Business events security context
Dynatrace allows you to tweak your ingested business events data by adding a dt.security_context attribute to specific business events records. This enables you to set additional options, for example, permissions for individual records. See, Permissions in Grail.
To create a security context adjustment to your ingested business events data, you need to create rules that:
- Filter the records that have the
dt.security_contextattribute added to them.
Go to Logs and events page and create a DQL query using a business events processing function. For example:This allows you to filter the business events records to which you will want to add thefetch bizevents| filter matchesValue(geo.city.name, "Brussels")dt.security_contextattribute. Once satisfied with the query result, copy the business events processing function of the DQL query:matchesValue(geo.city.name, "Brussels"). - Define the business events security context rule using that function and specify the value of the
dt.security_contextattribute. The value of thedt.security_contextattribute can be a literal value that you provide, or you can specify the name of another attribute of which the value will be used as the value ofdt.security_context.
Create business events security context rule
Business event security context is based on rules that contain a matcher and the dt.security_context attribute definition.
- The matcher narrows down the available business events records for executing this specific rule.
- Value source type specifies the value of the
dt.security_contextattribute.
Go to Settings > Business Analytics > Security context to view business events processing security rules that are in effect, reorder the existing rules, and create new rules. Rules are executed in the order in which they're listed, from top to bottom. This order is critical because the first user-defined rule that matches is executed.
Expand Details to examine a rule definition. A business events processing security rule consists of the following:
- Rule name
The name for the rule. - Matcher
A business events processing function that narrows down the available business events data for executing this specific rule. - Select value source type
- Field
Value will be copied from field. - Literal
Constant literal will be used as value.
- Field
- Value
Value of the source type.
To add a business events security context rule:
- Select Add rule on the Business event security context page.
- Add a Matcher to your rule by pasting the business events processing function from your DQL query.
- Select value source type.
- Provide the Value for the source type.
- If you selected Field, the value should be the name of the field used as a source to copy the value to the
dt.security_contextattribute. - If you selected Literal, the value should be the constant literal that will be used as the value in the
dt.security_contextattribute.
- If you selected Field, the value should be the name of the field used as a source to copy the value to the
Example
Your business events records contain attribute geo.city.name with a value of Brussels. Only users in the team_EU user group should have access to them and you want to create a business events security context rule that:
- Filters all records that contain
Brusselsas a value of thegeo.city.nameattribute. - Adds a
dt.security_contextattribute with theteam_EUvalue to all filtered business events records.
-
Go to Logs and events page and execute a DQL query using a business events processing function:
fetch bizevents| filter matchesValue(geo.city.name, "Brussels") -
Copy the business events processing function of the DQL query:
matchesValue(geo.city.name, "Brussels"). -
Go to Settings > Business Analytics > Security context and select Add rule on the Business event security context page.
-
For the Rule name enter:
team_EU - Brussels. -
For the Matcher enter:
matchesValue(geo.city.name, "Brussels"). -
For the Select value source type select Literal.
-
For the Value enter:
team_EU. -
Select Save changes.
Once new business events data arrives, it is processed by business events security context rules and a new dt.security_context attribute is added with a value of team_EU. You can go to Logs and events page and check that new business events records are processed by your team_EU - Brussels business events security context rule. Use the DQL to view all business events records containing team_EU value in dt.security_context attribute:
fetch bizevents| filter matchesValue(dt.security_context, "team_EU")
Based on this attribute, you can now create security-related user and group policies. See, Permissions in Grail.