Grant access to Dynatrace

  • Tutorial
  • 2-min read

This article shows you how to use the Dynatrace default groups and policies to grant access to features and services inside Dynatrace.

Who this is for

This tutorial is for Dynatrace account administrators who need to grant users access to platform features and data stored inside Dynatrace. It also helps new Dynatrace users looking to understand group-based permissions.

What you will learn

In this article, you'll learn how to:

  • Use the default groups and policies to give your users access to Dynatrace.
  • Assign different sets of privileges to your user groups.
  • Refine the access of your users with policy boundaries.

Before you begin

  • A Dynatrace account with administrative privileges.
Default Groups

Predefined user groups in Dynatrace

Permissions

Access rights for different groups

RBAC

Stands for Role-based access control; a security model for managing user access

Steps

This step adds users to Dynatrace so that you can assign roles and access rights to them.

  1. Go to Account Management. If you have more than one account, select the account you want to manage.

    This opens https://myaccount.dynatrace.com/, which you can bookmark for easy access to Account Management.

  2. Go to Identity & access management > User management.
  3. Select Invite users.
  4. In the Enter Details, add required details.
  5. In the Assign permissions, assign permissions or select a group tot he user.
  6. Select Invite.

Assigning a user to a default group is the fastest way to give them access to Dynatrace features and data. This step also lays the baseline for applying advanced controls, such as creating custom groups and policy boundaries.

To assign users to default groups

  1. Go to Dynatrace Account Management > Identity & access management > User management.
  2. In the Edit user page, select a user to assign groups.
  3. Select the appropriate one or more groups from the list.
  4. Select Save.

This step is required when default groups don’t align with your internal structure or access needs. Custom groups allow you to tailor access to specific organizational needs by combining default and custom policies.

To create custom groups

  1. Go to Dynatrace Account Management > Identity & access management > Group management.
  2. In the Create group page, select Create group.
  3. Enter the details for Group name (required) and Description (optional)
  4. Select Create.
  5. To edit permissions for a selected group, select Permission.
  6. Select one or more permissions from Dynatrace access or Data access.Add users to the created custom group. To learn how, see Assign users to groups.
  7. To perform other group operations, see Group management.

You can use policy boundaries to refine access further and restrict the Dynatrace default policies. The boundaries limit access to specific apps, workflows, or data partitions, narrowing the policy's scope to only the defined conditions.

To create a policy boundary

  1. Go to Dynatrace Account Management > Identity & access management > Policy boundaries.
  2. Select the Boundaries tab.
  3. Select Create boundary and enter a Boundary name and a Boundary query.
  4. Select the Save.
  5. For the boundary to be active, apply it to a group policy.

To apply the created Boundary to a Group policy

  1. Go to Dynatrace Account Management > Identity & access management > Group management.
  2. Select a group and select View group.
  3. In the Permissions section, select to edit or add a policy.
  4. When assigning the policy, select the boundary you created.

To learn more about policy boundaries, see Policy boundaries.

To further customize user access, you can create custom policies in Dynatrace as below

  1. Go to Account Management > Identity & access management > Policy management.
  2. In the Policies tab, select Create policy.
  3. Enter the required information.
  4. Select Save.
Related tags
Dynatrace Platform