Access Management Overview

Foundry employs a straightforward structure for permissions to streamline management and establish clear boundaries of authority and access. While Foundry has a default nomenclature for entities and relationships, we also allow the flexibility for organizations to port existing IAM structures from AWS or GCP.

This article details the structure of entities within Foundry.

Entities in Foundry

There are four core entity types in Foundry:

  1. Organizations

  2. Projects

  3. Users

  4. Resources (instances, storage, keys, etc)

Relationships between entities

  • Users belong to an organization

  • Projects belong to an organization

  • Resources belong to a single project

  • Users have access to selected projects within their organization.

  • Users with access to a project have access to all resources within that project.

User roles in an organization

There are two roles within any organization:

  1. Administrators

    • Can invite new members to the organization.

    • Can modify any team member's role in the organization.

    • Have the authority to view and modify billing details, settle invoices, and initiate new projects.

    • Can add or remove team members from projects.

    • Have access to all projects within the organization.

  2. Members

    • Member permissions depend on the projects they are granted access to by an administrator.

    • Within the projects they're affiliated with, members possess complete operational capabilities, such as creating, starting, stopping, and terminating instances.

User role considerations

By design, granular access control over specific resources within a project is not possible. In the case that certain users should not have access to certain resources, privileged resources should be split into separate projects.

Last updated