SaaS Upgrade Assistant Role Permissions
Latest Dynatrace
To authorize users to use the app, a user has to be assigned to the upgrade-assistant:environments:write IAM policy.
How to set up SaaS Upgrade Assistant IAM policy?
-
Go to Account Management > Identity & access management > Policies.
-
Select Create policy.
-
Enter the following information.
Element
Description
Name
saas-upgrade-assistant
Description
The IAM policy to execute configuration migration from Dynatrace Managed to SaaS via SaaS Upgrade Assistant.
Organization level
environmentPolicy statement
ALLOW upgrade-assistant:environments:write; -
Apply the policy to a group. For example, to "Deployment admin". For details on managing group permissions with IAM, see Manage group permissions with IAM policies.
For more information, see Add or remove group policies.
How to view role permissions used by SaaS Upgrade Assistant?
The Dynatrace Hub entry for 
SaaS Upgrade Assistant lists the required permissions.
To view the available permissions
- In Dynatrace Hub, select SaaS Upgrade Assistant.
- Go to the Technical Information tab.
- Check the User Permissions section for a list of all the permissions you need to include in the policies bound to user groups that are allowed to use SaaS Upgrade Assistant.
For more information, see Working with policies.
What permissions are needed to install and run SaaS Upgrade Assistant?
Make sure your user has the following policy assigned to get permissions for all functionalities of SaaS Upgrade Assistant:
ALLOW upgrade-assistant:environments:write;ALLOW hub:catalog:read;ALLOW document:documents:read, document:documents:write, document:documents:delete;ALLOW environment-api:credentials:read, environment-api:entities:read, environment-api:api-tokens:read, environment-api:api-tokens:write;ALLOW state:user-app-states:read, state:user-app-states:write, state:user-app-states:delete;