diff --git a/thehive/app/org/thp/thehive/models/Permissions.scala b/thehive/app/org/thp/thehive/models/Permissions.scala
index 6932c28dbd..f9b9310bcc 100644
--- a/thehive/app/org/thp/thehive/models/Permissions.scala
+++ b/thehive/app/org/thp/thehive/models/Permissions.scala
@@ -20,7 +20,7 @@ object Permissions extends Perms {
   lazy val manageProcedure: PermissionDesc          = PermissionDesc("manageProcedure", "Manage procedures", "organisation")
   lazy val manageProfile: PermissionDesc            = PermissionDesc("manageProfile", "Manage user profiles", "admin")
   lazy val manageShare: PermissionDesc              = PermissionDesc("manageShare", "Manage shares", "organisation")
-  lazy val manageTag: PermissionDesc                = PermissionDesc("manageTag", "Manage tags", "admin")
+  lazy val manageTag: PermissionDesc                = PermissionDesc("manageTag", "Manage tags", "organisation")
   lazy val manageTaxonomy: PermissionDesc           = PermissionDesc("manageTaxonomy", "Manage taxonomies", "admin")
   lazy val manageTask: PermissionDesc               = PermissionDesc("manageTask", "Manage tasks", "organisation")
   lazy val manageUser: PermissionDesc               = PermissionDesc("manageUser", "Manage users", "organisation", "admin")
diff --git a/thehive/app/org/thp/thehive/models/TheHiveSchemaDefinition.scala b/thehive/app/org/thp/thehive/models/TheHiveSchemaDefinition.scala
index 24caadfa02..68a0445c8a 100644
--- a/thehive/app/org/thp/thehive/models/TheHiveSchemaDefinition.scala
+++ b/thehive/app/org/thp/thehive/models/TheHiveSchemaDefinition.scala
@@ -373,6 +373,14 @@ class TheHiveSchemaDefinition @Inject() extends Schema with UpdatableSchema {
       traversal.unsafeHas("name", "admin").raw.property("permissions", "managePlatform").iterate()
       Success(())
     }
+    .updateGraph("Remove manageTag permission to admin profile", "Profile") { traversal =>
+      traversal.unsafeHas("name", "admin").raw.properties[String]("permissions").forEachRemaining(p => if (p.value() == "manageTag") p.remove())
+      Success(())
+    }
+    .updateGraph("Add manageTag permission to org-admin profile", "Profile") { traversal =>
+      traversal.unsafeHas("name", "org-admin").raw.property("permissions", "manageTag").iterate()
+      Success(())
+    }
 
   val reflectionClasses = new Reflections(
     new ConfigurationBuilder()