What is IAM?

Identity & Access Management (IAM) in Cedar.AI helps you define who (identity) has what access (role) to which resources (scope). It implements least-privilege access with flexible, policy-based controls similar to Google Cloud, Azure, and AWS.

Key concepts

Members (users or groups) are linked to roles (collections of permissions) on resources.

Identities

Users and groups define who can be granted access. See Concepts for full identity tables and example resources.

How IAM works

High level: members get roles on resources. On access, ARMS checks whether the role includes the required permission and grants or denies. See Concepts for the full flow and diagram.

IAM flow (example)

Resource examples and hierarchy

Resources can be top‑level (organization, site, operator) or sub‑resources (stations, terminals, warehouses, tracks, workflows, equipment). Roles can be assigned at any level to scope access broadly or precisely.
  • Top‑level: organization, site, operator (railroad, transload, intermodal)
  • Sub‑resources: station, yard/track group, warehouse, terminal, workflow, equipment/asset

Resources, permissions, roles

Overview: resources are protected by permissions grouped into roles. See Concepts for definitions and examples.

Resource hierarchy and inheritance

Summary: access granted at a top level (for example, organization, site, or operator) flows down to sub-resources (for example, terminals, groups/tracks, workflows, or individual assets). Grant at a lower level for precision. See Concepts for details.

Roles: predefined and custom

Use predefined roles for common tasks, or define custom roles. See Policies & Roles for guidance.

Permissions and conditions

Permissions typically map to API operations; conditions narrow access. See Concepts for examples.

Frontend integration

High-level UX patterns: page gating, component gating, and data filtering. See Frontend Integration for guidance.

Learn more