• Forums
    • Public Forums
      • Community Connect
      • Dynatrace
        • Dynatrace Open Q&A
      • Application Monitoring & UEM
        • AppMon & UEM Open Q&A
      • Network Application Monitoring
        • NAM Open Q&A
  • Home /
  • Public Forums /
  • Application Monitoring & UEM /
  • AppMon & UEM Open Q&A /
avatar image
Question by Lukasz F. · May 11, 2015 at 06:39 PM ·

dynaTrace 6.0.x permissions problem - two roles and one groups

I have a problem with giving users additional permissions in one group by two roles. 

Example: 

I created two roles - Developer and Guest. 

Guest is almost original role form  default configuration. Developer is role that has additional permissions e.g. Analyse System and Read confidential strings. Sadly I noticed that this permissions are not summing up and user test sees only Guest role permissions. 

How overcome this problem? - I don't want multiply groups when role mechanism is available. 

Comment

People who like this

0 Show 0
10 |2000000 characters needed characters left characters exceeded
  • Viewable by all users
  • Viewable by moderators
  • Viewable by moderators and the original poster
  • Advanced visibility
Toggle Comment visibility. Current Visibility: Viewable by all users

Up to 10 attachments (including images) can be used with a maximum of 50.0 MiB each and 250.0 MiB total.

1 Reply

  • Sort: 
  • Most voted
  • Newest
  • Oldest
avatar image

Answer by Graeme W. · May 12, 2015 at 04:01 AM

Lukasz,

The problem is that the group has "no permissions" for Server Management.  You need to assign "Developer" to the Dynatrace Server Management pull-down. That set of permissions – for server operations including the Agent Overview – is separate from the system profile permissions given in the second half of the screenshot.

Also, I don't think the system profile permissions "add".  I think Dynatrace probably just takes the first matching rule when looking at what a given group can do to a given profile, so the second "default" rule is ignored.

This is explained here:  User Permissions and Authentication 

of which this is the pertinent part:

Management Role

A user group specifies exactly one role to manage Dynatrace Servers. Roles that are applied for management only grant access to Dynatrace Server. Dynatrace ignores other permissions (e.g. for a specific System Profile) contained in this role. To completely deny access to Dynatrace Server management, select No Permission.

System Profiles 

To protect System Profiles, Dynatrace defines roles for them. Unlike management roles, System Profile roles only use permissions that apply to System Profile functionality (e.g. run analyses and create memory dumps). A role's permissions for Dynatrace Server management are ignored.

-- Graeme

Comment

People who like this

0 Show 2 · Share
10 |2000000 characters needed characters left characters exceeded
  • Viewable by all users
  • Viewable by moderators
  • Viewable by moderators and the original poster
  • Advanced visibility
Toggle Comment visibility. Current Visibility: Viewable by all users

Up to 10 attachments (including images) can be used with a maximum of 50.0 MiB each and 250.0 MiB total.

avatar image Lukasz F. · May 12, 2015 at 02:20 PM 0
Share

but what with confidential strings ? They also need to be on Management Role level set ? 

avatar image Lukasz F. Lukasz F. · May 12, 2015 at 02:24 PM 0
Share

ok, I found answer in dynaTrace server permission of specific perm. 

Thanks for help!.

How to get started

First steps in the forum
Read Community User Guide
Best practices of using forum

NAM 2019 SP5 is available


Check the RHEL support added in the latest NAM service pack.

Learn more

LIVE WEBINAR

"Performance Clinic - Monitoring as a Self Service with Dynatrace"


JANUARY 15, 3:00 PM GMT / 10:00 AM ET

Register here

Follow this Question

Answers Answers and Comments

1 Person is following this question.

avatar image

Forum Tags

dotnet mobile monitoring load iis 6.5 kubernetes mainframe rest api dashboard framework 7.0 appmon 7 health monitoring adk log monitoring services auto-detection uem webserver test automation license web performance monitoring ios nam probe collector migration mq web services knowledge sharing reports window java hybris javascript appmon sensors good to know extensions search 6.3+ server documentation easytravel web dashboard kibana system profile purelytics docker splunk 6.1 process groups account 7.2 rest dynatrace saas spa guardian appmon administration production user actions postgresql upgrade oneagent measures security Dynatrace Managed transactionflow technologies diagnostics user session monitoring unique users continuous delivery sharing configuration alerting NGINX splitting business transaction client 6.3 installation database scheduler apache mobileapp RUM php dashlet azure purepath agent 7.1 appmonsaas messagebroker nodejs 6.2 android sensor performance warehouse
  • Forums
  • Public Forums
    • Community Connect
    • Dynatrace
      • Dynatrace Open Q&A
    • Application Monitoring & UEM
      • AppMon & UEM Open Q&A
    • Network Application Monitoring
      • NAM Open Q&A