Critical-risk tools in Dynatrace SaaS MCP Server
22 of the 167 tools in Dynatrace SaaS MCP Server are classified as critical risk. This page profiles those tools specifically, with recommended policy actions and the attack patterns that target them.
Every operation listed below is an action PolicyLayer recommends controlling at the transport layer. Open any tool to see the full profile, risk score, and YAML policy snippet.
Tools at critical risk
-
cancel_record_deletionDestructiveCancel a Grail record deletion process that is in progress or queued.
-
delete_dashboardDestructiveDelete (trash) a dashboard by id (WRITE).
-
delete_event_notificationDestructiveDelete an event-notification by ID (WRITE, destructive, platform notification v2).
-
delete_extension_monitoring_configDestructiveDelete a specified monitoring configuration for an Extension 2.0 (WRITE, destructive).
-
delete_featureDestructiveDelete a feature by key within a project (WRITE, destructive).
-
delete_feature_flagDestructiveDelete a feature flag by key (WRITE, destructive).
-
delete_feature_projectDestructiveDelete a Feature Management project by key (WRITE, destructive).
-
delete_fieldsetDestructiveDelete a Grail fieldset by UID (WRITE, Storage Fieldsets v1).
-
delete_filter_segmentDestructiveDelete a filter segment by UID (WRITE, destructive, platform storage filter-segments v1).
-
delete_grail_bucketDestructiveDelete a Grail retention bucket by name (WRITE, destructive, Dynatrace Storage Management v1).
-
delete_monitorDestructiveDelete a synthetic monitor definition by entity ID (WRITE, destructive).
-
delete_notebookDestructiveDelete (trash) a notebook by id (WRITE).
-
delete_request_attributeDestructiveDelete a request attribute by ID (WRITE, destructive, classic Config API v1).
-
delete_request_namingDestructiveDelete a request naming rule by ID (WRITE, destructive, classic Config API v1).
-
delete_resource_fileDestructiveDelete a file from the Grail Resource Store by path (WRITE, destructive, Resource Store v1).
-
delete_self_notificationDestructiveDelete a self-notification by ID (WRITE, destructive, platform notification v1).
-
delete_settings_objectDestructiveDelete a Settings 2.0 object by objectId (WRITE, destructive).
-
delete_sloDestructiveDelete an SLO by id (WRITE, destructive).
-
delete_trust_policyDestructiveDelete a WIF trust policy by UUID (IAM v1, WRITE, destructive).
-
delete_trust_policy_mappingDestructiveDelete a WIF service user mapping by UUID (IAM v1, WRITE, destructive).
-
delete_workflowDestructiveDelete a Dynatrace Automation workflow by ID (WRITE, destructive, platform Automation v1).
-
execute_record_deletionDestructiveDESTRUCTIVE — permanently deletes Grail records matching the given DQL query and optional timeframe.
Attacks that target this class
Critical-risk tools in any server share these documented attack patterns. Each links to the full case and the defensive policy.