Skip to content

Access Management

Identity and Access Management (IAM) helps you securely control access to VECTR resources. When a user makes a request, the policy enforcement code checks whether they are authenticated (signed in) and authorized (has permissions). You manage access by creating policies and attaching them to identities.

During authorization, the VECTR enforcement code uses values from the request context to check for matching policies and determine whether to allow or deny the request.

VECTR performs an "allow" override, meaning if any matching policy for the current request context results in an "allow", the request is permitted. By default, any request is denied unless a matching policy results in an "allow" evaluation. The evaluation logic for policies follow these rules:

  • By default, all requests are implicitly denied. Conversely, the default root user has full access regardless.

  • If a matching policy explicitly allows, the request is permitted.

  • If a matching policy explicitly denies, the request is not permitted.