User per node or User per party

Let’s say I have 3 parties A, B and C allocated on a Canton participant node.
What are the factors I should consider in trying to decide whether to have one single user representing all 3 parties (so one user per node), or 3 different users (one for each party) or something in between?

The user is the off-ledger entity tied to some form of off-ledger authentication that gives access to certain on-ledger claims. Users are most likely the individual users (and possibly service users) that need to access Ledger API service. Each user can read as or act on behalf of a combination of parties.

A party is an on-ledger entity which has specific on-ledger authorization with regards to see contracts and actions performed on them.

As such, the mapping between user and party depends on what the party is in the scope on the application and how do you want users to access that data. If A represents a regulatory entity where multiple people in that organization are entitled to see As contracts, you might want to create multiple users that can read as A. If B and C represent individual account holders at a financial institution, you might want to create one user per each party so that they cannot see each other’s contracts.

Hope this helps.

1 Like

In particular for service users I recommend to follow a principle of least privileges:

If you have some automation/backend running, create a user just for that automation and only give it access to the parties that it absolutely needs to have access to.

In my experience that usually means that each automation should have actAs access to at most one party and possibly readAs access to other parties. If you find you need actAs access to multiple parties, consider if you should split those components instead.

3 Likes

So I actually have 5 different parties on my node, say, A to E.
A and B belong to one stream/component/service, with it’s own team responsible for building, maintaining and releasing it.
C, D and E are each 3 separate components/services (and teams).

I do need one user U1 to be able to act as both A & B to be able to submit createAndExercise commands to reduce an extra ledger hop and 2 extra canton synchronization round trips.

I was thinking whether to also use U1 for C,D,E or have U2 for C, U3 for D, and U4 for E.
Based on what you both have mentioned above, it seems having U1-U4 makes more sense than having just U1 act as all 5 parties on the node.

1 Like

Yes I would go for U1-U4.

1 Like