This section will describe how users can access and compartmentalize resources in Tator.
Organizations are the top level grouping object for users and projects. A project must have exactly one organization. Users can be affiliated with one or more organizations. Users with admin access to an organization can register organizational infrastructure resources for use in projects, such as object storage buckets and Kubernetes clusters for algorithm processing or report generation. Admin users can also add new users to organizations, either by adding them directly if they already have a Tator account, or by inviting them via a system generated email.
Projects are the primary grouping mechanism for everything in Tator except the organizational data described above, including media, annotations, algorithms, and applets. They are meant to correspond to a siloed, tailored video analytics workflow. When a project is created, it must be assigned an organizational owner, however users are not required to be part of that organization to be given access to the project. Organizational infrastructure resources can only be used by projects owned by the same organization. Project administrators can add users to a project, define media, localization, and state types, define label trees, define annotation versions and layers, register algorithms, and register specialized applets. Users can be members of many projects, and they may have different access levels in each.
User accounts include the name, email address, and credentials for each user. Credentials include basic login info (username, password) and API keys. User accounts are important for provenance features in Tator, such as the who/when of uploading media or other files, creating and modifying media metadata, and executing algorithms.