initial-rbac
This section lists the Corda CLI initial-rbac arguments. You can use these commands to manually create RBAC
Role-based access control. Also known as role-based security. A permission system to restrict system access based on assigned permissions.
roles, as described in the Manual Bootstrapping section.
user-admin
The user-admin command creates a UserAdminRole role, which permits the following:
- Create and delete users
- Create and delete permissions
- Create and delete roles
- Assign and un-assign roles to users
- Assign and un-assign permissions to roles
| Argument | Description |
|---|---|
| -k, --insecure | Specifies if insecure server connections with SSL are permitted. The default value is false. |
| -p, --password | The password for the user. |
| -pv, --protocol-version | The minimum protocol version. The default value is 1. |
| -t, --target | The target address of the REST API Endpoint. For example, https://host:port. |
| -u, --user | The username. |
| -y, --yield | The duration in seconds to wait for a REST connection to become available. The default value is 10. |
corda-cli.sh initial-rbac user-admin --yield 300 --user <INITIAL-USERNAME> --password <INITIAL-PASSWORD> --target <API-ENDPOINT>
corda-cli.cmd initial-rbac user-admin --yield 300 --user <INITIAL-USERNAME> --password <INITIAL-PASSWORD> --target <API-ENDPOINT>
vnode-creator
The vnode-creator command creates a VNodeCreatorRole role, which permits the following:
- Uploading CPIs
- Creating virtual nodes
- Updating virtual nodes
| Argument | Description |
|---|---|
| -k, --insecure | Specifies if insecure server connections with SSL are permitted. The default value is false. |
| -p, --password | The password for the user. |
| -pv, --protocol-version | The minimum protocol version. The default value is 1. |
| -t, --target | The target address of the REST API Endpoint. For example, https://host:port. |
| -u, --user | The username. |
| -y, --yield | The duration in seconds to wait for a REST connection to become available. The default value is 10. |
corda-cli.sh initial-rbac vnode-creator --yield 300 --user <INITIAL-USERNAME> --password <INITIAL-PASSWORD> --target <API-ENDPOINT>
corda-cli.cmd initial-rbac vnode-creator --yield 300 --user <INITIAL-USERNAME> --password <INITIAL-PASSWORD> --target <API-ENDPOINT>
corda-developer
The corda-developer command creates a CordaDeveloperRole role, which permits the following:
- Reset virtual nodes
- Sync virtual node vaults
- Change the state of virtual nodes
| Argument | Description |
|---|---|
| -k, --insecure | Specifies if insecure server connections with SSL are permitted. The default value is false. |
| -p, --password | The password for the user. |
| -pv, --protocol-version | The minimum protocol version. The default value is 1. |
| -t, --target | The target address of the REST API Endpoint. For example, https://host:port. |
| -u, --user | The username. |
| -y, --yield | The duration in seconds to wait for a REST connection to become available. The default value is 10. |
corda-cli.sh initial-rbac corda-developer --yield 300 --user <INITIAL-USERNAME> --password <INITIAL-PASSWORD> --target <API-ENDPOINT>
corda-cli.cmd initial-rbac corda-developer --yield 300 --user <INITIAL-USERNAME> --password <INITIAL-PASSWORD> --target <API-ENDPOINT>
flow-executor
The flow-executor command creates a FlowExecutorRole role, which permits the following for a specified virtual node:
- Start any flow
- Enquire about the status of running flows
| Argument | Description |
|---|---|
| -k, --insecure | Specifies if insecure server connections with SSL are permitted. The default value is false. |
| -p, --password | The password for the user. |
| -pv, --protocol-version | The minimum protocol version. The default value is 1. |
| -t, --target | The target address of the REST API Endpoint. For example, https://host:port. |
| -u, --user | The username. |
| -v, --v-node-id | The short hash identifier of the virtual node that the permissions apply to. |
| -y, --yield | The duration in seconds to wait for a REST connection to become available. The default value is 10. |
corda-cli.sh initial-rbac flow-executor --v-node-id 253501665E9D --yield 300 --user <INITIAL-USERNAME> --password <INITIAL-PASSWORD> --target <API-ENDPOINT>
corda-cli.cmd initial-rbac flow-executor --v-node-id 253501665E9D --yield 300 --user <INITIAL-USERNAME> --password <INITIAL-PASSWORD> --target <API-ENDPOINT>
all-cluster-roles
The all-cluster-roles command creates all of the cluster-scoped roles: CordaDeveloperRole, UserAdminRole, VNodeCreatorRole.
| Argument | Description |
|---|---|
| -k, --insecure | Specifies if insecure server connections with SSL are permitted. The default value is false. |
| -p, --password | The password for the user. |
| -pv, --protocol-version | The minimum protocol version. The default value is 1. |
| -t, --target | The target address of the REST API Endpoint. For example, https://host:port. |
| -u, --user | The username. |
| -y, --yield | The duration in seconds to wait for a REST connection to become available. The default value is 10. |
corda-cli.sh initial-rbac all-cluster-roles --yield 300 --user <INITIAL-USERNAME> --password <INITIAL-PASSWORD> --target <API-ENDPOINT>
corda-cli.cmd initial-rbac all-cluster-roles --yield 300 --user <INITIAL-USERNAME> --password <INITIAL-PASSWORD> --target <API-ENDPOINT>
Was this page helpful?
Thanks for your feedback!
Chat with us
Chat with us on our #docs channel on slack. You can also join a lot of other slack channels there and have access to 1-on-1 communication with members of the R3 team and the online community.
Propose documentation improvements directly
Help us to improve the docs by contributing directly. It's simple - just fork this repository and raise a PR of your own - R3's Technical Writers will review it and apply the relevant suggestions.
We're sorry this page wasn't helpful. Let us know how we can make it better!
Chat with us
Chat with us on our #docs channel on slack. You can also join a lot of other slack channels there and have access to 1-on-1 communication with members of the R3 team and the online community.
Create an issue
Create a new GitHub issue in this repository - submit technical feedback, draw attention to a potential documentation bug, or share ideas for improvement and general feedback.
Propose documentation improvements directly
Help us to improve the docs by contributing directly. It's simple - just fork this repository and raise a PR of your own - R3's Technical Writers will review it and apply the relevant suggestions.