Understanding Access Control for Tags
Copy for LLM
Copy page as Markdown for LLMs
View as Markdown
Open this page as Markdown
Open in ChatGPT
Get insights from ChatGPT
Open in Claude
Get insights from Claude
Connect to Cursor
Install MCP server on Cursor
Connect to VS Code
Install MCP server on VS Code

The access control of data tagging is based on a user’s database permission. There are two types of users in Treasure Data: Restricted User and TD Administrator.

See About Policy-based Permissions to learn more about DB PBP and the legacy database access control.

The account has DB PBP disabled
The account has DB PBP enabled

The account has DB PBP disabled

If the account has DB PBP disabled the account is using the legacy database access control model.

In the legacy database access control model, the administrator automatically has edit permission for all databases. Switch between TD Console and TD Console Legacy using the Treasure Data Logo at the top left of TD Console.

Column Tags

Administrator
- Only the TD administrator can create or delete Policy/Resource types of tags.
- With edit permission on the database, the administrator can:
  - List all tags that are attached to columns or user-defined workflows.
  - Attach or detach Resource tags to the columns or user-defined workflows.
  - Attach or detach Policy tags to the columns or user-defined workflows.
Restricted User
- With edit permission on the database, the restricted user can:
  - List all tags that are attached to columns or user-defined workflows.
  - Attach or detach Resource tags to the columns or user-defined workflows.
  - Attach or detach Policy tags to the columns or user-defined workflows.
- With only query permission on the database, the restricted user can list (view) all tags that are attached to columns or user-defined workflows.

The account has DB PBP enabled

Column Tags

Administrator
- Only the TD administrator can create or delete Policy/Resource types of tags.
- With edit permission on the database, the administrator can:
  - List all tags that are attached to columns or user-defined workflows.
  - Attach or detach Resource tags to the columns or user-defined workflows.
  - Attach or detach Policy tags to the columns or user-defined workflows.
- With only query permission on the database, the administrator can list (view) all tags that are attached to columns or user-defined workflows.
Restricted User
- With edit permission on the database, the restricted user can:
  - List all tags that are attached to user-defined workflows.
  - Attach or detach Resource tags to user-defined workflows.
- With only query permission on the database, the restricted user can list (view) all tags that are attached to columns or user-defined workflows.

The restricted user cannot attach or detach policy tags, even with edit permission. Attaching or detaching policy tags impacts access control that is set up by tag-based policies. In DB PBP, only the TD administrator can configure database access control.

Understanding Access Control for TagsCopyCopy for LLMCopy page as Markdown for LLMsView as MarkdownOpen this page as MarkdownOpen in ChatGPTGet insights from ChatGPTOpen in ClaudeGet insights from ClaudeConnect to CursorInstall MCP server on CursorConnect to VS CodeInstall MCP server on VS Code

The account has DB PBP disabled

Column Tags

The account has DB PBP enabled

Column Tags

Was this helpful?