To interact with a Dynatrace tenant, the dynatrace-service requires access to the Dynatrace API. Different scopes are required depending on the features you would like to use.
| Feature | Required scope(s) |
|---|---|
SLIs via dynatrace/sli.yaml files |
- |
| SLIs via a Dynatrace dashboard | Read configuration (ReadConfig) |
| Forwarding events from Keptn to Dynatrace | Access problem and event feed, metrics, and topology (DataExport) |
| Forwarding problem notifications from Dynatrace to Keptn | - |
| Automatic onboarding of monitored service entities | Read entities (entities.read) |
| Automatic configuration of a Dynatrace tenant | Read configuration (ReadConfig), Write configuration (WriteConfig) |
When functioning as an SLI provider for Keptn, additional scopes are required depending on the type of SLI:
| SLI type | Required scope(s) |
|---|---|
| Metrics | Read metrics (metrics.read) |
SLOs (SLO) |
Read SLO (slo.read) |
Problems (PV2) |
Read problems (problems.read) |
Security problems (SECPV2) |
Read security problems (securityProblems.read) |
User sessions (USQL) |
User sessions (DTAQLAccess) |
Converted metrics (MV2) |
Read metrics (metrics.read) |