Permissions

Latest Dynatrace

This guide outlines the necessary permissions for the Kubernetes app and describes how to tailor them to fit specific roles and requirements.

User permissions

To fully utilize all use cases of the Kubernetes app, a specific set of permissions is required. You can find the complete list of these permissions via Dynatrace Hub.

In Dynatrace Hub, select Kubernetes Kubernetes (new) to view the necessary permissions.

To manage permissions within the Kubernetes app, you can assign default policies to different roles assigned to user groups (such as AppEngine User, Storage All Grail Data Read).

Tailoring permissions/policies

Dynatrace IAM allows for a highly detailed and flexible definition and assignment of permissions. These permissions can be grouped into policies and then assigned to users or groups. Additionally, permissions can be targeted to specific subsets of Kubernetes objects by using conditions, such as for particular clusters and/or namespaces.

For more information, see Identity and access management (IAM).

The permission storage:entities:read currently does not yet support conditions.

ALLOW hub:catalog:read;
ALLOW storage:buckets:read, storage:entities:read storage:events:read,storage:logs:read,storage:metrics:read;
ALLOW environment-api:api-tokens:write, environment-api:entities:read, environment-api:entities:write, environment-api:metrics:read, environment-api:security-problems:read, environment-api:slo:read;
ALLOW settings:objects:read, settings:objects:write, state:user-app-states:read, state:user-app-states:write;
ALLOW davis:analyzers:execute, unified-analysis:screen-definition:read;