Access Management Overview
Foundry employs a straightforward structure for permissions to streamline management and establish clear boundaries of authority and access. While Foundry has a default nomenclature for entities and relationships, we also allow the flexibility for organizations to port existing IAM structures from AWS or GCP.
This article details the structure of entities within Foundry.
Entities in Foundry
There are four core entity types in Foundry:
Organizations
Projects
Users
Resources (instances, storage, keys, etc)
Relationships between entities
Users belong to an organization
Projects belong to an organization
Resources belong to a single project
Users have access to selected projects within their organization.
Users with access to a project have access to all resources within that project.
User roles in an organization
There are two roles within any organization:
Administrators
Can invite new members to the organization.
Can modify any team member's role in the organization.
Have the authority to view and modify billing details, settle invoices, and initiate new projects.
Can add or remove team members from projects.
Have access to all projects within the organization.
Members
Member permissions depend on the projects they are granted access to by an administrator.
Within the projects they're affiliated with, members possess complete operational capabilities, such as creating, starting, stopping, and terminating instances.
User role considerations
By design, granular access control over specific resources within a project is not possible. In the case that certain users should not have access to certain resources, privileged resources should be split into separate projects.
Last updated