Skip to main content

What is IAM?

Identity & Access Management (IAM) in Cedar.AI helps you define who (identity) has what access (role) to which resources (scope). It implements least-privilege access with flexible, policy-based controls similar to Google Cloud, Azure, and AWS.

Key concepts

Members (users or groups) are linked to roles (collections of permissions) on resources.
Ready to get started? Use the Admin Portal to manage users, groups, roles, and bindings through a friendly interface.

Identities

Users and groups define who can be granted access. See Concepts for full identity tables and example resources.

How IAM works

High level: members get roles on resources. On access, ARMS checks whether the role includes the required permission and grants or denies. See Concepts for the full flow and diagram.

IAM flow (example)

Resource examples and hierarchy

Resources can be top‑level (organization, site, operator) or sub‑resources (stations, terminals, warehouses, tracks, workflows, equipment). Roles can be assigned at any level to scope access broadly or precisely.
  • Top‑level: organization, site, operator (railroad, transload, intermodal)
  • Sub‑resources: station, yard/track group, warehouse, terminal, workflow, equipment/asset

Resources, permissions, roles

Overview: resources are protected by permissions grouped into roles. See Concepts for definitions and examples.

Resource hierarchy and inheritance

Summary: access granted at a top level (for example, organization, site, or operator) flows down to sub-resources (for example, terminals, groups/tracks, workflows, or individual assets). Grant at a lower level for precision. See Concepts for details.

Roles: predefined and custom

Use predefined roles for common tasks, or define custom roles. See Policies & Roles for guidance.

Permissions and conditions

Permissions typically map to API operations; conditions narrow access. See Concepts for examples.

Frontend integration

High-level UX patterns: page gating, component gating, and data filtering. See Frontend Integration for guidance.

Learn more

Conceptual guides

Why IAM

The problem it solves and why it matters

Concepts

Identities, resources, permissions, roles, conditions

Policies & Roles

Define who can do what on which resource

Customer Portal

Configure customer-facing access with IAM

Admin Portal (practical guides)

Admin Portal Overview

Get started with the Admin Portal interface

Users

Manage individual user accounts

User Groups

Organize users into teams

Roles

View and create permission sets

Bindings

Grant access by connecting groups to roles

Glossary

Quick reference for all IAM terms