Skip to main content
Version: v2.7 print this page

Access Tags

Tag-Based Access Control in Amorphic is a feature that helps users to efficiently share and manage Amorphic resources at scale. This control system co-exists with existing Role-Based Access Control (RBAC).

Amorphic Tag-Based Access Control provides the following capabilities:

  • By sharing Tags with users, administrators can grant users access to specific Amorphic resources to which the tag is attached. This provides a dynamic and scalable access control mechanism.
info

Migration from Groups to Tags ( v2.7)

Starting with v2.7 release, the Groups feature is deprecated and will be automatically migrated to the new Tags-based access control system. This section outlines how existing group configurations will be mapped to their tag equivalents.

Migration Details

Tag Structure

  • Each existing group will be converted to a tag using the following format:
    • TagKey: "group"
    • TagValue: The original group name
    • Example: A group named "developers" becomes a tag group:developers

Access Rights Migration

  1. Admin Access
    • Previous group administrators will receive owner-level access to the corresponding tag
  2. Member Access
    • Former group members will be granted read-only access to the tag

Resource Access

  • All resources previously associated with the group will be automatically linked to the new tag
  • Access levels to these resources will be preserved based on the original Group Type:
    • Full Access permissions will maintain full access capabilities
    • Read Only permissions will maintain read-only capabilities

Example Migration

  • Original: "Group - developers"
  • New: "Tag - group:developers"
    • Group Admins → Owner Access to the tag
    • Group Members → Read Only Access to the tag
    • Resources maintain their original access levels as defined by the Group Type

Migration

What is a Tag?

In Amorphic, each tag consists of a Tag Key and Tag Value pair, representing a unique resource. Other Amorphic resources can be shared with these tags, similar to how we share resources with users with an access types. Anyone granted access to a tag can utilize the associated resource according to the defined access type. An access type: owner, editor or read-only must be specified when sharing any resource(including Tags) with users or Tags.

Example

Suppose you have the following Tag Key and Tag Value combinations:

Tag Key: department
Tag Value: sales

These combinations can be shared with users in the system, while other Amorphic resources can be shared with these Tags. This allows all users with whom the tags have been shared to access the Amorphic resources associated with those tags. Sharing a dataset with the tag department: sales and the access type owner associates the dataset with the sales department. When this tag is shared with users, it grants them owner access to that dataset.

info

Tags can only be shared with users and cannot be shared with other Tags.

Amorphic Acecss Tags contains the following information:

Tag Metadata Information

TypeDescription
Tag KeyThe key identifying the tag. Can be a maximum of 24 characters. Allowed characters are lowercase letters, numbers and _
Tag ValueUnique value for the tag key. Tag value can be a maximum of 24 characters and allowed characters are lowercase letters, numbers and _
Tag DescriptionA brief explanation of the tag's purpose.
ResourcesThe list of resources attached to the tag.

Tag Operations

You can perform basic CRUD operations (shown in the below table) on a tag if you have sufficient permissions.

Tag Details

FunctionalityDescription
Create TagCreate a Tag by specifying Key & Value
View TagView existing Tag Metadata Information
Update TagUpdates can only be made to the description of a tag, and this is permitted only for users who have editor or owner access to that tag
Delete TagDelete an existing Tag; this action is only permitted for users who have owner access to that tag
Share TagShare the Tag with users in the system
info

If any resources are attached to the tag, it cannot be deleted. Please remove all resources from the tag before attempting to delete it.

How to create a Tag?

To create a new tag in Amorphic, follow these steps:

  1. Go to the Management menu and select Access Tags.
  2. Click on the Create Access Tag button.
  3. Fill in the information required, such as Tag Key & Tag Value
  4. Click on Create to create the new Tag.

Create tags

How to attach users to a Tag?

This process is same as how we share other Resources to users

  1. Click the Share button for the Tag
  2. Click on the Plus (+) button to add users
  3. Select the User and Access Type from the drop down list
  4. Click on Provide Access
info

When sharing the resources with a tag:

  1. All users in the Tags must have domain access for all datasets attached to the tag.
  2. If a resource has only 1 tag with owner access attached to it, it cannot be removed.
Tags:
Last updated on by Sonu