Organizations are strict access requirements that strongly protect your Organization’s data and work inside Foundry. Spaces are the primary way in which Organizations are applied to exert control over your Foundry instance. Together, Organizations and spaces allow both strict segregation of work, but also flexible collaboration with third parties when needed.
Organization permissions should be managed via Control Panel.
Organizations are access requirements applied to Projects that enforce strict silos between groups of users and resources. Every user is a member of only one Organization, but can be a guest member of multiple Organizations. In order to meet access requirements, users must be a member or guest member of at least one Organization applied to a Project. Organizations are inherited via the file hierarchy and direct dependencies.
Like Markings, Organizations are a mandatory access control. However, Organizations differ from Markings in a few key ways:
Review the management documentation on how to configure organizations.
Within a single Foundry Organization, governance of project and data access can be accomplished through groups. However, if you want to collaborate and share data with Foundry users who are not part of your Organization (for instance, users from another company) while restricting their ability to see your Organization's users and groups, you should create a new Organization. The terms of data-sharing (collaboration) are defined by enrollment administrators and managed in Control Panel.
See the cross-Organization collaboration documentation for information on how to create a new Organization in Control Panel.
Spaces have been rebranded from their previous name, Namespaces.
A space is a high-level container of Projects, with one common Ontology, for work with a common purpose that is shared between a set of Organizations. Spaces are restricted by an Organization (or set of Organizations), and that restriction will apply to the Projects in the space as well as the associated Ontology. Most Organizations will only need a single space, inside which all Projects will be created. These projects can be more granularly permissioned using markings and roles.
The file path of a Foundry resource, which can be found in the Details panel, indicates the space as the first element of the path: for example, space/project/sub-folder/my-file
.
When setting up a collaboration with an external Organization, you likely want to set up a dedicated space with multiple Organizations.
In the case of a space with multiple Organizations, Projects inside that space can have any subset of the Organizations. For example, if there’s a shared space with both the Sky Industries and Sunrise Airline organizations applied, projects inside that space can be created with just Sky Industries or just Sunrise Airline, restricting those projects to only the corresponding organization, or both organizations, allowing that project to be accessed by both organizations.
For more details on setting up a collaboration with an external Organization, see Workflow: Cross-organization collaboration
Review the management documentation on how to configure spaces.