# User access management

In Emedgene, the [smallest unit of access control](https://help.connected.illumina.com/emedgene/emedgene-analyze-manual/settings/user_roles/iam-scopes-emedgene-roles) is an **Emedgene role** in legacy Emedgene environments and an **IAM scope** in Illumina environments. Each Emedgene role corresponds directly to an IAM scope, both defining the same set of access permissions.

In **Illumina environments**, user access is [managed externally](https://help.connected.illumina.com/emedgene/emedgene-analyze-manual/settings/user_roles/user-access-management-in-illumina-environments) through the AWS Identity and Access Management (IAM) service.

In **legacy Emedgene environments**, user access is [managed internally](https://help.connected.illumina.com/emedgene/emedgene-analyze-manual/settings/user_roles/user-access-management-in-legacy-emedgene-environments) via the User Management tab in Settings.