> ## Documentation Index
> Fetch the complete documentation index at: https://docs.coreweave.com/llms.txt
> Use this file to discover all available pages before exploring further.

# What is the difference between legacy groups and IAM policies?

Legacy groups (`admin`, `write`, `read`, `metrics`, `billing_viewer`) are CoreWeave's older group-based permission model. Group membership grants an organization-wide bundle of capabilities. IAM access policies are the newer, role-based model: each policy contains rules that assign specific roles (such as `CKS Admin`, `Billing Viewer`, or `Observability Viewer`) to specific principals (a user or a group), so administrators can compose least-privilege permissions that legacy groups cannot. Legacy groups are still supported, but new permission work should use IAM access policies.

For full details, see [Legacy permissions](/security/iam/access-policies/legacy-permissions) and [Access policies](/security/iam/access-policies).

***

<Badge stroke shape="pill" color="blue" size="md">[Administrator](/support/platform/tags/administrator)</Badge><Badge stroke shape="pill" color="blue" size="md">[Authentication & Access](/support/platform/tags/authentication-access)</Badge>
