Documentation Index
Fetch the complete documentation index at: https://docs.cedarai.com/llms.txt
Use this file to discover all available pages before exploring further.
This glossary defines the key terms you’ll encounter when using the Admin Portal. Understanding these concepts will help you manage access effectively.
Core concepts
Carrier
Carrier
The rail operator or business you are managing. Everything in the portal is scoped to a carrier.Example: TRLDBLKDRY, BNSF, UPYour carrier appears at the top of the left sidebar. All users, groups, roles, and bindings you see are specific to that carrier.
Organization
Organization
A higher-level grouping that can include multiple carriers.Use case: A company that operates several regional railroads might group them under one organization for easier management.Organizations allow shared settings and cross-carrier access when needed.
User
User
An individual person who can sign in to Cedar.Each user has:
- Email address (used for login)
- Display name
- Account status (Registered, Pending, etc.)
- MFA settings
User Group
User Group
A named team of users managed together.Purpose: Groups make access management scalable. Instead of assigning permissions to each user individually, you assign them to groups.Best practice: Always use groups, even for single users. It’s easier to add more people later.
Role
Role
A named set of abilities (permissions).Types:
- Built-in roles — provided by Cedar for common jobs
- Feature sets — the columns of the IAM matrix; check one to grant a whole product feature
- Custom roles — tailored to your organization’s needs (best built from matrix columns)
Feature set
Feature set
One column of the IAM matrix on the Roles page. Each column represents a single product feature at a specific access level — for example Notes — View, Inventory waybills — Operate, or Reporting — Manage. Checking the box on a row grants every permission that role needs to use that feature.Three standard levels:
- View — read-only access to the feature
- Operate — create, edit, and delete your own work in the feature
- Manage — moderate other people’s work and change feature-level settings
Binding
Binding
The access grant that connects a user group to a role and a scope.Formula:
Binding = User Group + Role + ScopeExample: “The Operations Team (group) can perform Operator actions (role) on Carrier TRLDBLKDRY (scope)”Without a binding, groups have no permissions.Scope
Scope
Where a role applies, such as a carrier or customer.Scope levels (from narrow to broad):
Always use the narrowest scope that meets your needs.
| Scope | Access |
|---|---|
| Customer | One customer’s data |
| Carrier | All data for the carrier |
| Organization | All carriers in the organization |
Portal sections
Dashboard
Overview of access metrics and recent activity
Bindings
Where you create and manage access grants
Roles
Where you view and create permission sets
Users
Where you manage individual accounts
User Groups
Where you organize users into teams
Activity Log
Audit trail of all changes
SCIM
Identity provider provisioning connections
Tools
Organization setup, enablements, API keys
How concepts relate
- Flow explanation
- Quick reference
- Users are added to User Groups
- Roles define permissions
- Bindings connect groups to roles with a scope
- Result: Access is granted
Deep dive: IAM Concepts
These conceptual guides explain the why behind IAM and provide technical details for advanced users.
IAM Overview
How identity & access management works in Cedar
IAM Concepts
Deep dive into identities, resources, and permissions
Policies & Roles
How bindings create policies
Feature Sets
The columns of the IAM matrix — Cedar curates them so your roles stay current
Why IAM
The problem IAM solves
Start using the Admin Portal
Getting Started
Practical walkthrough
Overview
Admin Portal introduction