SaaS Upgrade Assistant Role Permissions

Latest Dynatrace

To authorize users to use the app, a user has to be assigned to the upgrade-assistant:environments:write IAM policy.

How to set up SaaS Upgrade Assistant IAM policy?

  1. Go to Account Management > Identity & access management > Policies.

  2. Select Create policy.

  3. Enter the following information.

    Element

    Description

    Name

    saas-upgrade-assistant

    Description

    The IAM policy to execute configuration migration from Dynatrace Managed to SaaS via SaaS Upgrade Assistant.

    Organization level

    environment

    Policy statement

    ALLOW upgrade-assistant:environments:write;
  4. Apply the policy to a group. For example, to "Deployment admin". For details on managing group permissions with IAM, see Manage group permissions with IAM policies.

For more information, see Add or remove group policies.

How to view role permissions used by SaaS Upgrade Assistant?

The Dynatrace Hub entry for SaaS Upgrade Assistant SaaS Upgrade Assistant lists the required permissions.

To view the available permissions

  1. In Dynatrace Hub, select SaaS Upgrade Assistant SaaS Upgrade Assistant.
  2. Go to the Technical Information tab.
  3. Check the User Permissions section for a list of all the permissions you need to include in the policies bound to user groups that are allowed to use SaaS Upgrade Assistant SaaS Upgrade Assistant.

For more information, see Working with policies.

What permissions are needed to install and run SaaS Upgrade Assistant?

Make sure your user has the following policy assigned to get permissions for all functionalities of SaaS Upgrade Assistant SaaS Upgrade Assistant:

ALLOW upgrade-assistant:environments:write;
ALLOW hub:catalog:read;
ALLOW document:documents:read, document:documents:write, document:documents:delete;
ALLOW environment-api:credentials:read, environment-api:entities:read, environment-api:api-tokens:read, environment-api:api-tokens:write;
ALLOW state:user-app-states:read, state:user-app-states:write, state:user-app-states:delete;