Organizations and spaces
Organizations are strict access requirements that strongly protect your Organization’s data and work inside Foundry. Spaces are the primary way in which Organizations are applied to exert control over your Foundry instance. Together, Organizations and spaces allow both strict segregation of work, but also flexible collaboration with third parties when needed.
Organizations
Overview
Organization permissions should be managed via Control Panel.
Organizations are access requirements applied to Projects that enforce strict silos between groups of users and resources. Every user is a member of only one Organization, but can be a guest member of multiple Organizations. In order to meet access requirements, users must be a member or guest member of at least one Organization applied to a Project. Organizations are inherited via the file hierarchy and direct dependencies.
Like Markings, Organizations are a mandatory access control. However, Organizations differ from Markings in a few key ways:
- The scope of information protected by Organizations includes spaces, Ontologies, Projects, users, groups, tag categories, and collections. However, individual resources cannot be tied to an Organization. In comparison, markings can only be applied to Projects and resources.
- Information protected by Organizations abides by cross-organization discoverability rules. Platform administrators can allow or disallow the ability of users to see the names, users, and groups of Organizations outside their own.
- Users are required to be members of a single Organization. There is no requirement for users to have access to Markings.
- Renaming Organizations is not supported. Contact Palantir Support for assistance with deleting an Organization.
Review the management documentation on how to configure organizations.
Creating new Organizations
Within a single Foundry Organization, governance of project and data access can be accomplished through groups. However, if you want to collaborate and share data with Foundry users who are not part of your Organization (for instance, users from another company) while restricting their ability to see your Organization's users and groups, you should create a new Organization. The terms of data-sharing (collaboration) are defined by enrollment administrators and managed in Control Panel.
See the cross-Organization collaboration documentation for information on how to create a new Organization in Control Panel.
Spaces
Spaces have been rebranded from their previous name, Namespaces.
A space is a high-level container of Projects, with one common Ontology, for work with a common purpose that is shared between a set of Organizations. Spaces are restricted by an Organization (or set of Organizations), and that restriction will apply to the Projects in the space as well as the associated Ontology. Most Organizations will only need a single space, inside which all Projects will be created. These projects can be more granularly permissioned using markings and roles.
The file path of a Foundry resource, which can be found in the Details panel, indicates the space as the first element of the path: for example, space/project/sub-folder/my-file.
Multi-Organization spaces
When setting up a collaboration with an external Organization, you likely want to set up a dedicated space with multiple Organizations.
In the case of a space with multiple Organizations, Projects inside that space can have any subset of the Organizations. For example, if there’s a shared space with both the Sky Industries and Sunrise Airline organizations applied, projects inside that space can be created with just Sky Industries or just Sunrise Airline, restricting those projects to only the corresponding organization, or both organizations, allowing that project to be accessed by both organizations.
For more details on setting up a collaboration with an external Organization, see Workflow: Cross-organization collaboration
Review the management documentation on how to configure spaces.