FAQ
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Permissions for creating and editing synthetic monitoring

Go to solution
Ilya7
Participant

‎21 Dec 2022 01:52 PM - last edited on ‎22 Dec 2022 11:12 AM by Community Team

Hello,

we would like to give permission for making and editing synthetic monitors to a specific user group for the whole environment.

As far as I'm concerned there is no way to give permission for creating/editing synthetic monitorings without checking "change monitoring settings" for the whole environment or management-zone.

Am I overlooking something? If not will there be a way (i.e. through a schemaId) to give editing permissions for synthetics in the future?

Best regards,
Ilya

0 Kudos
Reply
5 REPLIES 5

Go to solution
AurelienGravier
DynaMight Pro
DynaMight Pro

‎21 Dec 2022 02:07 PM

Hello @Ilya7 ,

IAM policies is what you need ! You can configure custom IAM through the Dynatrace web UI or REST API :

https://www.dynatrace.com/support/help/shortlink/iam#how-to-configure-iam

 

Some examples of IAM policies here :

https://www.dynatrace.com/support/help/shortlink/iam-policystatement-syntax

And the list of REST API calls is available here :

https://api.dynatrace.com/spec/#/Policy%20management

AurelienGravier_0-1671631416729.png

Regards Aurélien.

Observability consultant - Dynatrace Associate/Pro/Services certified
0 Kudos
Reply

Go to solution
Ilya7
Participant
In response to AurelienGravier

‎21 Dec 2022 02:28 PM

Hello @AurelienGravier,

thanks for your response.

I was looking into IAM policies but couldn't find a fitting policy. At first I thought I can go with https://www.dynatrace.com/support/help/shortlink/iam-policystatements#settings-objects-write but the synthetic tab doesn't seem to have a schemaId.

This one might be fitting, I'm not sure though: https://www.dynatrace.com/support/help/shortlink/iam-policystatements#environment-roles-configure-re....

Please let me know if you know the right way of doing this.

Best regards,
Ilya

0 Kudos
Reply

Go to solution
AurelienGravier
DynaMight Pro
DynaMight Pro

‎21 Dec 2022 03:15 PM - edited ‎21 Dec 2022 03:19 PM

First of all, I have extracted the list of available schemas through the Environment API V2 :

https://{environmentid}.live.dynatrace.com/rest-api-doc/index.jsp#/Settings%20-%20Schemas/getAvailab...

And I select on the response a schemaID related to the synthetic feature:

{
"schemaId": "builtin:synthetic.browser.name",
"displayName": "Monitor name",
"latestSchemaVersion": "1.0.1"
},

Afterwards, I use this schemaId as parameter in the following endpoint : /settings/schemas/{schemaId}

https://{environmentid}.live.dynatrace.com/rest-api-doc/index.jsp#/Settings%20-%20Schemas/getSchemaD...

{
"dynatrace": "1",
"schemaId": "builtin:synthetic.browser.name",
"displayName": "Monitor name",
"description": "Define the display name of your browser monitor",
"documentation": "",
"schemaGroups": [
"group:synthetic.browser"
],

And a schemaGroups exists "group:synthetic.browser" on the response.

 

So I suppose that you can use it in your custom IAM :

ALLOW settings:objects:read, settings:objects:write, settings:schemas:read WHERE settings:schemaGroups = "group:synthetic.browser"

 

Let me know if it works.

 

 

 

 

 

 

 

Observability consultant - Dynatrace Associate/Pro/Services certified
Reply

Go to solution
AurelienGravier
DynaMight Pro
DynaMight Pro

‎26 Dec 2022 10:30 AM - edited ‎28 Dec 2022 08:38 AM

Hello @Ilya7 

 

The synthetic monitors configuration is only partially migrated to settings 2.0, so the permissions regarding creation of the monitors (browser and HTTP) are still not available.  I have created the following RFE : https://community.dynatrace.com/t5/Dynatrace-product-ideas/IAM-policy-gt-the-settings-schemaId-relat... I suggest you voting on it to help.

 

Instead, I have found the way to give permissions on existing synthetic monitors and on settings related to synthetic monitoring :


1st, create your custom policy with the statements below  :

ALLOW settings:objects:read, settings:objects:write, settings:schemas:read WHERE settings:schemaId IN ("builtin:synthetic.browser.name","builtin:synthetic.browser.scheduling","builtin:synthetic.http.name","builtin:synthetic.synthetic-availability-settings","builtin:synthetic.synthetic-availability-settings","builtin:synthetic.browser.outage-handling","builtin:synthetic.http.scheduling","builtin:synthetic.browser.assigned-applications","builtin:synthetic.http.performance-thresholds","builtin:synthetic.browser.kpms","builtin:synthetic.http.assigned-applications","builtin:synthetic.http.outage-handling","builtin:synthetic.http.cookies","builtin:synthetic.browser.performance-thresholds");

 

2nd, create a new group and bind it the previous policy : 

AurelienGravier_0-1672048534298.png

 

3rd add a use as member of this group.

The user will have the rights to edit each monitors and a limited acces on settings menu :

AurelienGravier_1-1672048684454.png

 

Regards Aurélien.

 

 

 

Observability consultant - Dynatrace Associate/Pro/Services certified
Reply

Go to solution
Ilya7
Participant
In response to AurelienGravier

‎28 Dec 2022 09:51 AM

Hello Aurélien,

thanks for your effort!

It's really unfortunate that we can't set permissions to create synthetics. With the current options we can't even allow to edit the recorded clickpath for existing browser monitors. 

Thanks for creating the RFE. It's a really important feature in my opinion.

Best regards,
Ilya

Reply
Ask a question

Featured Posts