Manage IAM policies

  • How-to guide
  • 7-min read

Use these procedures in the Dynatrace web UI to manage Dynatrace IAM policies.

API alternative

To instead use the API to manage IAM policies, go to Cluster API v2.

List IAM policies

To list configured IAM policies

  1. In the Cluster Management Console, go to User authentication > Policy management.

  2. Review the table of all existing policies that you can bind to user groups.

    • Policy—the name of the policy
    • Policy description—a brief description of the policy
    • Organizational levelglobal, cluster, or environment
    • Actions—view, edit, or delete that row's policy (actions available to you depend on your permission level)

Default policies

To let you use policies right away, Dynatrace IAM is shipped with built-in global policies.

  • On the Policies page, in the Source column, they're all set to Dynatrace
  • They're predefined and managed by Dynatrace
  • You can apply a built-in policy by assigning it to a group for the whole account or to any environment.
  • You can inspect them—select View policy in the Actions column—but you can't edit them

Create a policy

To create a policy

  1. In the Cluster Management Console, go to User authentication > Policy management.

  2. Select Add policy.

  3. Enter the following information.

Services

For a complete and up-to-date list of Dynatrace services that support permission management via IAM policies, see IAM policy reference.

Edit a policy

To edit an existing policy

  1. In the Cluster Management Console, go to User authentication > Policy management.
  2. Find the policy you want to edit.
    You can filter and sort the table.
  3. Select Actions > Edit policy.
  4. Make your changes and select Save.

Delete a policy

To delete a policy

  1. In the Cluster Management Console, go to User authentication > Policy management.

  2. Find the policy you want to delete.
    You can filter and sort the table.

  3. Select the Edit button for the policy.

  4. Select Delete policy.

    The change takes effect in a few minutes.

    To change the delay, modify property policyRefreshIntervalSeconds in the iam section of the config file.

Copy a policy

To copy an existing policy

  1. In the Cluster Management Console, go to User authentication > Policy management.
  2. Open an existing policy for editing.
  3. Copy the contents of Policy statements to the clipboard.
  4. Go back to the Policy management page.
  5. Select Add policy.
  6. Paste the copied policy statements into Policy statements.
  7. Fill in the Name and optional Description.
  8. Select Save.

Apply a policy to a group

To apply a policy to a group, you need to bind the policy to the group. For details on managing group permissions with IAM, see Working with policies.

Related tags
Dynatrace Platform