Promoted Tags

Operations for adding, removing, and listing tags for entity enrichment.

Tag promotion for Access Reviews is currently available in Early Access. Please contact our support team to enable this capability.

Use these APIs to define the tags Veza should treat as customer-defined properties. Access Reviews that involve these entity types will include columns showing the tag name and value.

For example, in AWS, you may automatically tag identities with a 3rd-party security tool, or use tags to label S3 buckets containing sensitive data. When a tag is promoted, Veza Access Reviews will treat the tag as a built-in entity attribute, and show this information for reviewers in an optional column.

Promote tag

Add a promotion rule by specifying its type and key, and the entity types it applies to:

include_entity_types: if true, promote tags for the listed type(s).
exclude_entity_type: if true, promotes tags for all entities except the listed type(s).

You can promote tags for any integration that supports them, such as Snowflake or Google Cloud. Use Veza tags for integrations that do not support vendor-native tags or when built-in tagging is unavailable. Example tag types:

AWSTag
CookieTag (Veza Tag)
GoogleCloudLabel

Entity types for tag promotion should be concrete types. You can confirm the format by viewing details for any graph node, and checking the Type attribute, for example:

OAA.PagerDuty.User
ActiveDirectoryUser
OAA.custom_idp.IDPUser

Promote Tag

Adds a promoted tag. If a promoted tag with the same tag_key and tag_type already

exists, a unique constraint error will be returned without modifying the existing

promoted tag.

POST/api/preview/graph/tag_promotions

Body

tag_keystring

tag_key and tag_type specify the tag to be promoted

tag_typeinteger (enum)

include_entity_typesarray of string

Only one or the other makes sense to be set. include_entity_types indicates promote only for the listed type exclude_entity_type indicates promote for any type except for the listed types The types should be concrete types, and OAA types should be supplied with their native types name, ie "OAA.ApplicationName.Type".

exclude_entity_typesarray of string

Response

Body

PromoteTagResponse (object)

Request

const response = await fetch('/api/preview/graph/tag_promotions', {
    method: 'POST',
    headers: {
      "Content-Type": "application/json"
    },
    body: JSON.stringify({}),
});
const data = await response.json();

Response

{}

Demote tag

Remove a promotion rule for the specified tag key and type. Demotions apply on the next data source parse.

Demote Tag

Demotes a promoted tag

POST/api/preview/graph/tag_promotions:demote

Body

tag_keystring

tag_typeinteger (enum)

Response

Body

DemoteTagResponse (object)

Request

const response = await fetch('/api/preview/graph/tag_promotions:demote', {
    method: 'POST',
    headers: {
      "Content-Type": "application/json"
    },
    body: JSON.stringify({}),
});
const data = await response.json();

Response

{}

Get all promotion rules for all entity types.

List Tag Promotions

List promoted tags

GET/api/preview/graph/tag_promotions

Response

Body

tag_promotionsarray of TagPromotion (object)

Request

const response = await fetch('/api/preview/graph/tag_promotions', {
    method: 'GET',
    headers: {},
});
const data = await response.json();

Response

{
  "tag_promotions": [
    {
      "tag_key": "text",
      "include_entity_types": [
        "text"
      ],
      "exclude_entity_types": [
        "text"
      ]
    }
  ]
}

PreviousCreate, Add, Remove Tag NextAccess Reviews APIs

Last updated 11 days ago

Promote tag

Promote Tag

Demote tag

Demote Tag

List tag promotions

List Tag Promotions

Demote Tag

Promote Tag

List Tag Promotions