No results for ""
EXPAND ALL
  • Home
  • API docs

Using tags

Read time: 2 minutes
Last edited: Oct 02, 2024

Overview

This topic explains how to use tags with custom roles to control who has access to certain resources in LaunchDarkly.

Tags are customizable labels that help you categorize certain LaunchDarkly resources including flags, segments, metrics, projects, and environments. To learn how to add tags to resources, read Tags.

Tags in custom role policies

You can allow or deny account members access to resources with specific tags.

In the LaunchDarkly user interface (UI), you can only specify tags in custom roles from the advanced editor. Below are examples of allowing and denying access to resources with specific tags.

Allow access to resources with multiple tags

The below statement allows a member with this role to perform all actions at the flag level for flags tagged tag1 and tag2:

[
{
"effect": "allow",
"actions": ["*"],
"resources": ["proj/*:env/*:flag/*;tag1,tag2"]
}
]

Allow access to resources with one or more tags

You can also separate multiple tags for a resource with statements to create an "or" condition.

In the example below, the two statements allow member access to flags tagged either tag1 or tag2:

[
{
"effect": "allow",
"actions": ["*"],
"resources": ["proj/*:env/*:flag/*;tag1"]
},
{
"effect": "allow",
"actions": ["*"],
"resources": ["proj/*:env/*:flag/*;tag2"]
}
]

Deny access to resources with one or more tags

The following example gives a member access to all flags except those tagged either tag1 or tag2:

[
{
"effect": "allow",
"actions": ["*"],
"notResources": ["proj/*:env/*:flag/*;tag1"]
},
{
"effect": "allow",
"actions": ["*"],
"notResources": ["proj/*:env/*:flag/*;tag2"]
}
]

For more custom role policy examples, read Example policies and templates.