Skip to main content
This glossary defines the key terms you’ll encounter when using the Admin Portal. Understanding these concepts will help you manage access effectively.
For a deeper technical understanding, see the IAM Concepts guide.

Core concepts

Carrier

The rail operator or business you are managing. Everything in the portal is scoped to a carrier.Example: TRLDBLKDRY, BNSF, UPYour carrier appears at the top of the left sidebar. All users, groups, roles, and bindings you see are specific to that carrier.
A higher-level grouping that can include multiple carriers.Use case: A company that operates several regional railroads might group them under one organization for easier management.Organizations allow shared settings and cross-carrier access when needed.
An individual person who can sign in to Cedar.Each user has:
  • Email address (used for login)
  • Display name
  • Account status (Registered, Pending, etc.)
  • MFA settings
Users don’t have direct permissions—they get access through group membership.
A named team of users managed together.Purpose: Groups make access management scalable. Instead of assigning permissions to each user individually, you assign them to groups.Best practice: Always use groups, even for single users. It’s easier to add more people later.
A named set of abilities (permissions).Types:
  • Built-in roles — provided by Cedar for common jobs
  • Custom roles — tailored to your organization’s needs
Roles define what someone can do, not where they can do it. The where comes from the binding’s scope.
The access grant that connects a user group to a role and a scope.Formula: Binding = User Group + Role + ScopeExample: “The Operations Team (group) can perform Operator actions (role) on Carrier TRLDBLKDRY (scope)”Without a binding, groups have no permissions.
Where a role applies, such as a carrier or customer.Scope levels (from narrow to broad):
ScopeAccess
CustomerOne customer’s data
CarrierAll data for the carrier
OrganizationAll carriers in the organization
Always use the narrowest scope that meets your needs.

Portal sections

Dashboard

Overview of access metrics and recent activity

Bindings

Where you create and manage access grants

Roles

Where you view and create permission sets

Users

Where you manage individual accounts

User Groups

Where you organize users into teams

Activity Log

Audit trail of all changes

SCIM

Identity provider provisioning connections

Tools

Organization setup, enablements, API keys

How concepts relate

  1. Users are added to User Groups
  2. Roles define permissions
  3. Bindings connect groups to roles with a scope
  4. Result: Access is granted

Deep dive: IAM Concepts

These conceptual guides explain the why behind IAM and provide technical details for advanced users.

IAM Overview

How identity & access management works in Cedar

IAM Concepts

Deep dive into identities, resources, and permissions

Policies & Roles

How bindings create policies

Why IAM

The problem IAM solves

Start using the Admin Portal

Getting Started

Practical walkthrough

Overview

Admin Portal introduction