Security and RBAC
Nomic Atlas implements organization-level and dataset-level role-based access controls (RBAC).
Organization Role-Based Access Controls
Every Atlas user belongs to one or more organizations. Every user in an organization has one of the following roles and associated permissions.
| Owner | Admin | Editor | Viewer | Non-member | |
|---|---|---|---|---|---|
| Read organization metadata | ✅ | ✅ | ✅ | ✅ | only if public organization |
| Read datasets | ✅ | ✅ | ✅ | only if shared | only if public organization |
| Read datasets | ✅ | ✅ | ✅ | 🚫 | 🚫 |
| Create/edit datasets | ✅ | ✅ | ✅ | 🚫 | 🚫 |
| Create/delete personal API keys | ✅ | ✅ | ✅ | ✅ | 🚫 |
| Manage member API keys | ✅ | ✅ | 🚫 | 🚫 | 🚫 |
| Manage members | ✅ | ✅ | 🚫 | 🚫 | 🚫 |
| Manage billing | ✅ | ✅ | 🚫 | 🚫 | 🚫 |
Dataset Role-Based Access Controls
Users within an organization perform actions on their own organizations' datasets. The dataset's creator and the organization's owner and admins are all admins on the dataset. Dataset admins can grant users in the organization the following roles and permissions.
| Admin | Editor | Viewer | No dataset role | |
|---|---|---|---|---|
| Read dataset | ✅ | ✅ | ✅ | only if shared |
| Add new data to dataset | ✅ | ✅ | 🚫 | 🚫 |
| Change dataset name and description | ✅ | ✅ | 🚫 | 🚫 |
| Create tags | ✅ | ✅ | 🚫 | 🚫 |
| See other users' tags | ✅ | ✅ | 🚫 | 🚫 |
| Delete/rename other users' tags | 🚫 | 🚫 | 🚫 | 🚫 |
| Delete dataset | ✅ | 🚫 | 🚫 | 🚫 |
| Edit dataset sharing permissions | ✅ | 🚫 | 🚫 | 🚫 |
Organization-level roles supersede dataset-level roles. For example, all organization owners and admins automatically have full-access to all datasets.
Who can see my datasets?
When you create a dataset, you can toggle it as private or public in your dataset's page settings. Private datasets are only accessible by authenticated individuals in your organization. Public datasets are accessible by anyone with a link in your Atlas deployment.
Atlas Client Private Map Example
from nomic import atlas
import numpy as np
num_embeddings = 10000
embeddings = np.random.rand(num_embeddings, 256)
response = atlas.map_data(embeddings=embeddings,
is_public=False,
organization_name='my_organization'
)
print(response)
Creating datasets in organizations
You can create datasets under any organization you are apart of by specifying an organization_slug prefix in the dataset identifier.
For example, we can create a dataset in the sterling-cooper organization called my-dataset by specifying sterling-cooper/my-dataset
as the dataset name.