Update Dynatrace manage page: document Install Extension permission requirements#128351
Conversation
…requirements Add documentation for Install Extension button prerequisites on Virtual Machines and App Service blades, clarifying that Owner or Contributor permissions are required (not just Owner). Updates conditions under which the button is enabled. Addresses ADO work item #36968577 (parent #32931656). Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
|
@praveenrajap : Thanks for your contribution! The author(s) and reviewer(s) have been notified to review your proposed change. |
|
Learn Build status updates of commit 7e5c16e: ✅ Validation status: passed
For more details, please refer to the build report. |
PRMerger Results
|
There was a problem hiding this comment.
Pull request overview
Updates Dynatrace “Manage” documentation to clarify when the Install Extension action is enabled, including RBAC prerequisites, for Virtual Machines and App Service resources.
Changes:
- Documented enablement prerequisites for Install Extension on the Virtual Machines tab.
- Documented enablement prerequisites for Install Extension on the App Service tab.
- Updated
ms.dateto 03/30/2026.
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
| The **Install Extension** button is enabled when all of the following conditions are met: | ||
|
|
||
| - The virtual machine is **Running** (not stopped or deallocated). | ||
| - The Dynatrace OneAgent is **not already installed** on the virtual machine. | ||
| - You have **Owner** or **Contributor** permissions on the subscription where the virtual machine resides. Users with only **Reader** (or lower) permissions can't install the extension. |
There was a problem hiding this comment.
The PR description says the code fix changed the requirement to resource-specific permissions, but the doc currently states Owner/Contributor permissions on the subscription. To match the described behavior and avoid overstating required scope, consider documenting the needed permission at the VM (or resource group) scope (for example, roles that grant Microsoft.Compute/virtualMachines/extensions/write) rather than requiring subscription-level Owner/Contributor.
| - The App Service resource is **Running** (not stopped or deallocated). | ||
| - The Dynatrace OneAgent is **not already installed** on the App Service resource. | ||
| - You have **Owner** or **Contributor** permissions on the subscription where the App Service resource resides. Users with only **Reader** (or lower) permissions can't install the extension. |
There was a problem hiding this comment.
App Service resources don't have a deallocated state (that’s a VM concept). Consider updating the condition to reflect App Service states (for example, Running vs Stopped). Also, similar to the VM section, the permission requirement is written as subscription-level Owner/Contributor; if the requirement is actually resource-scope write permissions, document it at the appropriate scope/permission (for example, Microsoft.Web/sites/siteextensions/write or the relevant extension write action) rather than implying subscription-level access.
| - The App Service resource is **Running** (not stopped or deallocated). | |
| - The Dynatrace OneAgent is **not already installed** on the App Service resource. | |
| - You have **Owner** or **Contributor** permissions on the subscription where the App Service resource resides. Users with only **Reader** (or lower) permissions can't install the extension. | |
| - The App Service resource is in the **Running** state (not stopped). | |
| - The Dynatrace OneAgent is **not already installed** on the App Service resource. | |
| - You have a role that allows installing site extensions on the App Service resource, such as a role with the `Microsoft.Web/sites/siteextensions/write` permission at the App Service or resource group scope. Users with only **Reader** (or lower) permissions can't install the extension. |
|
Can you review the proposed changes? IMPORTANT: When the changes are ready for publication, adding a #label:"aq-pr-triaged" |
prmerger-automator
bot
added
the
aq-pr-triaged
Description
Updates the Dynatrace manage documentation to include Install Extension button prerequisites for Virtual Machines and App Service blades.
Changes:
Related:
The original code required Owner-level permissions for the Install Extension button, which caused it to be greyed out for Contributor users. The code fix (PR #14995861 in Liftr.Services) changed this to require only resource-specific permissions. This PR documents the updated permission requirements.