Skip to main content

What are Spaces?

Spaces represent logical groupings of Connectors, Satellites, and Resources that can communicate with each other. They enable network segmentation and access isolation that mirrors your infrastructure’s connectivity patterns. Think of Spaces as virtual network boundaries for Formal objects.

How Spaces Work

Isolation

Objects in different Spaces cannot communicate with each other

Flexibility

Objects without a Space can access any Resource that is not in a Space

Space Rules

Assignment Rules

  • Each object can belong to at most ONE Space
  • Objects without a Space can access any Resource without a Space
  • Objects with a Space can only access Resources in the same Space

Connectivity Matrix

ConnectorResourceCan Connect?
No SpaceNo Space✅ Yes
No SpaceSpace A❌ No
Space ANo Space❌ No
Space ASpace A✅ Yes
Space ASpace B❌ No
The same rules apply to Satellites and Resources.

Use Cases

Environment Segmentation

Create Spaces for each environment to prevent cross-environment access: 
Production Space:
  - production-connector
  - production-postgres
  - production-snowflake

Staging Space:
  - staging-connector
  - staging-postgres

Development Space:
  - dev-connector
  - dev-postgres
Now a user connecting through production-connector can only reach production databases, even if they have credentials for staging.

Geographic Isolation

Separate resources by region for compliance or latency requirements: 
US-East Space:
  - us-east-connector
  - us-east-postgres
  - us-east-s3

EU-West Space:
  - eu-west-connector
  - eu-west-postgres
  - eu-west-s3

Team-Based Access

Create Spaces for different teams or projects: 
Engineering Space:
  - eng-connector
  - production-db
  - analytics-warehouse

Analytics Space:
  - analytics-connector
  - analytics-warehouse (shared)
  - data-lake

Creating and Managing Spaces

  • Web Console
  • Terraform
1

Navigate to Spaces

Go to Spaces in the Formal console
2

Create Space

Click New Space and provide a name
3

Assign objects

Edit Connectors, Satellites, or Resources to assign them to the Space

Updating Spaces

Changing an Object’s Space

When you change a Connector, Satellite, or Resource’s Space assignment:
You must restart the Connector or Satellite for the change to take effect. This is a connectivity change that requires reinitialization.
For Resources, the change is immediate—new connections will respect the new Space assignment.

Testing Space Changes

Before applying Space changes in production:
  1. Create a test Connector in the new Space
  2. Verify connectivity to intended Resources
  3. Update the production Connector’s Space
  4. Restart the Connector
  5. Verify connectivity

Deleting Spaces

Spaces cannot be deleted if they contain any objects.
1

Remove all objects

Reassign or delete all Connectors, Satellites, and Resources in the Space
2

Verify empty

Confirm the Space shows 0 objects
3

Delete Space

Click Delete in the Space details page

Spaces vs. Policies

AspectSpacesPolicies
PurposeNetwork segmentationAccess control
Enforced atInfrastructure layerRequest layer
Use forEnvironment isolationPermission rules
Best practice: Use Spaces for infrastructure segmentation and Policies for user-level access control. They complement each other.

Best Practices

Create Spaces that match your actual network topology and environment boundaries. This makes Space assignments intuitive.
At minimum, create Spaces for production, staging, and development. This prevents accidental prod access from lower environments.
Don’t create Spaces per user or team. Use Policies for user-level access control and Spaces for infrastructure segmentation.
Always test connectivity after changing Space assignments, especially in production. Deploy a test Connector first.
Use clear names and maintain documentation of what each Space represents and which teams use it.

Next Steps

Deploy Connectors

Create Connectors in your Spaces

Add Resources

Assign Resources to Spaces

Deploy Satellites

Add Satellites to your Spaces

Write Policies

Control access within Spaces