# Identity and Access Management (IAM) Here you can find an overview of the Emporix identity and access management (IAM) concept, along with its features and benefits. {% hint style="info" %} * Looking for code tutorials? Check out the [Identity and access management (IAM) Service guide](https://app.gitbook.com/s/d4POTWomuSS7d3dnh4Dg/api-guides/users-and-permissions/iam/iam). * Looking for API reference? Check out the [IAM Service](https://app.gitbook.com/s/d4POTWomuSS7d3dnh4Dg/api-guides/users-and-permissions/iam) in the Emporix API Reference. {% endhint %} ### Purpose The IAM feature has been introduced to help you control the user access level in specific services. By defining clear-cut roles and permissions, you can be sure that unauthorized users won't be able to modify or view sensitive data.\ We have prepared a set of predefined access control templates so that you can get started quickly. ### Features The Emporix IAM concept introduces a set of features that make identity and access management easier: | Feature | Description | | ------------------------------------------------ | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | | **User types** | For a tenant, there are two types of users available: customers and employees of that tenant. | | **Employee groups** | Employee groups aggregate employees of a tenant that share the same access control within a particular service and resource. By assigning an employee to a particular group, you grant them a specific access control level. Access controls are applied to both the Emporix Management Dashboard and the APIs through scopes. To learn more about scopes, check out the [Authorization and scopes guide](https://developer.emporix.io/docs/content/introduction/#authorization-and-scopes). | | **Access controls and access control templates** | Access controls combine both resources and roles. For example, a user with a `manager` role can view, create, delete, and edit resources within a service. You can use access control templates that contain predefined settings for roles. For more information, check out [Access control templates](#access-control-templates). | | **Resources** | Objects within Emporix API services, for example `area` and `time` resources in the **Delivery Service**. | | **Roles** | Roles encapsulate predefined permissions that allow users to perform actions on resources within services. For example, a user with a `manager` role can create, view, edit, and delete resources within a service. | | **Permissions** | Permissions define what actions a user with a specific role can perform on resources within services. For example, a service might have permissions to perform the following actions on a resource: view, create, delete, and edit. | | **Localized fields** | When creating or updating a group, permission, or role, you can specify its name and description in multiple languages. | ### Overview The following diagram presents an example of the information flow in the IAM Service. {% hint style="success" %} For example, a "Catalog editors" user group may comprise of users granted edit, create, and view permissions within the Catalog resource in the Catalog service. {% endhint %}
### Access control templates Emporix provides you with several predefined access control templates that you can apply to a group: | Name | Service/Resource | | ----------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------ | | **Catalog Manager** | | | **Pricing Manager** | | | **Order Fulfillment Manager** | |