Managing user permissions

Use this guide to configure permissions for HTTP-RPC operations.

The Corda 5 Developer Preview uses Apache Shiro libraries and databases to hold permissions data at runtime, as described in Corda 4’s guide on managing RPC security .

When expressing grants for users, you can still use extended syntax for individual users, as described in Corda 4’s guide on defining RPC users and permissions .

Configure user permissions: flow initiation

For a user to start a flow via HTTP-RPC you need to:

  1. Set the permissions for the target flow.
  2. Grant HTTP-RPC specific permission for FlowStarterRPCOps: InvokeRpc:net.corda.client.rpc.flow.FlowStarterRPCOps#startFlow or InvokeRpc:net.corda.client.rpc.flow.FlowStarterRPCOps#ALL.

Here’s an example of how to configure permissions in the node.conf file:

For user user1 with password password1 to start the flow net.corda.sample.datapersistence.flows.RecordFlow$Initiator (where Initiator is an inner class of RecordFlow), the node.conf section must include:

security {
    authService {
        dataSource {
            type=INMEMORY
            users=[
                {
                    username=user1
                    password=password1
                    permissions=[
                        "InvokeRpc:net.corda.client.rpc.flow.FlowStarterRPCOps#startFlow",
                        "StartFlow.net.corda.sample.datapersistence.flows.RecordFlow$$Initiator"
                    ]
                }
            ]
        }
    }
}

Was this page helpful?

Thanks for your feedback!

Chat with us

Chat with us on our #docs channel on slack. You can also join a lot of other slack channels there and have access to 1-on-1 communication with members of the R3 team and the online community.

Propose documentation improvements directly

Help us to improve the docs by contributing directly. It's simple - just fork this repository and raise a PR of your own - R3's Technical Writers will review it and apply the relevant suggestions.

We're sorry this page wasn't helpful. Let us know how we can make it better!

Chat with us

Chat with us on our #docs channel on slack. You can also join a lot of other slack channels there and have access to 1-on-1 communication with members of the R3 team and the online community.

Create an issue

Create a new GitHub issue in this repository - submit technical feedback, draw attention to a potential documentation bug, or share ideas for improvement and general feedback.

Propose documentation improvements directly

Help us to improve the docs by contributing directly. It's simple - just fork this repository and raise a PR of your own - R3's Technical Writers will review it and apply the relevant suggestions.