Skip to main content

Identity and access management

  • Reference

Identity and Access Management configuration. Allows viewing users within the platform and their access capabilities.

Latest (V1)
npm install @dynatrace-sdk/client-iam

usersAndGroupsClient

import { usersAndGroupsClient } from '@dynatrace-sdk/client-iam';

getActiveUserFromOrganizationalLevel

usersAndGroupsClient.getActiveUserFromOrganizationalLevel(config): Promise<RestUserPublic>

Get active user from organizational level

Required scope: iam:users:read

Authorization is based on an assignment of the calling user to the account associated with the 'level-type' and 'level-id' For environment 'level-type' user has to be assigned to account to which the environment is assigned, user does not need any permissions in such environment

Parameters

NameTypeDescription
config.levelId*requiredstringIdentifier of 'level-type'. Max allowed length is 36. For account use its UUID. For environment 'level-type' user has to be assigned to account to which the environment is assigned, user does not need any permissions in such environment
config.levelType*requiredstringAllowed values: account, environment
config.uuid*requiredstringUser UUID

Returns

Return typeStatus codeDescription
RestUserPublic200User fetched successfully

Throws

Error TypeError Message
PublicExceptionMessageErrorAuthorization header is missing or is incorrect. | Execution user is not allowed to perform the action. | Calling user is not assigned to the requested account or requested environment is not assigned to account that user is assigned to or the 'level-id' does not exist
PublicExceptionThrottlingMessageErrorToo many requests have been sent - requests are throttled

Code example

import { usersAndGroupsClient } from "@dynatrace-sdk/client-iam";

const data =
await usersAndGroupsClient.getActiveUserFromOrganizationalLevel(
{ levelType: "...", levelId: "...", uuid: "..." },
);

getActiveUsersForOrganizationalLevel

usersAndGroupsClient.getActiveUsersForOrganizationalLevel(config): Promise<RestUserPublicListResponse>

Get active users from organizational level

Required scope: iam:users:read

Providing value for at least one of the parameters: 'partialString' or 'uuid' is required. If both query params 'partialString' and 'uuid' are provided then the result returns users meeting any of the filtering criteria. Returned users are first ordered by name and then by surname. Authorization is based on an assignment of the calling user to the account associated with the 'level-type' and 'level-id' For environment 'level-type' user has to be assigned to account to which the environment is assigned, user does not need any permissions in such environment

Parameters

NameTypeDescription
config.levelId*requiredstringIdentifier of 'level-type'. Max allowed length is 36. For account use its UUID. For environment 'level-type' user has to be assigned to account to which the environment is assigned, user does not need any permissions in such environment
config.levelType*requiredstringAllowed values: account, environment
config.pagenumberOffset-based Pagination - page. Default value: 1. Page number to return. Offset-based Pagination can't be used with Cursor-based Pagination!
config.pageKeystringCursor-based Pagination - page-key. Cursor to the next page, includes page number and filtering values. Implicit filtering values will be overwritten by page-key property. Cursor-based Pagination can't be used together with Offset-based Pagination! Max length: 2000
config.pageSizenumberPagination - page size. Default value: 1000. Minimum value: 1. Maximum value: 1000
config.partialStringstringFilter value - searches for users whose email contains provided value AND users whose 'name surname' or 'surname name' starts with provided value. Minimum length: 3. Maximum length: 320
config.uuidArray<string>List of user UUIDs. Filter value - equals. Allows multiple values. Maximum allowed size: 25

Returns

Return typeStatus codeDescription
RestUserPublicListResponse200Users from the organizational level fetched successfully

Throws

Error TypeError Message
PublicExceptionMessageErrorAuthorization header is missing or is incorrect. | Execution user is not allowed to perform the action. | Calling user is not assigned to the requested account or requested environment is not assigned to account that user is assigned to or the 'level-id' does not exist
PublicExceptionThrottlingMessageErrorToo many requests have been sent - requests are throttled

Code example

import { usersAndGroupsClient } from "@dynatrace-sdk/client-iam";

const data =
await usersAndGroupsClient.getActiveUsersForOrganizationalLevel(
{ levelType: "...", levelId: "..." },
);

getActiveUsersForOrganizationalLevelPost

usersAndGroupsClient.getActiveUsersForOrganizationalLevelPost(config): Promise<RestUserPublicListResponse>

Get active users from organizational level

Required scope: iam:users:read

It is required to provide either request body containing list of user UUIDs or partialString. If both are provided then the result returns users meeting any of the provided criteria. Returned users are first ordered by name and then by surname. Authorization is based on an assignment of the calling user to the account associated with the 'level-type' and 'level-id' For environment 'level-type' user has to be assigned to account to which the environment is assigned, user does not need any permissions in such environment

Parameters

NameTypeDescription
config.body*requiredArray<string>
config.levelId*requiredstringIdentifier of 'level-type'. Max allowed length is 36. For account use its UUID. For environment 'level-type' user has to be assigned to account to which the environment is assigned, user does not need any permissions in such environment
config.levelType*requiredstringAllowed values: account, environment
config.pagenumberOffset-based Pagination - page. Default value: 1. Page number to return. Offset-based Pagination can't be used with Cursor-based Pagination!
config.pageKeystringCursor-based Pagination - page-key. Cursor to the next page, includes page number and filtering values. Implicit filtering values will be overwritten by page-key property. Cursor-based Pagination can't be used together with Offset-based Pagination! Max length: 2000
config.pageSizenumberPagination - page size. Default value: 1000. Minimum value: 1. Maximum value: 1000
config.partialStringstringFilter value - searches for users whose email contains provided value AND users whose 'name surname' or 'surname name' starts with provided value. Minimum length: 3. Maximum length: 320

Returns

Return typeDescription
Promise<RestUserPublicListResponse>Users from the organizational level fetched successfully

Throws

Error TypeError Message
PublicExceptionMessageErrorAuthorization header is missing or is incorrect. | Execution user is not allowed to perform the action. | Calling user is not assigned to the requested account or requested environment is not assigned to account that user is assigned to or the 'level-id' does not exist
PublicExceptionThrottlingMessageErrorToo many requests have been sent - requests are throttled

Code example

import { usersAndGroupsClient } from "@dynatrace-sdk/client-iam";

const data =
await usersAndGroupsClient.getActiveUsersForOrganizationalLevelPost(
{ levelType: "...", levelId: "...", body: ["..."] },
);

getAvailableServiceUsers

usersAndGroupsClient.getAvailableServiceUsers(config): Promise<SearchResult>

Get active service users from organizational level which are usable by the execution user

Required scope: iam:service-users:use

Environment-level queries are executed in account context because there is no direct link between environments and service users.

Parameters

NameTypeDescription
config.levelId*requiredstringIdentifier of 'level-type'. Max allowed length is 36. For account use its UUID. For environment 'level-type' user has to be assigned to account to which the environment is assigned, user does not need any permissions in such environment
config.levelType*requiredstringAllowed values: account, environment
config.pagenumberOffset-based Pagination - page. Default value: 1. Page number to return. Offset-based Pagination can't be used with Cursor-based Pagination!
config.pageKeystringCursor-based Pagination - page-key. Cursor to the next page, includes page number and filtering values. Implicit filtering values will be overwritten by page-key property. Cursor-based Pagination can't be used together with Offset-based Pagination! Max length: 2000
config.pageSizenumberPagination - page size. Default value: 1000. Minimum value: 1. Maximum value: 1000

Returns

Return typeStatus codeDescription
SearchResult200Active service users from the organizational level filtered by user permissions fetched successfully

Throws

Error TypeError Message
PublicExceptionMessageErrorAuthorization header is missing or is incorrect. | Execution user is not allowed to perform the action. | The 'level-id' param does not exist
PublicExceptionThrottlingMessageErrorToo many requests have been sent - requests are throttled

Code example

import { usersAndGroupsClient } from "@dynatrace-sdk/client-iam";

const data =
await usersAndGroupsClient.getAvailableServiceUsers({
levelType: "...",
levelId: "...",
});

getVisibleGroupsForAccount

usersAndGroupsClient.getVisibleGroupsForAccount(config): Promise<RestGroupPublicListResponse>

Get visible groups from organizational level

Required scope: iam:groups:read

Providing value for at least one of the parameters: 'partialGroupName' or 'uuid' is required. If both query params 'partialGroupName' and 'uuid' are provided then the result will be all of the groups meeting any of the filtering criteria. Authorization is based on an assignment of the calling user to the account associated with the 'level-type' and 'level-id' For environment 'level-type' user has to be assigned to account to which the environment is assigned, user does not need any permissions in such environment

Parameters

NameTypeDescription
config.levelId*requiredstringIdentifier of 'level-type'. Max allowed length is 36. For account use its UUID. For environment 'level-type' user has to be assigned to account to which the environment is assigned, user does not need any permissions in such environment
config.levelType*requiredstringAllowed values: account, environment
config.pagenumberOffset-based Pagination - page. Default value: 1. Page number to return. Offset-based Pagination can't be used with Cursor-based Pagination!
config.pageKeystringCursor-based Pagination - page-key. Cursor to the next page, includes page number and filtering values. Implicit filtering values will be overwritten by page-key property. Cursor-based Pagination can't be used together with Offset-based Pagination! Max length: 2000
config.pageSizenumberPagination - page size. Default value: 1000. Minimum value: 1. Maximum value: 1000
config.partialGroupNamestringFilter value - contains. Minimum length: 3. Maximum length: 320
config.uuidArray<string>List of group UUIDs. Filter value - equals. Allows definition of multiple values. Maximum allowed size: 10

Returns

Return typeStatus codeDescription
RestGroupPublicListResponse200Groups from the level fetched successfully

Throws

Error TypeError Message
PublicExceptionMessageErrorMissing both 'partialGroupName' and 'uuid' filter values, or the values don't meet the requirements. | Authorization header is missing or is incorrect. | Execution user is not allowed to perform the action. | Calling user is not assigned to the requested account or requested environment is not assigned to account that user is assigned to or the 'level-id' does not exist
PublicExceptionThrottlingMessageErrorToo many requests have been sent - requests are throttled

Code example

import { usersAndGroupsClient } from "@dynatrace-sdk/client-iam";

const data =
await usersAndGroupsClient.getVisibleGroupsForAccount({
levelType: "...",
levelId: "...",
});

getVisibleGroupsForAccountPost

usersAndGroupsClient.getVisibleGroupsForAccountPost(config): Promise<RestGroupPublicListResponse>

Get visible groups from organizational level

Required scope: iam:groups:read

It is required to provide at either request body containing list of group uuids or partialGroupName. If both are provided then the result returns groups meeting any of the provided criteria. Authorization is based on an assignment of the calling user to the account associated with the 'level-type' and 'level-id' For environment 'level-type' user has to be assigned to account to which the environment is assigned, user does not need any permissions in such environment

Parameters

NameTypeDescription
config.body*requiredArray<string>
config.levelId*requiredstringIdentifier of 'level-type'. Max allowed length is 36. For account use its UUID. For environment 'level-type' user has to be assigned to account to which the environment is assigned, user does not need any permissions in such environment
config.levelType*requiredstringAllowed values: account, environment
config.pagenumberOffset-based Pagination - page. Default value: 1. Page number to return. Offset-based Pagination can't be used with Cursor-based Pagination!
config.pageKeystringCursor-based Pagination - page-key. Cursor to the next page, includes page number and filtering values. Implicit filtering values will be overwritten by page-key property. Cursor-based Pagination can't be used together with Offset-based Pagination! Max length: 2000
config.pageSizenumberPagination - page size. Default value: 1000. Minimum value: 1. Maximum value: 1000
config.partialGroupNamestringFilter value - contains. Minimum length: 3. Maximum length: 320

Returns

Return typeDescription
Promise<RestGroupPublicListResponse>Groups from the level fetched successfully

Throws

Error TypeError Message
PublicExceptionMessageErrorMissing both 'partialGroupName' and 'uuid' filter values, or the values don't meet requirements. | Authorization header is missing or is incorrect. | Execution user is not allowed to perform the action. | Calling user is not assigned to the requested account or requested environment is not assigned to account that user is assigned to or the 'level-id' does not exist
PublicExceptionThrottlingMessageErrorToo many requests have been sent - requests are throttled

Code example

import { usersAndGroupsClient } from "@dynatrace-sdk/client-iam";

const data =
await usersAndGroupsClient.getVisibleGroupsForAccountPost(
{ levelType: "...", levelId: "...", body: ["..."] },
);

Types

ErrorResponse

NameType
codenumber
detailsErrorResponseDetails
messagestring

ErrorResponseConstraintViolation

NameType
messagestring
parameterLocationstring
pathstring

ErrorResponseDetails

NameType
constraintViolationsArray<ErrorResponseConstraintViolation>
missingScopesArray<string>

ErrorThrottlingResponse

NameType
codenumber
messagestring
retryAfterSecondsnumber

PublicExceptionMessage

NameType
errorErrorResponse

PublicExceptionThrottlingMessage

NameType
errorErrorThrottlingResponse

RestGroupPublic

Collection containing the paginated result

NameType
groupName*requiredstring
type*required"LOCAL" | "ALL_USERS" | "SCIM" | "SAML"
uuid*requiredstring

RestGroupPublicListResponse

NameTypeDescription
nextPageKeystringKey for requesting the next page of the result
resultsArray<RestGroupPublic>Collection containing the paginated result
totalCountnumberTotal count of records

RestUserPublic

Collection containing the paginated result

NameType
descriptionstring
email*requiredstring
namestring
surnamestring
uid*requiredstring

RestUserPublicListResponse

NameTypeDescription
nextPageKeystringKey for requesting the next page of the result
resultsArray<RestUserPublic>Collection containing the paginated result
totalCountnumberTotal count of records

SearchResult

NameTypeDescription
nextPageKeystringKey for requesting the next page of the result
resultsArray<ServiceUserDto>Collection containing the paginated result
totalCountnumberTotal count of records

ServiceUserDto

Collection containing the paginated result

NameType
createdAtDate
descriptionstring
emailstring
namestring
surnamestring
uidstring

Enums

RestGroupPublicType

⚠️ Deprecated Use literal values.

Enum keys

AllUsers | Local | Saml | Scim

Still have questions?
Find answers in the Dynatrace Community