Operations for adding, removing, and listing tags for entity enrichment.
Tag promotion for Access Reviews is currently available in Early Access. Please contact our support team to enable this capability.
Use these APIs to define the tags Veza should treat as customer-defined properties. Access Reviews that involve these entity types will include columns showing the tag name and value.
For example, in AWS, you may automatically tag identities with a 3rd-party security tool, or use tags to label S3 buckets containing sensitive data. When a tag is promoted, Veza Access Reviews will treat the tag as a built-in entity attribute, and show this information for reviewers in an optional column.
Add a promotion rule by specifying its type and key, and the entity types it applies to:
include_entity_types: if true, promote tags for the listed type(s).
exclude_entity_type: if true, promotes tags for all entities except the listed type(s).
AWSTag
CookieTag (Veza Tag)
GoogleCloudLabel
Entity types for tag promotion should be concrete types. You can confirm the format by viewing details for any graph node, and checking the Type attribute, for example:
OAA.PagerDuty.User
ActiveDirectoryUser
OAA.custom_idp.IDPUser
Remove a promotion rule for the specified tag key and type. Demotions apply on the next data source parse.
Get all promotion rules for all entity types.
You can promote tags for any integration that supports them, such as Snowflake or Google Cloud. Use for integrations that do not support vendor-native tags or when built-in tagging is unavailable. Example tag types:
Adds a promoted tag. If a promoted tag with the same tag_key and tag_type already
exists, a unique constraint error will be returned without modifying the existing
promoted tag.
tag_key and tag_type specify the tag to be promoted
Only one or the other makes sense to be set. include_entity_types indicates promote only for the listed type exclude_entity_type indicates promote for any type except for the listed types The types should be concrete types, and OAA types should be supplied with their native types name, ie "OAA.ApplicationName.Type".