Manage Organizations and spaces

Organizations

Organization permissions should be managed via Control Panel. Further Organization configuration is managed in the Foundry Settings tab.

Managing Organization membership

There are two ways in which a user can be associated with an Organization:

Membership

A user is a member of exactly one Organization. This can be assigned upon user creation, mapped via your SAML setup Admin > Authentication > Organization assignment, or managed in the Users interface.

Organization membership defines the following:

• The Organization that shows up in a user’s profile.
• Visibility to users from other Organizations (see Organization Discovery).
• Projects and groups created by a user will be automatically marked with their Organization, keeping resources restricted within and Organization by default.

Guest membership

A user of another Organization who can view Projects, files, users, groups, tag categories, and collections in this Organization. Guests can be users or groups. While every user has a single primary Organization membership, users can have guest membership to any number of Organizations.

You can add a guest to your Organization from the Organizations tab of the Foundry Settings page:

Home folders and Organizations

When Foundry home folders are enabled, they are automatically marked with the Organization of the user.

Spaces

Spaces settings are managed in Control Panel on the Space management page of enrollment settings.

Create a space

From the Space management page, select + Create space.

As part of space creation, you will be asked to specify the following settings:

• Access requirements: A space and all its contents are protected by Organizations. Users must meet the access requirements for at least one of the organizations in order to access this space. Projects within this space cannot be protected by organizations outside of this set.
• Deletion policy: The deletion policy defines when a space and its Projects will be deleted. A deletion policy is constructed with Organizations in a last-out semantic, meaning the space is deleted when all of the Organizations used for the deletion policy have themselves been deleted.
• File system: The file system is where data in the space is stored for all Projects. The file system cannot be modified once set.
• Usage account: Usage of resources in the platform are tracked by usage account. This setting decides the default usage account that Projects in the Space will use. The usage account can be overridden on a per-Project basis.
• Resource queue: Compute resources for a Project are allocated from its resource queue. This setting decides the resource queue used for all projects in the Space.
• Role set: A Project can only use roles from the role sets allowed for its space. By default, this is the Project defaults role set, but it can be replaced with a custom role set. Note that if a custom role set is used, then roles granted on the space will not inherit to Projects.

If you are an enrollment admin but are not able to create a new space, it may be because your enrollment is not suitable or you have hit a quota limit; contact Palantir Support for more information.

Manage a space

In the Actions section, you can Manage the settings of a space.

Legacy spaces might provide additional configuration settings. Below is a description of those settings:

• Roles: Users must have a role on the space and meet its access requirements to create Projects or manage space settings.
• Role grants on folders and files: When enabled, users can be assigned roles on folders and files in new Projects by default. This setting only initializes this behavior when a new Project is created and does not enforce this behavior for existing Projects. Learn more about disabling role grants on folder and files.