Roles

A role is a named set of abilities (permissions). Roles are assigned to groups through bindings to grant access.

Types of roles

Built-in roles
Custom roles

Cedar provides built-in roles for common jobs. These are maintained by Cedar and cover typical use cases.Examples:

arms.carrierAdmin — Full carrier administration
arms.carrierOperator — Day-to-day operations
arms.customerAdmin — Customer-level administration

Start with built-in roles if you’re unsure what permissions you need.

Find and review roles

Use the search box to find roles by name. Type part of the name to filter the list.

Select a role

Click on a role to see its details and the permissions it includes.

Review permissions

Check that the role includes the permissions you need—and nothing more.

Role details

Edit role permissions

Click on any role to view and edit its permissions. The permissions panel shows all the capabilities included in the role.

Role permissions editor showing all included permissions

The permissions view displays:

Role name and parent — the role’s identity and inheritance
Permission list — all permissions included in this role
Permission groups — permissions organized by feature area

Use the search box to quickly find specific permissions within a role.

Create a custom role

Click New Role

Select New role from the Roles page.

Name and describe

Give your role a clear name and description. The name should indicate what the role allows.

✅ Good	❌ Avoid
Inventory Viewer	Custom Role 1
Billing Read-Only	John’s Permissions

Select permissions

Choose the specific permissions this role should include. Only select what’s needed.

Save and bind

Save the role, then create a binding to grant it to a group.

Create Role dialog with name, parent, and description fields

Dialog fields explained

Field	Required	Description
Name	Yes	Unique identifier for the role (e.g., `mycompany.inventoryViewer`)
Parent	Yes	The parent role this role inherits from
Description	No	Brief description of what this role allows

Custom roles inherit permissions from their parent role. Choose a parent that has the base permissions you need, then the child role can add or restrict further.

Best practices

Start with built-in roles

Built-in roles cover most common scenarios. Only create custom roles when you have a specific need that isn’t met.

Keep roles focused

Each role should represent a clear job function. If you find yourself adding unrelated permissions, consider creating multiple roles instead.

Use descriptive names

Anyone should be able to understand what a role does from its name. Include the resource type and action level (e.g., “Inventory Editor”, “Billing Viewer”).

Document custom roles

For custom roles, add a clear description explaining what the role is for and who should have it.

Bindings

Connect roles to groups

User Groups

Manage the teams that get roles

Glossary

Key terms explained

Activity Log

Track role changes

Policies & Roles

How roles fit into the IAM policy model

IAM Concepts

Deep dive into permissions and conditions

Customer Portal

Customer-specific role examples

IAM Overview

The big picture of access control

Getting started

ARMS

Single Sign-On (SSO)

Identity & Access Management

Types of roles

Find and review roles

Role details

Edit role permissions

Create a custom role

Dialog fields explained

Best practices

Bindings

User Groups

Glossary

Activity Log

Policies & Roles

IAM Concepts

Customer Portal

IAM Overview

Getting started

ARMS

Single Sign-On (SSO)

Identity & Access Management

​Types of roles

​Find and review roles

​Role details

​Edit role permissions

​Create a custom role

​Dialog fields explained

​Best practices

​Related: Admin Portal

Bindings

User Groups

Glossary

Activity Log

​Related: IAM Concepts

Policies & Roles

IAM Concepts

Customer Portal

IAM Overview

Types of roles

Find and review roles

Role details

Edit role permissions

Create a custom role

Dialog fields explained

Best practices

Related: Admin Portal

Related: IAM Concepts