Security Marking application to Ontology RID

can i apply a security marking to an entire ontology? (i.e. ri.ontology.main.ontology.___ ) I am exploring the idea of segregating ontology usage via Scoped Sessions. If i have two Spaces each with an associated Ontology, can I apply two different markings to each Ontology (and a scoped session for each) to force users to only view one Ontology at a time? What would be the implications?

Hi @acapras,

What is the workflow you are trying to achieve? There are some drawbacks to scoped sessions and we might be able to offer you a better solution with some upcoming work.

hey @owen thanks for the reply!

I was actually able to achieve this by hitting the following API to apply the marking to the entire Space:

POST https://{stack}.palantirfoundry.com/compass/api/markings/{spaceRid}
{
    "markingPatches": [
        {
            "markingId": {{markingId}},
            "patchOperation": "ADD"
        }
    ]
}

This seems to have also applied the marking to the Ontology too (i guess an ontology is a child of a space in the gk/permission tree?)

Switching between scoped sessions now shows/hides our Ontologies from the OMA ontology dropdown in the top left as i expected.

The reasoning for this is wanting to achieve segregation between a “Training” space (where users are granted permissions to create projects and object types freely & install marketplace products/examples), and a “Production” space (where governance controls are much stricter)

Makes sense. Glad you were able to achieve the desired outcome.

Yes, in most setups, ontologies are in a hidden project under the namespace.