Skip to main content

Automatic project memberships

Introduction

Within Tator, projects are created inside of organizations. By default, after creating a project, an administrator must add members from the organization to the project manually. However, it is possible to configure an organization to automatically add all organization members to new organization projects with a given permission level.

Configure default permission level

Using tator-py, it is possible to set the default permission an organization grants to its users for all projects created in the future. For an organization with id <org_id>, create the update spec and update the organization with the desired permission level (accepted values are No Access, View Only, Can Edit, Can Execute, and Full Control):

api = tator.get_api(token=token, host=host)
update_spec = {"default_membership_permission": "Can Execute"}
response = api.update_organization(<org_id>, update_spec)
print(response) # {'message': 'Organization <org_id> updated successfully!'}

The default is No Access, which means current members of an organization will need to be added to new projects manually. For any other value, when a new project is created, current members of the organization will be given access to the project with the given permission level (in our example above, that would be Can Execute).

Limitations

In order to avoid confusing behavior and unintended side effects, the only event that can trigger automatic project membership is the creation of a new project. This means that when the value for the default membership permission is changed, it does not affect the memberships of any existing projects. Similarly, when a new user is added to an organization, they are not automatically added to existing projects based on the default membership permission.