For daml ledger commands in Daml Assistant, what permission do they need? Do they always require admin=true token? Or each command has different permission requirement?
BTW, congratulations on the Series D funding. 
1 Like
It depends on the command. daml ledger commands map pretty directly to the underlying Ledger API calls. You can find the table of required permissions for the Ledger API at Authorization β Daml SDK 1.12.0 documentation. Putting that together you get the following:
-
daml ledger list-partiesmaps to thePartyManagementServiceso requiresadmin=true. -
daml ledger allocate-partiesalso maps to thePartyManagementServiceso also requiresadmin=true. -
daml ledger upload-darmaps to thePackageManagementServiceso also needsadmin=true. -
daml ledger fetch-darmaps to thePackageServiceso it only requires a public token (meaning no admin token or actAs, readAs necessary).
2 Likes
Just noticed that there is a new claim called public. What does the token look like in this case? A token without admin, readAs and actAs fields?
1 Like
A token without a requirement for admin, readAs or actAs. If they are present this is still a valid token but they are not required. You only need a non-expired token and if you have ledgerId and participantId in the token, they will be validated (but itβs fine to omit them).
2 Likes