• Forums
    • Public Forums
      • Community Connect
      • Dynatrace
        • Dynatrace Open Q&A
      • Application Monitoring & UEM
        • AppMon & UEM Open Q&A
      • Network Application Monitoring
        • NAM Open Q&A
        • Enterprise Synthetic Monitoring
      • Synthetic Classic
        • Synthetic Classic Open Q&A
      • BSM Open Q&A
  • Home /
  • Public Forums /
  • Application Monitoring & UEM /
  • AppMon & UEM Open Q&A /
avatar image
Question by Lukasz F. · May 11, 2015 at 06:39 PM ·

dynaTrace 6.0.x permissions problem - two roles and one groups

I have a problem with giving users additional permissions in one group by two roles. 

Example: 

I created two roles - Developer and Guest. 

Guest is almost original role form  default configuration. Developer is role that has additional permissions e.g. Analyse System and Read confidential strings. Sadly I noticed that this permissions are not summing up and user test sees only Guest role permissions. 

How overcome this problem? - I don't want multiply groups when role mechanism is available. 

Comment

People who like this

0 Show 0
10 |2000 characters needed characters left characters exceeded
▼
  • Viewable by all users
  • Viewable by moderators
  • Viewable by moderators and the original poster
  • Advanced visibility
Viewable by all users

1 Reply

· Add your reply
  • Sort: 
  • Most voted
  • Newest
  • Oldest
avatar image

Answer by Graeme W. · May 12, 2015 at 04:01 AM

Lukasz,

The problem is that the group has "no permissions" for Server Management.  You need to assign "Developer" to the Dynatrace Server Management pull-down. That set of permissions – for server operations including the Agent Overview – is separate from the system profile permissions given in the second half of the screenshot.

Also, I don't think the system profile permissions "add".  I think Dynatrace probably just takes the first matching rule when looking at what a given group can do to a given profile, so the second "default" rule is ignored.

This is explained here:  User Permissions and Authentication 

of which this is the pertinent part:

Management Role

A user group specifies exactly one role to manage Dynatrace Servers. Roles that are applied for management only grant access to Dynatrace Server. Dynatrace ignores other permissions (e.g. for a specific System Profile) contained in this role. To completely deny access to Dynatrace Server management, select No Permission.

System Profiles 

To protect System Profiles, Dynatrace defines roles for them. Unlike management roles, System Profile roles only use permissions that apply to System Profile functionality (e.g. run analyses and create memory dumps). A role's permissions for Dynatrace Server management are ignored.

-- Graeme

Comment

People who like this

0 Show 2 · Share
10 |2000 characters needed characters left characters exceeded
▼
  • Viewable by all users
  • Viewable by moderators
  • Viewable by moderators and the original poster
  • Advanced visibility
Viewable by all users
avatar image Lukasz F. · May 12, 2015 at 02:20 PM 0
Share

but what with confidential strings ? They also need to be on Management Role level set ? 

avatar image Lukasz F. Lukasz F. · May 12, 2015 at 02:24 PM 0
Share

ok, I found answer in dynaTrace server permission of specific perm. 

Thanks for help!.

Your answer

Hint: You can notify a user about this post by typing @username

Up to 10 attachments (including images) can be used with a maximum of 52.4 MB each and 262.1 MB total.

Welcome to the
Dynatrace Community Forums

Check out the Forum User Guide and Forum Guidelines to learn how to get started.

EMEA Community Member of the Month - November 2018

Announcing Dynatrace's EMEA Community Member of the Month for November 2018, Mathieu C.! Click here to read more!

LATAM Community Member of the Month - November 2018

Announcing Dynatrace's LATAM Community Member of the Month for November 2018, Rene S.! Click here to read more!

Follow this Question

Answers Answers and Comments

2 People are following this question.

avatar image avatar image

Forum Tags

nginx upgrade java diagnostics dotnet docker scheduler search 6.5 customization ios appmonsaas knowledge sharing browser agent mobileapp database sensor performance warehouse 7.1 chart hybris 6.3+ services production web performance monitoring user sessions transactionflow incidents test automation measures business transaction plugins migration php javascript android processes server dashlet monitoring purelytics nodejs 6.2 splunk system profile rest api uem appmon framework appmon 7 license mobile monitoring good to know collector installation adk purepath messagebroker web services apache guardian appmon 7.2 plugin iis splitting dashboard mq rest webserver reports 7.0 errors kibana mainframe client 6.1 configuration unique users forum user guide continuous delivery postgresql sensors security documentation agent web dashboard alerting load auto-detection window 6.3 dynatrace apm administration oneagent
  • Forums
  • Public Forums
    • Community Connect
    • Dynatrace
      • Dynatrace Open Q&A
    • Application Monitoring & UEM
      • AppMon & UEM Open Q&A
    • Network Application Monitoring
      • NAM Open Q&A
      • Enterprise Synthetic Monitoring
    • Synthetic Classic
      • Synthetic Classic Open Q&A
    • BSM Open Q&A