Skip to main content

Access Control: Tags

Introduction

Tags are metadata that are applied to tasks and workflows. They can be used in many different ways - to note what applications use the task or workflow, or in the case of this article, what application/group has access to the workflow or task.

screenshot of workflow definition with a tag

For access control, tags work in an identical manner to application access control, but with the advantage of visibility in the opposite direction. With tags, every workflow and task is 'tagged' with metadata, making it easier to determine what access is being provided.

Adding a Tag to a Workflow

There are several ways to add a tag to a workflow. In this section, choose between using the API or the Conductor UI for detailed instructions on both options.

Conductor UI

To add a tag to a workflow via the Conductor UI, navigate to the Workflow Definitions page, and find the workflow you wish to tag. In the Actions Column, click the tag icon.

This will open a dialogue window that allows you to add a new tag. Type the key:value and press enter to add the workflow.

You may also remove tags using the same window by clicking the "X" next to the tag you wish to delete.

editing tags via the dashboard

Adding a Tag to a Task

There are several ways to add a tag to a task. In this section, choose between using the API or the Conductor UI for detailed instructions on both options.

Conductor UI

To add a tag to a task via the Conductor UI, navigate to the Task Definitions page, and find the task you wish to tag. In the Actions Column, click the tag icon.

This will open a dialogue window that allows you to add a new tag. Type the key:value and press enter to add the tag to the task.

You may also remove tags using the same window by clicking the "X" next to the tag you wish to delete.

editing tags via the dashboard

Adding Access Control to a tag

There are two ways to provide access to a Workflow on the dashboard:

  • Access to a Group of users
  • Access via API with Key:secret.

Let's walk through both examples.

Adding tags to a Group

If you have a group of users:

a group missing the rings:true tag

We can add the tag rings:true, and with EXECUTE permission to allow those users to run the workflow. Adding READ permission will show the workflow in the dashboard for all of the users (but they will be unable to edit).

adding the tag permissions

Clicking OK adds the tag to the Group.

a group with the rings:true tag

Adding Tags to an Application

In order for users to access your application via the API, an application key:secret must be assigned. This can be added for each application and task individually, but to add a large number of workflows and tasks at once to an application, the tag can be used

By adding the rings:true tag to this application, any JWT token generated by the application Key:secret can access the applications with that tag.

an application with the rings:true tag