# Data Asset Group (DAG)

DAG (Data Asset Group) provides a powerful mechanism for managing governance and security on data objects within OvalEdge. They allow administrators to:

* **Override Initial Governance:** Assign new Stewards, Custodians, and Owners to data objects, replacing those defined during data ingestion.
* **Set Security Permissions:** Control access to data objects by granting Metadata (view/edit) permissions to specific roles for DAG tags.
* **Create and Manage DAG Tags:** Define new tags and organize them hierarchically within the "Tags" section for easy management.

**Benefits of DAG:**

* **Centralized Governance:** Streamline governance assignments by managing stakeholders at the tag level.
* **Simplified Access Control:** Efficiently set permissions for groups of data objects using DAG tags. 

  <figure><img src="https://content.gitbook.com/content/hTnkoJQml0pok9awFDhx/blobs/o1qv7IbfJjjkjlf7RgNC/image.png" alt=""><figcaption></figcaption></figure>

**Creating and Managing DAGs (OE\_ADMIN only)**

OE\_ADMIN and users with the "ovaledge.role.admin" role can create and manage Data Asset Group (DAG) tags within OvalEdge.

**Actions**

* **Create DAGs:** Define new DAG tags to manage governance and security settings for data objects.
* **Manage Permissions:** Grant or revoke Metadata (view/edit) access to DAG tags for specific roles and users based on license limitations.
* **Set Security Inheritance:** Determine whether DAG security overrides the security defined directly on data objects (Authorized Roles and User Access permissions).
* **Delete DAGs:** Remove existing DAG tags. Upon deletion, associated data objects revert to their default access permissions and governance roles.