figma guide
Designing content classification and sensitivity labels UI in Figma: tagging, inheritance, and handoff
Design content classification and sensitivity label UI in Figma with label taxonomy, auto-tag rules, inheritance, DLP triggers, and Dev Mode specs for enterprise data governance.
- Published
- Updated
- Jul 16, 2026
- Read time
- 8 min
- Level
- Intermediate
Quick answer
Content classification labels tag files and projects by sensitivity—configured under Organization → Security → Classification. Design a label taxonomy table (name, level, color, DLP actions); auto-tag rules based on keywords, team, or file type; inline label picker on file headers and share dialogs; inheritance rules from project → file with override warnings; bulk re-label for migrations; and audit events when labels change or downgrade. Start from the Figma guides hub and pair with DLP sharing restrictions, data retention, and Dev Mode handoff.
Who this is for
- Product designers building enterprise Security settings, file metadata UI, and data governance admin consoles.
- Design system teams aligning label chips with badges and color tokens.
- Engineers implementing label inheritance, policy evaluation order, and downgrade approval flows.
Classification entry points
| Location | Audience | Actions |
|---|---|---|
| Org → Security → Classification | Security admin | CRUD label taxonomy and auto-tag rules |
| File / project header | All members | View and apply label (if permitted) |
| Share dialog | End user | See label-driven restrictions before share |
| Bulk admin tools | Compliance admin | Re-label, audit mismatches |
Verdict: one Classification hub for taxonomy and rules—do not scatter label definitions across DLP and retention settings without cross-links.
Label taxonomy table
| Column | Spec | Notes |
|---|---|---|
| Label name | Public, Internal, Confidential, Restricted | Required, unique |
| Sensitivity level | 1–4 numeric rank | Higher = stricter |
| Color / icon | Semantic token | Must pass a11y contrast |
| Default DLP action | Link to DLP policy | Auto-suggest on label create |
| Retention override | Optional shorter/longer period | Link to retention rules |
| Files tagged | Count | Link to inventory |
| Status | Active / Deprecated | Deprecated = no new applies |
| Actions | Edit, Duplicate, Deprecate | Delete blocked if files tagged |
ClassificationTaxonomyTable
├── Toolbar: [ Add label ] [ Import MIP template ] [ Preview impact ]
├── Rows: Public · Internal · Confidential · Restricted
└── Footer: "4 active labels · 12,400 files classified"
Import template for common frameworks: ISO 27001 four-tier, Microsoft-style labels, or custom import CSV.
Add / edit label modal
| Field | Validation | Helper text |
|---|---|---|
| Name | Required, max 32 chars | Shown on file chip |
| Description | Required | ”When to use this label” for members |
| Sensitivity level | 1–10, unique rank | Used for inheritance conflicts |
| Visual | Color + optional icon | Preview chip in modal |
| Downgrade policy | Allow / Require approval / Block | Prevent accidental declassification |
| Linked DLP policies | Multi-select | Auto-attach on save |
| Retention modifier | None / extend / shorten | Optional override |
AddLabelModal
├── Name: [ Confidential ]
├── Description: [ Customer data, unreleased product plans ]
├── Level: [ 3 ] of 4
├── Chip preview: [ Confidential ]
├── Downgrade: (•) Require manager approval ( ) Block
├── DLP: [x] Block external viewers [x] Watermark exports
└── [ Cancel ] [ Save label ]
Show impact preview: how many existing files would match if auto-tag rules are added later.
Inline label picker on files
Every classified asset shows a persistent label chip in the file header:
FileHeader
├── Title: Q3 Product Roadmap
├── Label chip: [ Confidential ▾ ] ← clickable if user has classify permission
├── Inherited badge: "From project Acme Core" (optional)
└── Banner if mismatch: "Auto-tag suggests Restricted — review"
| State | UI |
|---|---|
| No label | Gray chip: “Set classification” |
| Inherited | Chip + subtle “Inherited” sublabel |
| Override | Chip + “Override” badge, audit on save |
| Locked | Chip disabled; tooltip cites org policy |
| Suggested | Dotted outline chip: “Suggested: Internal” |
Apply label opens searchable dropdown sorted by sensitivity level—show description on hover for training.
Auto-tag rules
| Rule type | Trigger | Example |
|---|---|---|
| Keyword in title | File or page name contains | ”roadmap”, “salary”, “contract” |
| Team / project | Scope match | All files in Legal team → Confidential |
| File type / plugin | Metadata | Imported PDF → Internal minimum |
| Member role | Creator context | External guest files → Restricted ceiling |
| Age / inactivity | Scheduler | Unlabeled 30d → prompt or auto Internal |
AutoTagRulesTable
├── Rule: Title contains "PII" → Restricted
├── Rule: Project "Public Marketing" → Public ceiling
├── Rule: Unlabeled file 14d → notify owner
└── [ Add rule ] [ Run scan now ]
Run scan now produces a classification gap report: unlabeled files, suggested labels, conflicts with manual labels.
Inheritance and override
| Scope | Default behavior | Override UI |
|---|---|---|
| Project label | Applies to new files | File can only increase sensitivity |
| Team default | Suggested on create | Member sees pre-selected label |
| Org minimum | Floor for all files | Cannot set below Internal |
| Parent page | Design file pages inherit file label | Page-level override rare |
LabelOverrideModal
├── Current: Internal (inherited from project)
├── New: [ Confidential ▾ ]
├── Warning: "Increases restrictions — external share will be blocked"
├── Reason: [ Required for audit ] textarea
└── [ Cancel ] [ Apply with approval ]
Downgrade (Confidential → Internal) always requires approval when org policy mandates—route to Security Admin queue like DLP exceptions.
Share and export integration
Labels drive inline enforcement before sharing:
| Label | Public link | External email | Download |
|---|---|---|---|
| Public | Allowed | Allowed | Allowed |
| Internal | Org only | Domain allowlist | Allowed |
| Confidential | Blocked | Approval required | Watermarked |
| Restricted | Blocked | Blocked | Blocked |
Share dialog shows label chip next to permission dropdown—changing share target re-evaluates label policy live.
Bulk re-label and migration
Compliance admins need batch tools after taxonomy changes:
BulkRelabelWizard
├── Step 1: Filter (team, unlabeled, deprecated label)
├── Step 2: Preview (4,200 files → Confidential)
├── Step 3: Justification + effective date
└── Step 4: Job progress · email on complete
Log every bulk job to audit activity with actor, old label, new label, file count.
Role and permission interaction
Custom roles need classification capabilities:
| Capability | Effect |
|---|---|
| classify.apply | Set label up to role ceiling |
| classify.downgrade | Lower sensitivity (may still need approval) |
| classify.admin | Edit taxonomy and auto-tag rules |
| classify.bulk | Run bulk re-label jobs |
Role editor groups these under Data governance—mirror label names in capability descriptions.
Retention and compliance alignment
Data retention and legal hold interact with labels:
| Label | Retention | Hold behavior |
|---|---|---|
| Public | Standard org default | Hold applies normally |
| Confidential | Extended log retention | Hold blocks purge |
| Restricted | Short user access, long audit | Export requires compliance role |
Classification settings sidebar note: “Label changes do not retroactively alter holds—review hold scope separately.”
Common mistakes
| Mistake | Why it hurts | Fix |
|---|---|---|
| Too many label tiers | Users pick wrong level | Cap at 4–5 with clear descriptions |
| Labels hidden in file menu | Files stay unclassified | Persistent header chip |
| No downgrade approval | Accidental data exposure | Require approval for lower sensitivity |
| Auto-tag without notify | Silent reclassification | Notify owner on auto-apply |
| DLP and labels disconnected | Policies drift | Link policies on label create |
| Color-only distinction | Color-blind users fail | Icon + text on every chip |
| Inheritance unclear | Wrong label on nested files | Show “Inherited from project” |
| Deprecated labels still selectable | Taxonomy chaos | Deprecate → map to replacement |
| Bulk re-label without preview | Mass misclassification | Preview + staged rollout |
| No audit on label change | Compliance gap | Log every apply, override, downgrade |
Recommended workflow
- Design taxonomy table with sensitivity rank, visual chip, and linked DLP policies.
- Build inline label picker on file/project headers with inheritance badges.
- Add auto-tag rules with gap report and suggested-label prompts.
- Wire share dialog to show label-driven restrictions before commit.
- Spec downgrade approval queue aligned with DLP exception patterns.
- Create bulk re-label wizard with preview and audit trail.
- Document evaluation order (org minimum > project > file > page) in Dev Mode.
FAQ
Do labels apply to API exports?
Yes—API and automation paths should evaluate label policy on export; document in developer settings.
Can members create custom labels?
Usually no—taxonomy is admin-only; members apply from approved list to prevent sprawl.
How do labels interact with guest invites?
Guest-accessible files may cap at Internal—Confidential files block guest invite at share time.
What if auto-tag and manual label conflict?
Manual wins unless org enables “auto-tag enforce”—show mismatch banner until resolved.
Deprecated label on 500 files?
Bulk migrate wizard maps deprecated → replacement with compliance sign-off.
Next steps
- Design DLP and external sharing restrictions UI in Figma — label-driven share blocks
- Design data retention policies and auto-deletion UI in Figma — retention modifiers per label
- Design compliance exports and legal hold UI in Figma — hold scope by classification
- Design custom roles and permission templates UI in Figma — classify capabilities
- Design audit log and security activity UI in Figma — label change events
§ Keep reading