Foundry is now Mithril 🚀
Read the announcement

Access management

Mithril employs a straightforward structure for permissions to streamline management and establish clear boundaries of authority and access. While Mithril has a default nomenclature for entities and relationships, we also allow the flexibility for organizations to port existing IAM structures from AWS or GCP.

This article details the structure of entities within Mithril.

Entities in Mithril

There are four core entity types in Mithril:

  1. Organizations

  2. Projects

  3. Users

  4. Resources (instances, storage, keys, etc)

Relationships between entities

  • Users belong to an organization

  • Projects belong to an organization

  • Compute & storage resources belong to a single project

  • Users have access to selected projects within their organization.

  • Users with access to a project have access to all resources within that project.

Managing users

Administrators can new users to their organization or deactivate existing users. An user can be either an Administrator or a Member:

  1. Administrators

    • Can invite new members to the organization.

    • Can modify any team member's role in the organization.

    • Have the authority to view and modify billing details, settle invoices, and initiate new projects.

    • Can add or remove team members from projects.

    • Have access to all projects within the organization.

  2. Members

    • Member permissions depend on the projects they are granted access to by an administrator.

    • Within the projects they're affiliated with, members possess complete operational capabilities, such as creating, starting, stopping, and terminating instances.

User role considerations

By design, granular access control over specific resources within a project is not possible. In the case that certain users should not have access to certain resources, privileged resources should be split into separate projects.

Deactivating a user considerations

While deactivating a user is easy in Settings, note that your deactivated users may still have access to instances if they retain the SSH key. We recommend rolling SSH keys to ensure best practices with deactivated users.

Managing projects

Projects are a workspace within an organization for users to create and access compute or storage resources. Compute and storage within a project can only be accessed if your user has access to it. Most organizations use projects to:

  • Organize resources by team (e.g., Product team, Infra team)

  • Organize resources by cost bucket / code (e.g., R&D vs COGS)

  • Separate production, staging, and dev environments

  • Sandbox interns or contractors to limit access to sensitive environments

Projects can be renamed in the Settings modal.

PreviousBatch InferenceNextBilling

Last updated