FAQ
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Generate a report of user groups and permissions

Go to solution
ypareek007
Observer

‎29 Jun 2023 10:27 AM

Hi, How can I generate a report from Dynatrace SaaS account that should have all the user groups and the permissions assigned to those user groups along with the users added to each group? I tried looking at account management APIs but I could find API just to get groups for a single user and the response doesn't show the permissions assigned to the group. Couldn't find a way to generate from the UI as well. Please can someone help me with this. TIA

0 Kudos
Reply
8 REPLIES 8

Go to solution
vasile_gafton
Dynatrace Enthusiast
Dynatrace Enthusiast

‎29 Jun 2023 11:05 AM

Hi,

you can use the following 2 API to get:

  1. The users assigned to a group: 
    https://www.dynatrace.com/support/help/shortlink/account-api-groups-get-members
  2. The permissions assigned to a group
    https://www.dynatrace.com/support/help/shortlink/account-api-permissions-get
0 Kudos
Reply

Go to solution
ypareek007
Observer
In response to vasile_gafton

‎29 Jun 2023 06:28 PM

Thank you. Is there a way I can use these APIs to get details of all the groups and permissions at once?

0 Kudos
Reply

Go to solution
vasile_gafton
Dynatrace Enthusiast
Dynatrace Enthusiast

‎30 Jun 2023 12:04 AM

Hey,

yes thats possible.
Here are the steps in the right order

  1. Create an OAuth2 client with the following permissions: account-idm-read
    https://www.dynatrace.com/support/help/shortlink/account-api-authentication#create-an-oauth2-client
  2. Use the ID and the secret of your OAuth2 client to receive a bearer token from the Dynatrace SSO system via an API call.
    Provide the exact same permissions as your client (account-idm-read)
    https://www.dynatrace.com/support/help/shortlink/account-api-authentication#request-a-token
  3.  Use the retrieved bearer token as an authorization header for your Account management API requests 
  4. Get the list of all groups
    https://www.dynatrace.com/support/help/shortlink/account-api-groups-get-all
    For each group you will get also the UUID. 
    Example:
    vasile_gafton_0-1688079585504.png

     


    You need that ID for the next step
  5.  For each group in the list get the list of users and the list of permissions
    https://www.dynatrace.com/support/help/shortlink/account-api-groups-get-members
    https://www.dynatrace.com/support/help/shortlink/account-api-permissions-get

You can either write a script for this or use the Account Management API explorer:
Dynatrace Account Management API

0 Kudos
Reply

Go to solution
ypareek007
Observer
In response to vasile_gafton

‎30 Jun 2023 09:40 AM

Thank you for the detailed steps. This helps but my only concern is I have 63 user groups and as you mentioned in step 5, I can use APIs to get details about each group, so looks like I will have to run those APIs 63 times to get info about all groups. I will try to write an automated script to do that but if you are aware of a better way, please do let me know. Thanks again for all your support 🙂

0 Kudos
Reply

Go to solution
vasile_gafton
Dynatrace Enthusiast
Dynatrace Enthusiast
In response to ypareek007

‎30 Jun 2023 10:34 AM

I m afraid there is no better solution at the moment 🙂

0 Kudos
Reply

Go to solution
ct_27
DynaMight Pro
DynaMight Pro
In response to ypareek007

‎30 Jun 2023 02:26 PM - edited ‎30 Jun 2023 02:27 PM

@ypareek007 I get your frustration. I have similar posts 3 years back when I joined Dynatrace.  I have to say the DynaMight people (before they were DynaMights) helped me out through this forum with ProTips and just helping build stuff for me. It's no guarantee things will be solved for you, but this community is very supportive.  

What I eventually did was stood up a small VM with Node.js (v14 or greater) and installed Node-Red.  I work for a not-for-profit so I'm good, but read over the open source community license to be sure you're in compliance.  I used Node-Red to do all my complicated Dynatrace API efforts. I have over 15 automated scripts that help handle daily administrative tasks, it generated Daily problem email reports, it captures metrics, it does a lot.  Node-Red can be a no-code solution but with Dynatrace I'd say it's more like a Low-Code solution with Javascript.

I'll help you out and writeup a Node-Red flow that does what Vasile documented above. I could actually use it as well. Then post the Node-Red flow, which is just a JSON, here for you download.

 

What I begrudgingly learned in my first year with Dynatrace is to survive you have to be able to heavily interact with the APIs.  You have to be able to iterative through the 'NextPage' process to get all your data. So you really have to code the API or have something like Node-Red.  

 

Dynatrace will suggest two things to you. Monaco, which is awesome (v2 all the way) but solves a slightly different need. And the new Automated Workflows which beyond the 3 free ones have a cost.

HigherEd
Reply

Go to solution
ypareek007
Observer
In response to ct_27

‎03 Jul 2023 12:41 PM

That's great and sounds useful. I do have experience in using Dynatrace APIs using coded programs. I had built some programs last year using VBScript which calls Dynatrace APIs, get JSON results and convert them to MS Excel and finally share as an email with all the stakeholders. I suppose I will try to modify it to generate report as per my current need. I do appreciate your offer to help though. Even though I might not need but if you still write Node-Red flow, please share with me to learn about that more. 

0 Kudos
Reply

Go to solution
ct_27
DynaMight Pro
DynaMight Pro

‎30 Jun 2023 05:20 AM

This would be a great RFE for Dynatrace to build such an out-of-the-box report like this. It could be part of the new myaccount/Account Management interface.

HigherEd
Reply
Ask a question

Featured Posts