LogoLogo
Foundry Documentation
Foundry Documentation
  • Welcome to Foundry
  • Quickstart guide
  • Compute & Storage
    • Compute overview
    • Instance types & specifications
    • Reserving compute
    • Spot bids
      • Spot auction mechanics
    • Startup scripts
    • Access & manage instances
      • Statuses
    • Compute quotas
    • Managing open ports
    • Persistent storage
      • File shares
      • Block storage
    • Ephemeral storage
  • Foundry API
    • API overview and quickstart
    • API reference
      • Projects
      • Instance types
      • SSH Keys
      • Volumes
      • Instances
      • Spot
        • Bids
        • Availability
      • API Keys
      • Profile
    • Specification
  • Access Management
    • Access Management Overview
    • SSH keys
  • Account and Billing
    • Billing overview
    • Foundry Referral Program
  • Security & trust
    • Foundry's approach to security
    • Reporting security concerns
Powered by GitBook
LogoLogo

© 2025 Foundry Technologies, Inc.

On this page
  • Entities in Foundry
  • Relationships between entities
  • User roles in an organization
  • User role considerations
  1. Access Management

Access Management Overview

Foundry employs a straightforward structure for permissions to streamline management and establish clear boundaries of authority and access. While Foundry has a default nomenclature for entities and relationships, we also allow the flexibility for organizations to port existing IAM structures from AWS or GCP.

This article details the structure of entities within Foundry.

Entities in Foundry

There are four core entity types in Foundry:

  1. Organizations

  2. Projects

  3. Users

  4. Resources (instances, storage, keys, etc)

Relationships between entities

  • Users belong to an organization

  • Projects belong to an organization

  • Resources belong to a single project

  • Users have access to selected projects within their organization.

  • Users with access to a project have access to all resources within that project.

User roles in an organization

There are two roles within any organization:

  1. Administrators

    • Can invite new members to the organization.

    • Can modify any team member's role in the organization.

    • Have the authority to view and modify billing details, settle invoices, and initiate new projects.

    • Can add or remove team members from projects.

    • Have access to all projects within the organization.

  2. Members

    • Member permissions depend on the projects they are granted access to by an administrator.

    • Within the projects they're affiliated with, members possess complete operational capabilities, such as creating, starting, stopping, and terminating instances.

User role considerations

By design, granular access control over specific resources within a project is not possible. In the case that certain users should not have access to certain resources, privileged resources should be split into separate projects.

PreviousProfileNextSSH keys

Last updated 7 months ago