# User access management in Illumina environments

In Illumina environments, user access is managed through the AWS Identity and Access Management (IAM) service.

The smallest unit of access control in in Illumina environments is an [**IAM scope**](https://help.connected.illumina.com/emedgene/emedgene-analyze-manual/settings/user_roles/iam-scopes-emedgene-roles).\
An **IAM role** is a specific set of IAM scopes that determine the user’s access level.

## Adding a new user

{% stepper %}
{% step %}
Navigate to your Illumina [Admin Console](https://help.connected.illumina.com/account-management/admin-console) > Domain > [User management](https://help.connected.illumina.com/account-management/admin-console/domain#user-management).
{% endstep %}

{% step %}
Send a [domain invitation](https://help.connected.illumina.com/account-management/admin-console/domain#domain-invitation) to the new user.

{% hint style="info" %}
**Note**: Ensure the user's email address is included in the list of [Allowed emails](https://help.connected.illumina.com/account-management/admin-console/domain#allowed-emails) before sending the invitation.
{% endhint %}
{% endstep %}

{% step %}
Add the user to the appropriate Emedgene [Workgroup](https://app.gitbook.com/u/XKkFeoEI6ud4Kqc3JcX7CSKh2z13) to grant access.
{% endstep %}

{% step %}
Assign the user an IAM Role.
{% endstep %}
{% endstepper %}

## IAM Roles

### v38.0+

There are four predefined IAM roles available in version v38.0 and later:

* **Director (+v38)**
* **Full Access User (+v38)**
* **Analyst (+v38)**
* **IT Team (+v38)**

Particular scopes that are included in each role can be checked in In Illumina [Admin Console](https://help.connected.illumina.com/account-management/admin-console) > Domain > [Role management](https://help.connected.illumina.com/account-management/admin-console/domain#role-management) by clicking on a particular role.

If none of predefined roles meet your needs, you can create a Custom Role by grouping specific scopes. See the [Custom Roles Instructions](https://help.connected.illumina.com/account-management/admin-console/domain#role-management) for more details.

### \<v38.0

On versions 37.0 and older, there is only one predefined IAM role, **Has access,** which is a prerequisite for accessing the platform. Once the **Has access** IAM role is assigned to a user, individual [IAM scopes](https://help.connected.illumina.com/emedgene/emedgene-analyze-manual/settings/user_roles/iam-scopes-emedgene-roles) must be assigned in the User Management tab in Settings.


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://help.connected.illumina.com/emedgene/emedgene-analyze-manual/settings/user_roles/user-access-management-in-illumina-environments.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.