OvalEdge Objects Security

Tags Security

Managing Tags

Tags are one of the ways of Organizing your data assets. This is more useful for business users to quickly navigate to their data assets. Organizations, on a high level, will come up with simple keywords to the group and arrange their data assets. You can add more data objects and organize them in the tags. 

Tags are broadly classified as:

  • Data Asset Group Tags(DAG) - This has a list of all the DAG tags that are created in the security module. Data Asset Group tags are created to organize and maintain the security, ownership, and control of grouped data assets such as schemas, tables, files, reports, and queries.
  • Custom Tags - are common tags

OvalEdge provides both a controlled tagging method (where a tag administrator or tag role creates and manages all tags) and a free tagging method (where a user associates data objects with existing tags). 

In OvalEdge custom tags can be added to data objects like the business glossary, databases, tables, table columns, files, file columns, reports, report columns, queries, and data stories.

Data Asset Group tags can be added to data objects like database schemas, tables, files, reports, and queries.

Note: Each data object can have a single DAG tag or multiple custom tags. Also, each tag can have multiple data objects.

To learn more about how to use tags, refer to How to use tags

Data objects that are tagged can have sensitive and protected information. There are two objectives of tag security in OvalEdge,

  1. Who can create tags and apply data objects to tags.
  2. Who can access the data objects  inside any tags

This topic mainly focuses on who can create tags and assign data objects to them. To learn about a specific type of tags called DAG’s(Data Asset Group) Tag refer to Setting up security using DAG tag

Who can create Tags?

To create new tags, a user must belong to the administrator(OE_ADMIN) role. Additionally, custom user roles can be configured as tag roles to create tags.

  • ovaledge.tag.role

The user assigned with the TAG_ADMIN role can Create Tags. The administrator can view this setting under Administration >> Configuration.

Who can associate data objects?

Users Functions
Meta Read users Only view the data objects associated with existing tags. The User cannot add tags to new objects.
Meta Write users Can associate data objects to existing tags.