Tags

Create, apply, and remove Veza tags

is a product capability allowing organizations to add additional metadata to the entities (such as users, roles, tables, or any other resource/identity) discovered by Veza.

curl 'https://{{VezaUrl}}/api/v1/graph/nodes/veza_tags' \
  --data-raw '{
      "node_id":"arn:aws:s3:::aws-cloudtrail-logs-527398259632-c98becd0",
      "tags":[
          {"key":"custom_tag","value":"one"}
        ]
    }'

You can filter results for entities with a given tag, create based on tags, or use them to add context and notes that other users can view and search by.

To apply a tag, you will need the ID of the node to modify. Calling will return IDs as part of the search result. You can also retrieve this value by clicking Show Details for the entity in Authorization Graph, or checking the ID column from Identity Data Entities or the Query Builder.

Quick Start

Generate a bearer token from .

For the examples below, BASEURL should be the address of your Veza instance, such as https://<org>.vezacloud.com.

export BASEURL=https://<org>.vezacloud.com} \
export TOKEN=Sk9lcmEta2w2c2padklkaDhOcDVhTWdVU3FlTlpVajg=

Use Get Query Spec Nodes to find Snowflake tables reachable by federated Okta users belonging to the Finance department:

curl $BASEURL/api/v1/assessments/query_spec:nodes \
  -H 'authorization: Bearer '$TOKEN \
  --data-raw '{
  "query_type": "SOURCE_TO_DESTINATION",
  "include_nodes": true,
  "source_node_types": {
    "nodes": [
      {
        "node_type": "SnowflakeTable"
      }
    ]
  },
  "destination_node_types": {
    "nodes": [
      {
        "node_type": "OktaUser",
        "condition_expression": {
          "specs": [
            {
              "fn": "CONTAINS",
              "property": "department",
              "value": "Finance"
            }
          ]
        }
      }
    ]
  }
}'

The response will include the table id:

{
  "values": [
    {
      "id": "dn44266.us-east-2.aws.snowflakecomputing.com/database/LOCATION/schema/COUNTRIES/table/USA",
      "type": "SnowflakeTable",
      "properties": {
        "created_at": "2021-05-14T21:18:55Z",
        "name": "USA"
      },
      "destination_node_count": 1,
      "permissions": []
    }
  ],
  "next_page_token": "MzA=",
  "has_more": false
  }

Apply a tag by specifying a key and optional value:

curl $BASEURL/api/v1/graph/nodes/veza_tags \
  -H 'authorization: Bearer '$TOKEN \
  --data-raw '{
  "node_id": "dn44266.us-east-2.aws.snowflakecomputing.com/database/LOCATION/schema/COUNTRIES/table/USA",
  "tags": [
    {
      "key": "department",
      "value": "finance"
    }
  ]
  }'

Remove a tag by providing the entity id and the tag key to delete:

  curl $BASEURL/api/v1/graph/veza_tags:remove \
  -H 'authorization: Bearer '$TOKEN \
  --data-raw '{
  "node_id": "dn44266.us-east-2.aws.snowflakecomputing.com/database/LOCATION/schema/COUNTRIES/table/USA",
  "tag_key": "department"
  }'

PreviousCohort Role Analysis NextCreate, Add, Remove Tag

Last updated 1 year ago

Was this helpful?

is a product capability allowing organizations to add additional metadata to the entities (such as users, roles, tables, or any other resource/identity) discovered by Veza.

curl 'https://{{VezaUrl}}/api/v1/graph/nodes/veza_tags' \
  --data-raw '{
      "node_id":"arn:aws:s3:::aws-cloudtrail-logs-527398259632-c98becd0",
      "tags":[
          {"key":"custom_tag","value":"one"}
        ]
    }'

You can filter results for entities with a given tag, create based on tags, or use them to add context and notes that other users can view and search by.

To apply a tag, you will need the ID of the node to modify. Calling will return IDs as part of the search result. You can also retrieve this value by clicking Show Details for the entity in Authorization Graph, or checking the ID column from Identity Data Entities or the Query Builder.

Quick Start

Generate a bearer token from .

For the examples below, BASEURL should be the address of your Veza instance, such as https://<org>.vezacloud.com.

export BASEURL=https://<org>.vezacloud.com} \
export TOKEN=Sk9lcmEta2w2c2padklkaDhOcDVhTWdVU3FlTlpVajg=

Use Get Query Spec Nodes to find Snowflake tables reachable by federated Okta users belonging to the Finance department:

curl $BASEURL/api/v1/assessments/query_spec:nodes \
  -H 'authorization: Bearer '$TOKEN \
  --data-raw '{
  "query_type": "SOURCE_TO_DESTINATION",
  "include_nodes": true,
  "source_node_types": {
    "nodes": [
      {
        "node_type": "SnowflakeTable"
      }
    ]
  },
  "destination_node_types": {
    "nodes": [
      {
        "node_type": "OktaUser",
        "condition_expression": {
          "specs": [
            {
              "fn": "CONTAINS",
              "property": "department",
              "value": "Finance"
            }
          ]
        }
      }
    ]
  }
}'

The response will include the table id:

{
  "values": [
    {
      "id": "dn44266.us-east-2.aws.snowflakecomputing.com/database/LOCATION/schema/COUNTRIES/table/USA",
      "type": "SnowflakeTable",
      "properties": {
        "created_at": "2021-05-14T21:18:55Z",
        "name": "USA"
      },
      "destination_node_count": 1,
      "permissions": []
    }
  ],
  "next_page_token": "MzA=",
  "has_more": false
  }

Apply a tag by specifying a key and optional value:

curl $BASEURL/api/v1/graph/nodes/veza_tags \
  -H 'authorization: Bearer '$TOKEN \
  --data-raw '{
  "node_id": "dn44266.us-east-2.aws.snowflakecomputing.com/database/LOCATION/schema/COUNTRIES/table/USA",
  "tags": [
    {
      "key": "department",
      "value": "finance"
    }
  ]
  }'

Remove a tag by providing the entity id and the tag key to delete:

  curl $BASEURL/api/v1/graph/veza_tags:remove \
  -H 'authorization: Bearer '$TOKEN \
  --data-raw '{
  "node_id": "dn44266.us-east-2.aws.snowflakecomputing.com/database/LOCATION/schema/COUNTRIES/table/USA",
  "tag_key": "department"
  }'