---
title: >-
  Root compartment tag defaults should enforce a tag containing IAM principal
  name
description: Datadog, the leading service for cloud-scale monitoring.
breadcrumbs: >-
  Docs > Datadog Security > OOTB Rules > Root compartment tag defaults should
  enforce a tag containing IAM principal name
---

# Root compartment tag defaults should enforce a tag containing IAM principal name
 
## Description{% #description %}

Tag defaults allow you to automatically apply tags to resources created in a compartment. Using tag defaults with IAM principal name values (for example, `${iam.principal.name}`) enables automatic tracking of which user or service created each resource. This capability is essential for audit trails, cost tracking, and security investigations. Configure tag defaults at the root compartment (tenancy) level to ensure proper resource attribution.

## Remediation{% #remediation %}

Create a tag default at the root compartment (tenancy) level with a value of `${iam.principal.name}` and ensure the lifecycle state is active. The tag key can be any value, but a name like `CreatedBy` is recommended. For guidance on creating and managing tag defaults in OCI, see the [Managing Tag Defaults](https://docs.oracle.com/iaas/Content/Tagging/Tasks/managingtagdefaults.htm) section of the Oracle Cloud Infrastructure Documentation.