Access Control
In TrueFoundry, are organized around the following key resources that help manage the entire organization’s resources effectively.
Tenant/Organization level permissions
| Resource | Default Permissions |
|---|---|
| Environments | View All Environments |
| Users | View All Users |
| Teams | View All Teams |
| Integrations | View All Integrations |
| Git Integrations | View All Git Integrations |
| Clusters | View All Clusters |
| Resource | Default Permissions |
|---|---|
| Environments | View All Environments |
| Users | View All Users |
| Teams | View All Teams |
| Integrations | View All Integrations |
| Git Integrations | View All Git Integrations |
| Clusters | View All Clusters |
| Resource | Default Permissions |
|---|---|
| Environments | Manage All Environments |
| Settings | Manage All Settings |
| Users | Manage All Users |
| Teams | Manage All Teams |
| Virtual Accounts | Manage All Virtual Accounts |
| Integrations | Manage All Integrations |
| Git Integrations | Manage All Git Integrations |
| Policys | Manage All Policies |
| Clusters | Manage All Clusters |
| Workspaces | Manage All Workspaces |
| Applications | Manage All Applications |
| ML Repositories | Manage All ML Repositories |
| Secret Groups | Manage All Secret Groups |
| Audit Logs | View All Audit Logs |
| Settings | Manage All Settings |
| AI Gateway Models | Manage All Models |
| MCP Server Integrations | Manage All MCP Server Integrations |
| AI Gateway Configs | Manage All Configs |
Resource level permissions
| Permissions | Provider Account Access | Provider Account Manager |
|---|---|---|
| View Provider Account | ||
| Update Provider Account | ||
| Manage Collaborators | ||
| Use All Integrations |
Only Tenant Admins can create/delete a provider account. You can also define overrides for Access permission for each Integration.
| Permissions | Provider Account Access | Provider Account Manager |
|---|---|---|
| View Provider Account | ||
| Update Provider Account | ||
| Manage Collaborators | ||
| Use All Integrations |
Only Tenant Admins can create/delete a provider account. You can also define overrides for Access permission for each Integration.
| Permissions | Cluster Viewer | Cluster Member | Cluster Admin |
|---|---|---|---|
| View Cluster | |||
| Update Cluster | |||
| Delete Cluster | |||
| Manage Collaborators | |||
| Create Workspace |
Only Tenant Admins can create a cluster.
| Permissions | Workspace Viewer | Workspace Editor | Workspace Admin |
|---|---|---|---|
| View Workspace | |||
| Update Workspace | |||
| Delete Workspace | |||
| Manage Collaborators | |||
| Add/Update/Delete Applications |
| Permissions | Project Viewer | Project Editor | Project Admin |
|---|---|---|---|
| View ML Repository/Project | |||
| Update ML Repository/Project | |||
| Delete ML Repository/Project | |||
| Manage Collaborators | |||
| View Runs/Artifacts/Models/Traces/Prompts | |||
| Add/Update Runs/Artifacts/Models/Traces/Prompts | |||
| Delete Runs/Artifacts/Models/Traces/Prompts |
Any member with Access permission to any Blob storage integration can create a ML Repository/Project.
| Permissions | Secret Group Viewer | Secret Group Editor | Secret Group Admin |
|---|---|---|---|
| View Secret Group | |||
| Update Secret Group | |||
| Delete Secret Group | |||
| Manage Collaborators | |||
| View Secrets | |||
| Add/Update/Delete Secrets | |||
| Read Secret Value |
Any member with Access permission to any Secret storage integration can create a Secret Group.
Access Control
In TrueFoundry, are organized around the following key resources that help manage the entire organization’s resources effectively.
Tenant/Organization level permissions
| Resource | Default Permissions |
|---|---|
| Environments | View All Environments |
| Users | View All Users |
| Teams | View All Teams |
| Integrations | View All Integrations |
| Git Integrations | View All Git Integrations |
| Clusters | View All Clusters |
| Resource | Default Permissions |
|---|---|
| Environments | View All Environments |
| Users | View All Users |
| Teams | View All Teams |
| Integrations | View All Integrations |
| Git Integrations | View All Git Integrations |
| Clusters | View All Clusters |
| Resource | Default Permissions |
|---|---|
| Environments | Manage All Environments |
| Settings | Manage All Settings |
| Users | Manage All Users |
| Teams | Manage All Teams |
| Virtual Accounts | Manage All Virtual Accounts |
| Integrations | Manage All Integrations |
| Git Integrations | Manage All Git Integrations |
| Policys | Manage All Policies |
| Clusters | Manage All Clusters |
| Workspaces | Manage All Workspaces |
| Applications | Manage All Applications |
| ML Repositories | Manage All ML Repositories |
| Secret Groups | Manage All Secret Groups |
| Audit Logs | View All Audit Logs |
| Settings | Manage All Settings |
| AI Gateway Models | Manage All Models |
| MCP Server Integrations | Manage All MCP Server Integrations |
| AI Gateway Configs | Manage All Configs |
Resource level permissions
| Permissions | Provider Account Access | Provider Account Manager |
|---|---|---|
| View Provider Account | ||
| Update Provider Account | ||
| Manage Collaborators | ||
| Use All Integrations |
Only Tenant Admins can create/delete a provider account. You can also define overrides for Access permission for each Integration.
| Permissions | Provider Account Access | Provider Account Manager |
|---|---|---|
| View Provider Account | ||
| Update Provider Account | ||
| Manage Collaborators | ||
| Use All Integrations |
Only Tenant Admins can create/delete a provider account. You can also define overrides for Access permission for each Integration.
| Permissions | Cluster Viewer | Cluster Member | Cluster Admin |
|---|---|---|---|
| View Cluster | |||
| Update Cluster | |||
| Delete Cluster | |||
| Manage Collaborators | |||
| Create Workspace |
Only Tenant Admins can create a cluster.
| Permissions | Workspace Viewer | Workspace Editor | Workspace Admin |
|---|---|---|---|
| View Workspace | |||
| Update Workspace | |||
| Delete Workspace | |||
| Manage Collaborators | |||
| Add/Update/Delete Applications |
| Permissions | Project Viewer | Project Editor | Project Admin |
|---|---|---|---|
| View ML Repository/Project | |||
| Update ML Repository/Project | |||
| Delete ML Repository/Project | |||
| Manage Collaborators | |||
| View Runs/Artifacts/Models/Traces/Prompts | |||
| Add/Update Runs/Artifacts/Models/Traces/Prompts | |||
| Delete Runs/Artifacts/Models/Traces/Prompts |
Any member with Access permission to any Blob storage integration can create a ML Repository/Project.
| Permissions | Secret Group Viewer | Secret Group Editor | Secret Group Admin |
|---|---|---|---|
| View Secret Group | |||
| Update Secret Group | |||
| Delete Secret Group | |||
| Manage Collaborators | |||
| View Secrets | |||
| Add/Update/Delete Secrets | |||
| Read Secret Value |
Any member with Access permission to any Secret storage integration can create a Secret Group.