Skip to content

Tagging Mechanism in Privacera Discovery

Tags are a fundamental component of Privacera Discovery and play a critical role in data classification and access control. Beyond assigning policies to specific resources or user roles, Privacera allows you to create tag-based policies that apply across multiple datasets and storage systems.

What Are Tags?

Tags are metadata labels that Privacera assigns to data assets to indicate their sensitivity or classification. Tags help in managing data security uniformly, regardless of where the data resides—be it in databases, files, or data lakes.

Examples of Tags:

  • PERSON_NAME
  • PII
  • US_ADDRESS
  • EMAIL

How Tags Are Applied

Privacera Discovery automatically scans your connected data sources and applies tags to sensitive fields such as:

  • Columns
  • Tables
  • Files

For example:

  • A column having emails will be tagged as EMAIL.
  • A field called Phone_Number might be tagged as PHONE_NUMBER.

This tagging process enables administrators to quickly identify and act upon sensitive data throughout the enterprise.

Purpose of Tags

Tags enhance your data's metadata by embedding classification context, which can be used to:

  • Identify sensitive information
  • Apply consistent access control policies across resources
  • Monitor and audit access to classified data

Tag-Based Access Control (TBAC)

Once data is tagged, tag-based access control (TBAC) can be implemented. This allows you to:

  • Apply policies to any data carrying a specific tag (e.g., deny all access to PII data for external users)
  • Enforce privacy and compliance controls more uniformly

Tag Visibility

All tags applied by Privacera Discovery are visible in the Classification page in the UI. This allows:

  • Browsing and searching tags
  • Reviewing tag distribution across data sources
  • Understanding tag coverage

Tags and Rule Execution

Tags are assigned to data based on classification rules. These rules define the conditions under which data is tagged. The rule engine evaluates the rules in order of priority, and the first rule that matches all the defined conditions applies the configured tag to the data. You can re-order the rules to control priorities, giving you full control over how data is tagged.

Conclusion

Tags provide a powerful abstraction for managing and securing sensitive data across diverse environments. By automating the tagging process and enabling tag-based policies, Privacera helps organizations achieve scalable, centralized, and compliant data governance.

Comments