Permissions & Governance

Foundry uses project-level roles to control access: Viewer, Editor, Owner. These cascade down to all resources within a project. For more granular control, you can assign roles on individual resources. Organisational groups make management scalable — assign a group to a project role, and all group members inherit the access. When someone leaves the team, removing them from the group revokes all their project access instantly.

Markings are labels that classify data by sensitivity: "Public", "Internal", "Confidential", "Restricted". A marking is applied to a dataset (or even individual columns) and propagates — if a transform reads a "Confidential" input, its output is automatically marked "Confidential". Users can only see data at or below their clearance level. This means governance is baked into the data lineage, not managed as a separate spreadsheet.

At scale, governance requires planning: - Define a marking taxonomy before data lands in Foundry. - Use organisation-level defaults so new projects inherit sensible roles. - Audit access regularly with Foundry's built-in access reports. - Combine markings with purpose-based access — users explain why they need access, and approvals are tracked. Good governance is invisible to end users but essential for trust.