AcademyCustomer Portal

Tags Security

Based on the Tags Security system setting (tag.security.mode), a new tag governance model has been introduced. This setting determines how Master Tags and their associated Tags are governed, as well as the level of access control enforced.

Tags Secure Mode is an advanced configuration designed to strengthen governance by implementing role-based access control at the Master Tag level. When this mode is enabled, it introduces structured, domain-specific tag management, ensuring that only authorized users can view, modify, or assign tags within their permitted scope.

  • Enables granular, role-based security and governance at the Master Tag level.

  • Tag access and management are controlled based on permissions and governance roles (Owner, Steward, Custodian) assigned to each Master Tag.

    • Unlocks additional features:

      • Master Tag-specific custom fields

In a large organization, Tags in secure mode can be used to classify and control access to sensitive data. Master Tags represent high-level domains (e.g., Finance, HR, Operations), while secure sub-tags categorize specific datasets (e.g., Payroll, Credit Risk, Trading Data) and restrict visibility to authorized governance roles.

Master Tags

Through Master Tag Administration, designated personnel can create, delete, and assign permissions for Master Tags, as well as control who can manage tags within each domain.

In Secure Mode, a Master Tag acts as a domain-like entity that a user with the Master Tag Creator role (ovaledge.mastertag.admin) can create. The Master Tag—Security Module in data governance allows organizations to manage and implement security policies on tags through a centralized tagging system. Master tags are created under Administration > Security > Master Tags.

Create Master Tags

The master tag can be created using the ‘+’ icon located on the right side of the page. Enter all the relevant fields, then click Save.

The master tag will be created and displayed under the Master Tag column, as shown below.

All tags linked to a master tag will have the same governance roles as the master tag.

Update Permissions

Updating permissions in data governance is essential for maintaining secure and efficient access to data assets.

Go to Nine Dots and click Update Permissions. This allows the Security Governance Admin Role (SGA) to update the roles/users on master tags and corresponding meta permissions (Read-Write or Read-Only).

Update Governance Roles

Updating governance roles in data governance involves modifying the responsibilities and permissions of individuals or groups(teams) who manage and control data assets.

Go to Nine Dots and click Update Governance Roles. The Security Governance Admin Role (SGA) can update the governance roles by adding and modifying Owners, Stewards, Custodians, and, if configured, additional Governance Roles (4, 5, 6) through the drop-down list.

Cascade to Hierarchy

If the user selects this option, the chosen governance roles will apply to the entire hierarchy, including its parent and child tags.

Delete Master Tag

Master tags can be deleted from Nine Dots by selecting 'Delete Master tag'. If the Security Governance Admin Role (SGA) deletes the master tag, its associated tags will also be deleted. Additionally, the associated objects on tags will be dissociated.

Security Matrix - Secure Mode

Actions
Master Tag Admin
Security & Governance Admin (SGA)
Governance Role - Master Tag
Governance Role - Tag
Author with MetaWrite Permission
Author with MetaRead Permission

Master Tag Creation

Yes

No

No

No

No

No

Master Tag Deletion

No

Yes

No

No

No

No

Update Admin (Security Governance Admin)/Update Permissions

No

Yes

No

No

No

No

Update Governance Roles - Master Tags

No

Yes

Yes

No

No

No

Master Tag Metadata Edit - Title, Description, Avatar

No

Yes

Yes

No

No

No

Update Governance Roles - Tags

No

Yes

No

Yes

No

No

Tag Creation

No

Yes

Yes

No

No

No

Tag Deletion

No

Yes

Yes

Yes

No

No

Remove all associated resources

No

Yes

Yes

Yes

No

No

Tag Metadata Edit - Title, Description, Avatar, Custom Fields

No

Yes

Yes

Yes

Yes

No

Change Master/Parent Tag

No

Yes

Yes

Yes

Yes

No

Associate Child Tags

No

Yes

Yes

Yes

Yes

No

Make Tags Non-Assignable/Assignable

No

Yes

Yes

Yes

Yes

No

View History: Description, Custom Fields

No

Yes

Yes

Yes

Yes

No

View Tags

No

Yes

Yes

Yes

Yes

Yes

Explore Resources

No

Yes

Yes

Yes

Yes

Yes

'Add Resources' action is governed by Object Security.

Additional capabilities and features

The following additional features are available when Tags Security is set to Secure Mode.

Tags Summary

The Governance Roles are a part of the Tags in the Secure Mode, and selected custom fields configuration can be added for any selected Master Tag.

Governance Roles

The Data Governance role identifies the team members accountable for governing an asset. Users would quickly know who to contact for asset-related queries. Authorized users can enhance their control over governance roles by adding and modifying Owners, Stewards, Custodians, and, if configured, additional governance roles (4, 5, 6) through the drop-down list.

Tags are visible in My Desk along with the Governance Roles.

Custom Fields Configuration

Navigate to Custom Fields and select the Object Type as Tag. Click on "Master Tag" and choose the desired tag from the dropdown list. Add the required custom fields, such as Text, Code, Number, or Date, for the selected Master Tag.

The custom field settings defined for a Master Tag are automatically cascaded to all tags within it, ensuring consistency.

Tags 9 Dots

Update Governance Roles

This option allows users to modify the roles associated with the master tag, ensuring proper access control and management. Authorized users can enhance governance control by adding and modifying roles such as Owners, Stewards, Custodians, and other configured roles (e.g., Governance Roles 4, 5, and 6) using the drop-down list.

Open and Secure Mode Differences

The following table provides a detailed comparison between Open Mode and Secure Mode.

Actions
Open Mode
Secure Mode

Master Tag Creation

  • The functionality for creating and managing tags is centralized in the Tags module, with no separate Security module for this purpose.

  • Tags are created using the Create Tag option, and if no parent is assigned, the tag is treated as a Master Tag (a pseudo-concept).

Master Tags are managed exclusively within the Security module, and not in the Tags module.

  • The Master Tag tab in Security is retained, and Master Tags can be created directly from the Security module.

  • Master Tag selection is mandatory when creating a tag.

  • Master Tags will still be visible in the Tags List Page.

Master Tag Deletion

  • A Master Tag can be deleted in the same way as a regular tag, with the usual two deletion options available.

  • The delete option appears on both the Summary and Grid pages.

  • If only the Master Tag is deleted, the tags under it will automatically become Master Tags.

  • Deleting the Master Tag is only allowed from the Security module.

  • Deleting a Master Tag will also delete all its associated Tags. There is no option to delete just the Master Tag alone.

  • The Master Tag tab remains in the Security module for managing deletions.

Update Admin (Security Governance Admin)/Update Permissions

This option is not available as there is no Master Tag tab in the security module.

SGA (Security & Governance Admins) and permissions can be modified using the 9 Dots menu or through inline editing available in the Security tab.

Update Governance Roles - Master Tags

The Update Governance Role option for Master Tags is not available, as Governance Roles are not defined in open mode.

  • The Governance Roles option will be available in the 9 Dots menu on the Summary Page, List Page, and Security Page.

  • Since Master Tags appear in the List Page, the Governance Roles column will be shown for both Tags and Master Tags.

  • The Custom View widget will display the Governance Roles group.

  • A Governance Roles section will be added to the Summary Page, and also included in the Manage Section under Custom Fields.

Master Tag Metadata Edit - Title, Description, Avatar

Title and description can be edited, and the 9 Dots menu for Avatars is available. An admin can perform these actions.

  • All options, including Custom Fields, will be available.

  • Custom Security will control permissions for these options.

Update Governance Roles - Tags

The Governance Roles option is not available.

  • Governance Roles are available.

  • When a Tag is created, Governance Roles from the Master Tag will automatically cascade to it.

  • These roles can be updated individually for each tag.

  • The Governance Roles section will appear in both Tags and Master Tags Summary Pages, and will be part of the Manage section in Custom Fields.

  • Governance Roles are also shown as columns in the List Page and as fields in Custom Views under the Governance Roles group.

  • The Update option is available in the 9 Dots menu on both the Summary Page and List Page.

Tag Creation

  • Parent Tag is optional when creating a tag, and Master Tag is not given as an option.

  • On the Summary Page, the Master Tag and Parent Tag fields are auto-filled when creating a tag.

  • The Create Tag button is available on Summary Pages.

  • In the Create Tag pop-up, selecting a Master Tag is mandatory, while the Parent Tag is optional.

  • If only the Master Tag is selected, the tag becomes a first-level tag under it.

  • If both the Master Tag and the Parent Tag are selected, the tag is created under the Parent Tag.

  • The Create Tag button will be available on Summary Pages.

Tag Deletion

  • The tag deletion option offers two choices: Only this Tag and Tag and its hierarchy. This applies to both Tags and Master Tags.

  • If only the Master Tag is deleted, the child tags will become Master Tags.

  • The deletion option will remain available in the Summary Pages and List Pages.

  • The tag deletion option has two choices: Only this Tag and Tag and its hierarchy.

  • This option does not apply to Master Tags. Master Tags must be deleted from the Security page.

  • The tag deletion option will be available in the Summary Pages and List Pages.

Remove all associated resources

This option is available in the Summary and List pages.

This option is available in the Summary and List pages.

Tag Metadata Edit - Title, Description, Avatar, Custom Fields

  • Custom Fields for Master Tags will be the same as for Tags and can be managed by an admin.

  • Master Tag-specific custom fields will not be available.

  • In the Custom View of the List Page, the Master Tag-specific custom fields dropdown will be hidden.

  • In the Custom Fields module, the Master Tag-specific dropdown will also be hidden.

  • The Custom Fields History option will be available for Master Tags.

  • Custom Fields will be available for Master Tags, and they will include both the shared fields with Tags and Master Tag-specific fields.

  • In the Custom View of the List Page, the Master Tag-specific custom fields dropdown will be visible.

  • In the Custom Fields module, the Master Tag-specific dropdown will also be available.

  • The Custom Fields History option will be available for both Tags and Master Tags.

Change Master/Parent Tag

  • Any Tag can be converted into a Master Tag using the "Update as Master Tag" checkbox.

  • For Master Tags, selecting a Master Tag is mandatory, while the Parent Tag is optional.

  • For regular Tags, the Master Tag is not mandatory, and the Parent Tag is optional.

  • Master Tags cannot be moved under another Master Tag.

  • The Master Tag selection is mandatory, and the Parent Tag is optional.

  • The related option in the 9 Dots menu will be removed from the List Page but will remain in the Summary Pages.

Associate Child Tags

Child tags can be associated with other Master Tags. The Associate Child Tags dropdown displays all Master Tags along with their hierarchies and will be visible from the Summary.

Child tags from other Master Tags cannot be associated. The Associated Child Tag pop-up shows only the Tags belonging to the selected Master Tag in the associate tree.

Make Tags Non-Assignable/Assignable

This option is available in the Summary and List pages.

This option is available in the Summary and List pages.

View History: Description, Custom Fields

View History (Description and Custom Fields) is accessible to everyone.

View History (Description and Custom Fields) can be viewed by the roles/users with the given permissions.

View Tags

Everyone can view the Tags

Roles/users with the given permissions can view the Tags.

Explore Resources/Search Page

Everyone can view Master Tags. In the Search Page, the Master Tag filters will reflect the new Master Tags (old first-level Tags). There is no change to existing behavior.

Master Tags can be viewed by roles or users with the appropriate permissions. In the Search Page, the Master Tag filters will display the new Master Tags (formerly called first-level Tags). There is no change to existing functionality.

Add Resources

Resources can be added, and their access is governed by object security.

Resources can be added, and their access is governed by object security.

Master Tag Page - 9 Dots

The 9 Dots menu for Master Tags will include the same options as the Tags menu.

These options are:

  • Custom Fields History

  • Change Master/Parent Tag

  • Associate Child Tag(s)

  • Make Tag Assignable / Non-Assignable

  • Change Avatar

  • Remove all associated resources

  • Delete Tag

All these options will be available in the 9 Dots menu on the Summary Page.

The 9 Dots menu for Master Tags will include more options as Master Tags now function as a hybrid of Tag and Master Tag.

These options are:

  • Custom Fields History

  • Associate Child Tag(s)

  • Make Tag Assignable / Non-Assignable

  • Change Avatar

  • Update Governance Roles

  • Remove all associated resources

The options Update Master/Parent Tag and Delete Tag are not applicable and will not be shown for Master Tags.

Master Tag Page - Sections in Summary Page

The following sections will be included in the Summary Page:

  • Description

  • Total Resources

  • Directly Associated Resources

  • Tag Details

  • User Activities

  • Custom Sections

  • Child Tags

The following sections will be included in the Summary Page:

  • Description

  • Total Resources

  • Governance Roles

  • Directly Associated Resources

  • Tag Details

  • User Activities

  • Custom Sections

  • Child Tags

Suggest A Tag template

  • The Master Tag and Parent Tag fields are optional during tag creation.

The Master Tag option should be mandatory during tag creation.

My Desk

Since no Governance Roles can be assigned, the Tags tab will be hidden in My Desk.

Since Governance Roles are assigned, the Tags tab will be visible in My Desk.

Security

Since the system follows an Open Security model, the Master Tag tab is hidden in the Security section.

Since the system follows a Secure Security model, the Master Tag tab is displayed in the Security section.

Load Metadata from Files

The LMDF version doesn’t have the Master Tag sheet and the associated Governance Roles.

The LMDF version has the Master Tag sheet to create, update and delete Master Tags. Admin can also update the associated Governance Roles for both Master Tags and Tags.

Application APIs

The following API Endpoints are not applicable:

  • /api/tag/update/secure/masterTagAndParentTag

  • /api/tag/secure/update

  • /api/tag/secure/add

  • /api/tags/secure/v2

The following API Endpoints are used exclusively in this mode to create, update, and get Tags:

  • /api/tag/update/secure/masterTagAndParentTag: Update the existing tag's master tag and parent tag.

  • /api/tag/secure/update: Update existing tag.

  • /api/tag/secure/add: Create tags.

  • /api/tags/secure/v2: Returns all the existing tags.

Copyright © 2025, OvalEdge LLC, Peachtree Corners, GA, USA.

PreviousExplore TagsNextIntroduction to Connectors

Last updated

Was this helpful?