1. Concepts Guide
  2. Tagging Overview
  3. Tag Defaults

Tag Defaults

Tag defaults let you specify tags that are applied automatically to all resources at the time of creation in a specific compartment. This feature allows you to ensure that appropriate tags are applied at resource creation without requiring the user creating the resource to have access to the tag namespaces.

Tag defaults allow tenancy administrators to create secure permissions boundaries between users concerned with governance and users who need to create and manage resources. Tag defaults are defined for a specific compartment. A default tag is also applied to child compartments and the resources created within them. In the Compute Web UI, you manage tag defaults on the Compartment Details page.

To create or edit a tag default for a compartment, you must be granted the following combination of permissions:

  • manage tag-defaults access for the compartment where you are adding the tag default

  • use tag-namespaces access for the compartment where the tag namespace resides

  • inspect tag-namespaces access for the tenancy

Tag defaults must include a tag value. If you use a default value, then you must create it as part of the tag default. This value is applied to all resources. Using a tag variable is allowed. If you specify that a user-applied value is required, then the user creating the resource must enter the value for the tag at the time of resource creation. Users cannot create resources without entering a value for the tag.

Tag defaults can be overridden at the time of resource creation by users who have the appropriate permissions to both create the resource and to use the tag namespace. Users with these permissions can also modify the default tags that were applied at resource creation at any later time.

You can define up to 5 tag defaults per compartment. After a tag default is created in a compartment, the default tag is applied to any new resources created in that compartment. Previously existing resources in the compartment are not tagged retro-actively. If you change the default value of the tag default, existing occurrences are not updated.

If you delete the tag default from the compartment, existing occurrences of the tag are not removed from resources. When you delete a tag key definition, existing tag defaults based on that tag key definition are not removed from the compartment. Until you delete the tag default in the compartment, it continues to count against your limit of 5 tag defaults per compartment.

Retired tags cannot be applied to new resources. Therefore, if the tag namespace or tag key specified in a tag default is retired, when new resources are created, the retired tag is not applied. As a best practice, you should delete the tag default that specifies the retired tag.