Identity and Access Management
Identity and Access Management (IAM) is a comprehensive framework within the TIR AI Platform that controls who can access your resources and what actions they can perform. IAM enables organizations to structure their teams and projects with fine-grained access control, ensuring that users only have the permissions necessary for their role.
Overview
TIR organizes access around two hierarchical structures:
- Teams — Groups of users working together. A team can contain multiple projects.
- Projects — Workspaces where AI/ML resources (notebooks, endpoints, datasets, etc.) are created and managed.
Each user is assigned a role at either the account, team, or project level, which determines their permissions within that scope.
User Types
| Type | Description |
|---|---|
| Owner | The account holder. Has full control over the entire account, all teams, and all projects. Can add and remove any user. |
| User | Any person invited to the Owner's account, assigned a specific role within teams or projects. |
User Roles
Roles define what a user can see and do within TIR. Each role has a specific scope — account-level, team-level, or project-level.
Account-Level Roles
| Role | Scope | Can Add Users | Can Create |
|---|---|---|---|
| Admin | All teams and projects | Yes (all roles except Admin) | Teams and projects |
Team-Level Roles
| Role | Scope | Can Add Users | Can Create |
|---|---|---|---|
| Team Lead | Assigned team and its projects | Yes (up to Team Member) | Projects within their team |
| Team Member | Assigned team | No | Nothing |
Project-Level Roles
| Role | Scope | Can Add Users | Can Create |
|---|---|---|---|
| Project Lead | Assigned project | Yes (up to Member) | Nothing |
| Member | Assigned project (based on policy) | No | Nothing |
When adding a Member to a project, assigning a policy is mandatory. Policies define which TIR services and operations the member can access within the project. See Policies to learn how to create and manage them.
Role Hierarchy
Owner
└── Admin
└── Team Lead
└── Team Member
└── Project Lead
└── Member (requires Policy)
Each role can only add users at roles below their own level in the hierarchy.
Next Steps
- IAM Panel — Manage users, send invitations, and assign roles
- Team Settings — Create teams and manage team members
- Project Settings — Manage projects, members, policies, and resource usage
- Audit Logs — View event history across all TIR services