Absolutely, read queries will show you contacts visible to Bob or Alice (because actAs implieds readAs). Command submissions will be equivalent to
submitMulti [Bob] [Alice] in Daml Script.
Yep, definitely valid. Doesn’t play a role for command submissions and queries but see next point.
First, let me clarify that the JSON API does not validate tokens. If you run your ledger without authorization enabled, the JSON API only uses the token to infer some information (e.g., the submitting party). The
admin field is completely ignored in that case. The more interesting case is if your ledger is running with authorization. In that case the required claims for party and package endpoints are as follows:
- All party endpoints require
admin claims. This corresponds to the party management service on the Ledger API.
- DAR upload also requires
admin claims. This corresponds to the package management service on the Ledger API.
- Listing packages and downloading individual packages does not require admin claims. This corresponds to the package service on the Ledger API (yes the names are slightly confusing here).