Groups & Tags

Groups and Tags in the SDA Platform provide flexible, scalable ways to organize assets across your global industrial environment. They serve as foundational organizational constructs used throughout the platform—supporting navigation, bulk operations, automation workflows, and role-based access control (RBAC). Both Groups and Tags can be used independently or together to create a consistent, maintainable structure for managing large fleets of devices, projects, gateways, and other resources.

Overview

As automation environments grow across sites, lines, vendors, and teams, organizing assets efficiently becomes critical. Groups and Tags allow you to categorize resources in a way that matches your real-world operational structure:

  • Groups represent hierarchical organizational units—such as regions, facilities, lines, or logical teams.

  • Tags provide a lightweight, flexible labeling system for categorizing assets by attributes such as vendor, process area, lifecycle stage, or maintenance priority.

Both constructs can be used throughout the SDA Platform for filtering, search, permissions, reporting, and automated workflows.

Groups

What Are Groups?

Groups are structured organizational containers that allow you to mirror your global operational environment inside SDA. They provide a predictable hierarchy that can represent:

  • Global → Region → Site → Line

  • Corporate → Department → Team

  • Production → Testing → Development environments

  • Or any structure that best fits your organization’s operating model

Groups can contain devices, gateways, projects, pipelines, and other assets.

Key Capabilities

  • Hierarchical Organization: Build consistent top-down structures that reflect your actual plant or organizational layout.

  • Access Control: Assign permissions to Groups to manage who can view or act on assets within the group.

  • Scoped Operations: Run pipeline actions, audits, or bulk tasks limited to a specific Group.

  • Cross-Platform Integration: Groups appear in Dashboards, Device View, Pipelines, Audit Logs, Security Hub, and more.

Common Use Cases

  • Organizing assets across multiple sites or regions

  • Scoping sensitive environments such as production versus test

  • Restricting engineering access by site, department, or function

  • Filtering dashboards or reports by operational structure

Tags

What Are Tags?

Tags are flexible, non-hierarchical labels that can be applied to assets across the platform. Unlike Groups—which provide structure—Tags provide metadata describing characteristics or shared attributes.

Tags can be anything meaningful to your environment, such as:

  • Vendor: Siemens, Rockwell, SEW

  • Lifecycle: Production, Commissioning, Archived

  • Process Area: Packaging, Filling, Mixing

  • Ownership: IT, OT, Maintenance Team

  • Priority: Critical, High Availability, Non-Critical

Key Capabilities

  • Flexible Categorization: Add any labels that help classify resources.

  • Multi-Tag Support: Assets can have unlimited tags for granular organization.

  • Access Control: Assign permissions to Tags to restrict access by functional category.

  • Filtering: Use tags broadly across the platform for search, dashboards, inventory management, or pipelines.

Common Use Cases

  • Labeling devices by vendor or firmware family

  • Marking assets as “critical” or “requires approval”

  • Grouping assets by engineering team or owner

  • Filtering for pipeline jobs (e.g., “run firmware updates on all Siemens devices tagged ‘Line 4’”)

Permissions for Groups & Tags

The SDA Platform provides fine-grained Role-Based Access Control (RBAC) that supports permissions applied to both Groups and Tags. This allows organizations to align access with operational and security requirements.

Upon creation of a Role, it can be assigned to a Resoure Group or Tag as shone below.

Permission Highlights

  • Group-based permissions: Control access to all assets within a specific organizational scope.

  • Tag-based permissions: Control access based on functional, technical, or metadata attributes.

  • Combining Groups & Tags:

    • A user might only access the “Cleveland Site” Group and only devices tagged “SEW”.

    • This enables highly targeted access boundaries without over-permissioning.

Permissions can limit:

  • View access

  • Project interactions

  • Pipeline executions

  • Device configuration updates

  • Backup and deployment operations

  • Administrative capabilities

How Groups & Tags Work Across the Platform

Groups and Tags integrate with core platform functionality, including:

  • Devices View: Filter by location, team, vendor, or lifecycle

  • Pipelines: Target actions using Groups, Tags, or both

  • Security Hub: Control access through RBAC relationships

  • Audit Logs: Track changes scoped to specific Groups or Tags

  • Projects: Organize project repositories by site or system type

  • Dashboards: Aggregate insights by region, department, process area, or tag combinations

Best Practices

  • Mirror your real-world structure in Groups for clarity and easier onboarding.

  • Use Tags liberally to describe characteristics that don’t fit neatly into a hierarchy.

  • Combine Groups and Tags for powerful scoping of permissions and automation tasks.

  • Standardize naming conventions (e.g., Region/Plant/Line or Vendor: Siemens).

  • Review tagging periodically to ensure accuracy and usefulness.

PreviousCore Concepts IntroductionNextSDA Gateway

Last updated