Skip to content
Merged
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
5 changes: 4 additions & 1 deletion docs-main/appdev/deep-dives/authorization.mdx
Original file line number Diff line number Diff line change
Expand Up @@ -56,7 +56,10 @@ The Ledger API uses the following rights to govern request authorization:
- `participant_admin`: the right to administer the participant node
- `idp_admin`: the right to administer the users and parties belonging the same identity provider configuration as the authenticated user
- `canReadAs(p)`: the right to read information off the ledger (like the active contracts) visible to the party `p`
- `canActsAs(p)`: same as `canReadAs(p)`, with the added right of issuing commands on behalf of the party `p`
- `canActAs(p)`: same as `canReadAs(p)`, with the added right of issuing commands on behalf of the party `p`
- `canExecuteAs(p)`: the right to prepare and execute submissions as party `p`, without read access. A separate `canReadAs(p)` right is needed if reading is also required. This right is implicitly contained in `canActAs(p)`.
- `canReadAsAnyParty`: the right to read ledger data visible to any party on the participant. Intended for tools that need a continuous feed across all parties, such as PQS, without having to update subscriptions as parties are added or removed.
- `canExecuteAsAnyParty`: the right to prepare and execute submissions as any party on the participant. Intended for services that perform interactive submissions on behalf of many parties.

The following table summarizes the rights required to access each Ledger API endpoint:

Expand Down