Skip to main content
Applies to:


Summary Configure project-level access restrictions by removing default read permissions at the organization level and manually granting read access on specific projects. For infrastructure isolation with separate AWS accounts, use separate organizations as each requires its own data plane, though both can share the same license contract.

Configuration Steps

Step 1: Find your organization name

Login to Braintrust and hover over the organization name in the top left corner to view and copy the exact name (including any whitespace).

Step 2: Configure base organization permissions

Navigate to your organization settings and set the default permissions to only allow create, update, and manage access. Remove read access from the base permission level to prevent users from seeing all projects.

Step 3: Grant project-specific read access

Go to each individual project’s settings and manually add read access for specific users. This ensures users can only see the projects they’ve been explicitly granted access to.

Step 4: Create separate organizations for infrastructure isolation (if needed)

If you need separate AWS accounts and data planes (e.g., for testing infrastructure upgrades), create separate organizations. Each organization requires its own data plane but can be added to the same license contract.