This article shows you how to use the Dynatrace default groups and policies to grant access to features and services inside Dynatrace.
Who this is for
This tutorial is for Dynatrace account administrators who need to grant users access to platform features and data stored inside Dynatrace. It also helps new Dynatrace users looking to understand group-based permissions.
What you will learn
In this article, you'll learn how to:
Use the default groups and policies to give your users access to Dynatrace.
Assign different sets of privileges to your user groups.
Refine the access of your users with policy boundaries.
A Dynatrace account with administrative privileges.
Default Groups
Predefined user groups in Dynatrace
Permissions
Access rights for different groups
RBAC
Stands for Role-based access control; a security model for managing user access
Steps
This step adds users to Dynatrace so that you can assign roles and access rights to them.
Go to Account Management. If you have more than one account, select the account you want to manage.
This opens https://myaccount.dynatrace.com/, which you can bookmark for easy access to Account Management.
Go to Identity & access management > User management.
Select Invite users.
In the Enter Details, add required details.
In the Assign permissions, assign permissions or select a group tot he user.
Select Invite.
Assigning a user to a default group is the fastest way to give them access to Dynatrace features and data. This step also lays the baseline for applying advanced controls, such as creating custom groups and policy boundaries.
To assign users to default groups
Go to Dynatrace Account Management > Identity & access management > User management.
In the Edit user page, select a user to assign groups.
Select the appropriate one or more groups from the list.
Select Save.
This step is required when default groups don’t align with your internal structure or access needs. Custom groups allow you to tailor access to specific organizational needs by combining default and custom policies.
To create custom groups
Go to Dynatrace Account Management > Identity & access management > Group management.
In the Create group page, select Create group.
Enter the details for Group name (required) and Description (optional)
Select Create.
To edit permissions for a selected group, select Permission.
Select one or more permissions from Dynatrace access or Data access.Add users to the created custom group. To learn how, see Assign users to groups.
You can use policy boundaries to refine access further and restrict the Dynatrace default policies. The boundaries limit access to specific apps, workflows, or data partitions, narrowing the policy's scope to only the defined conditions.
To create a policy boundary
Go to Dynatrace Account Management > Identity & access management > Policy boundaries.
Select the Boundaries tab.
Select Create boundary and enter a Boundary name and a Boundary query.
Select the Save.
For the boundary to be active, apply it to a group policy.
To apply the created Boundary to a Group policy
Go to Dynatrace Account Management > Identity & access management > Group management.
Select a group and select View group.
In the Permissions section, select to edit or add a policy.
When assigning the policy, select the boundary you created.