See, Permissions in Grail.

To create a security context adjustment to your ingested business events data, you need to create rules that:

  1. Filter the records that have the dt.security_context attribute added to them.
    Go to Logs and events page and create a DQL query using a business events processing function. For example: 
    fetch bizevents
    | filter matchesValue(geo.city.name, "Brussels")
    This allows you to filter the business events records to which you will want to add the dt.security_context attribute. Once satisfied with the query result, copy the business events processing function of the DQL query: matchesValue(geo.city.name, "Brussels").
  2. Define the business events security context rule using that function and specify the value of the dt.security_context attribute. The value of the dt.security_context attribute can be a literal value that you provide, or you can specify the name of another attribute of which the value will be used as the value of dt.security_context.

Create business events security context rule

Business event security context is based on rules that contain a matcher and the dt.security_context attribute definition.

  • The matcher narrows down the available business events records for executing this specific rule.
  • Value source type specifies the value of the dt.security_context attribute.

Go to Settings > Business Analytics > Security context to view business events processing security rules that are in effect, reorder the existing rules, and create new rules. Rules are executed in the order in which they're listed, from top to bottom. This order is critical because the first user-defined rule that matches is executed.

Expand Details to examine a rule definition. A business events processing security rule consists of the following:

  • Rule name
    The name for the rule.
  • Matcher
    A business events processing function that narrows down the available business events data for executing this specific rule.
  • Select value source type
    • Field
      Value will be copied from field.
    • Literal
      Constant literal will be used as value.
  • Value
    Value of the source type.

To add a business events security context rule:

  1. Select Add rule on the Business event security context page.
  2. Add a Matcher to your rule by pasting the business events processing function from your DQL query.
  3. Select value source type.
  4. Provide the Value for the source type.
    • If you selected Field, the value should be the name of the field used as a source to copy the value to the dt.security_context attribute.
    • If you selected Literal, the value should be the constant literal that will be used as the value in the dt.security_context attribute.

Example

Your business events records contain attribute geo.city.name with a value of Brussels. Only users in the team_EU user group should have access to them and you want to create a business events security context rule that:

  • Filters all records that contain Brussels as a value of the geo.city.name attribute.
  • Adds a dt.security_context attribute with the team_EU value to all filtered business events records.

  1. Go to Logs and events page and execute a DQL query using a business events processing function:

    fetch bizevents
    | filter matchesValue(geo.city.name, "Brussels")

  2. Copy the business events processing function of the DQL query: matchesValue(geo.city.name, "Brussels").

  3. Go to Settings > Business Analytics > Security context and select Add rule on the Business event security context page.

  4. For the Rule name enter: team_EU - Brussels.

  5. For the Matcher enter: matchesValue(geo.city.name, "Brussels").

  6. For the Select value source type select Literal.

  7. For the Value enter: team_EU.

  8. Select Save changes.

Once new business events data arrives, it is processed by business events security context rules and a new dt.security_context attribute is added with a value of team_EU. You can go to Logs and events page and check that new business events records are processed by your team_EU - Brussels business events security context rule. Use the DQL to view all business events records containing team_EU value in dt.security_context attribute:

fetch bizevents
| filter matchesValue(dt.security_context, "team_EU")

Based on this attribute, you can now create security-related user and group policies. See, Permissions in Grail.

Related topics