Services

Explore Kyndryl Bridge Services

Access tags management
Published On Jun 09, 2026 - 11:34 AM

Access tags management

Define and manage roles and permissions for resources using access tags, which group resources and control access through keypairs.
An access tag is a tool used to logically group resources for access management purposes. A tag is a key:value pair that is attached to an organization, folder, or project. Hence, you can conditionally grant IAM roles or conditionally deny IAM permissions based on whether a resource has a specific tag. Other resources inherit tag values from their parent organization, folders, and project. As a result, you can use tags to manage access to any cloud resource.  To understand which roles and permissions are required, see Roles and permissions.
The benefit of access tags is that it facilitates a flexible way to manage resource groupings, and by doing so your projects can only be accessed by selected members.

About tag-based access control

Using conditions and a set of tag variables, you can add a policy to scope access based on the tags that have been applied to a resource. Access can be controlled based on a tag that exists on the resource. Tag-based access control provides additional flexibility to your policies by allowing you to define access policies with tags.
Keep in mind when creating access tags:
  • Access tags are visible account-wide in all Kyndryl Bridge Services; avoid using personal information.
  • Access tags must always be in the key:value format. Think of it as a string to isolate two logical parts, for example
    project:projectname
    . The Kyndryl Bridge IAM user interface (UI) makes this distinction very clear.
  • Access tags, both key and value, are case sensitive.

What is a resource?

A resource is any item that is created or owned by an application, such as virtual machines (VM), orders, and provider connections.

What is a resource group?

A resource group helps you organize your resources in a way that best fits within your business. With resource groups, you can quickly grant users access to one or more resources at the same time. So, a resource group is a group that contains one or more resource attributes that maps to a collection of similar resources.

What is an attribute?

An attribute is an element or metadata of the resource that helps identifying the resources, such as AssetID, OrderID, virtual machine in a specific region, or virtual machine of a given provider.

Accessing the tags page

The access tags page allows you to create, view, and delete access tags and also associate them to access policies and connections. In this way, you can control your access management needs quickly and efficiently. To access the access tags page, follow these steps:
  1. Click the Global menu icon.
  2. Click
    Settings
     and select
    Service IAM
    . The IAM page opens.
  3. Select
    Access Tags
     from the left navigation bar of the page. The Access Tags page opens.
  4. Once in the Access Tags page, you can perform a series of actions to personalize your access management needs, including the following:
    1. Creating new access tags.
    2. Deleting an access tag.
    3. Adding an access tag to an existing policy in access groups.
    4. Adding an access tag while creating a connection.

Creating new access tags

  1. Click
    Add New
    .
  2. Select
    Add Access Tag
    . The Add Access Tag page opens.
  3. Add the key and the value for your tag.
  4. You can add more tags by clicking
    Add Tag +
    .
  5. Click
    Add
     to finish.

Deleting an access tag

  1. Click the overflow menu next to the tag that you want to delete.
  2. Select
    Delete
    .
  3. Confirm the deletion.
You can delete several access tags in bulk. To do so, check the boxes next to each of the access tags and click
Delete
 at the top of the
Access Tags
 list.

Adding an access tag to an existing policy in access groups

Often, you may need to add an
access tag
 to an existing policy inside an access group to restrict some resources, based on tags as selected attributes. Go to Adding access policies to an access group and follow the steps.

Adding an access tag while creating a connection

When you are creating or editing your connections to onboard cloud, tool, or content providers, it is important to add your
access tag
 in the process. In the dedicated tags field, you can apply existing tags or create new ones on the spot to associate them to your connection. For more information, see Connections.
Do you have two minutes for a quick survey?
Take Survey