In TrueFoundry, are organized around the following key resources that help manage the entire organization’s resources effectively.
Tenant/Organization level permissions
| Resource | Default Permissions |
|---|
| Environments | View All Environments |
| Users | View All Users |
| Teams | View All Teams |
| Integrations | View All Integrations |
| Git Integrations | View All Git Integrations |
| Clusters | View All Clusters |
| Resource | Default Permissions |
|---|
| Environments | View All Environments |
| Users | View All Users |
| Teams | View All Teams |
| Integrations | View All Integrations |
| Git Integrations | View All Git Integrations |
| Clusters | View All Clusters |
| Resource | Default Permissions |
|---|
| Environments | Manage All Environments |
| Settings | Manage All Settings |
| Users | Manage All Users |
| Teams | Manage All Teams |
| Virtual Accounts | Manage All Virtual Accounts |
| Integrations | Manage All Integrations |
| Git Integrations | Manage All Git Integrations |
| Policys | Manage All Policies |
| Clusters | Manage All Clusters |
| Workspaces | Manage All Workspaces |
| Applications | Manage All Applications |
| ML Repositories | Manage All ML Repositories |
| Secret Groups | Manage All Secret Groups |
| Audit Logs | View All Audit Logs |
| Settings | Manage All Settings |
| AI Gateway Models | Manage All Models |
| MCP Server Integrations | Manage All MCP Server Integrations |
| AI Gateway Configs | Manage All Configs |
Resource level permissions
AWS, Azure, GCP, JFrog, AI Models, MCP Servers are all provider accounts.| Permissions | Provider Account Access | Provider Account Manager |
|---|
| View Provider Account | | |
| Update Provider Account | | |
| Manage Collaborators | | |
| Use All Integrations | | |
Only Tenant Admins can create/delete a provider account. You can also define overrides for Access permission for each Integration.
AWS, Azure, GCP, JFrog, AI Models, MCP Servers are all provider accounts.| Permissions | Provider Account Access | Provider Account Manager |
|---|
| View Provider Account | | |
| Update Provider Account | | |
| Manage Collaborators | | |
| Use All Integrations | | |
Only Tenant Admins can create/delete a provider account. You can also define overrides for Access permission for each Integration.
| Permissions | Cluster Viewer | Cluster Member | Cluster Admin |
|---|
| View Cluster | | | |
| Update Cluster | | | |
| Delete Cluster | | | |
| Manage Collaborators | | | |
| Create Workspace | | | |
Only Tenant Admins can create a cluster.
| Permissions | Workspace Viewer | Workspace Editor | Workspace Admin |
|---|
| View Workspace | | | |
| Update Workspace | | | |
| Delete Workspace | | | |
| Manage Collaborators | | | |
| Add/Update/Delete Applications | | | |
| Permissions | Project Viewer | Project Editor | Project Admin |
|---|
| View ML Repository/Project | | | |
| Update ML Repository/Project | | | |
| Delete ML Repository/Project | | | |
| Manage Collaborators | | | |
| View Runs/Artifacts/Models/Traces/Prompts | | | |
| Add/Update Runs/Artifacts/Models/Traces/Prompts | | | |
| Delete Runs/Artifacts/Models/Traces/Prompts | | | |
Any member with Access permission to any Blob storage integration can create a ML Repository/Project.
| Permissions | Secret Group Viewer | Secret Group Editor | Secret Group Admin |
|---|
| View Secret Group | | | |
| Update Secret Group | | | |
| Delete Secret Group | | | |
| Manage Collaborators | | | |
| View Secrets | | | |
| Add/Update/Delete Secrets | | | |
| Read Secret Value | | | |
Any member with Access permission to any Secret storage integration can create a Secret Group.
