Managing Roles and Permissions
By default, when a cluster starts, the “super admin” REST user identity is created, which has unrestricted access permissions. This user is created using a special utility that performs a one-time write to the RBAC permissions database. This “super admin” user can create additional users and assign necessary permissions to them. These permissions may include, but are not limited to, the ability to create even more users. A user with permission to create other users cannot assign more permissions other users than it currently has itself.
RBAC permission templates enable you to create fine-grained roles for specific actions such as:
- A dedicated role which can create users, roles, and permissions and drive all the associations between them.
- A dedicated role with a set of all the necessary permissions to create a virtual node The combination of the context of a user and the ephemeral compute instances created to progress a transaction on that identity's behalf. (including CPI Corda Package Installer. A signed ZIP/JAR combination of a CPB and a Group Policy File that defines not only the application code that a virtual node will run, but also the details of the MGM with which to register, and the details of network PKI requirements. upload).
- A dedicated role which allows flows to run on this virtual node.
Default Roles
The following table lists the roles created by default by RBAC bootstrapping as part of deploying Corda. For information about creating roles manually, see the Manual Bootstrapping section.
Role | Description |
|---|---|
UserAdminRole | Permits the following: |
VNodeCreatorRole | Permits the following: |
FlowExecutorRole | Permits the following for a specified virtual node: |
Was this page helpful?
Thanks for your feedback!
Chat with us
Chat with us on our #docs channel on slack. You can also join a lot of other slack channels there and have access to 1-on-1 communication with members of the R3 team and the online community.
Propose documentation improvements directly
Help us to improve the docs by contributing directly. It's simple - just fork this repository and raise a PR of your own - R3's Technical Writers will review it and apply the relevant suggestions.
We're sorry this page wasn't helpful. Let us know how we can make it better!
Chat with us
Chat with us on our #docs channel on slack. You can also join a lot of other slack channels there and have access to 1-on-1 communication with members of the R3 team and the online community.
Create an issue
Create a new GitHub issue in this repository - submit technical feedback, draw attention to a potential documentation bug, or share ideas for improvement and general feedback.
Propose documentation improvements directly
Help us to improve the docs by contributing directly. It's simple - just fork this repository and raise a PR of your own - R3's Technical Writers will review it and apply the relevant suggestions.