Ontology resources are managed as project resources and permissions are handled through Compass, the Palantir platform’s filesystem.
This project-based permissioning approach unifies control and provides the following benefits:
Object type definitions are permissioned differently from instances of object data. To see an object type definition, you must have View permissions on the object type definition, but do not need View permissions for the backing datasource.
To see object data instances, you must hold View permissions on both the object type definition and the backing datasource.
For more information on the distinction between definitions (metadata) and instances (data), review the documentation on object permissioning.
You will need the appropriate edit permissions depending on the resource you would like to edit:
Previously, permissioning ontology resources varied based on your ontology authorization model. The table below summarizes how resources are currently managed for each model.
| Ontology authorization model | Description |
|---|---|
| Ontology roles | - Ontology resources are regular project resources. - Permissioned at the project/folder level, allowing for bulk management. - Resource-level role grants possible but are not recommended. |
| Datasource-derived | - Objects and links are located in the projects where their backing datasource is. - Permissioned at the project/folder level, allowing for bulk management. |