Package com.daml.ledger.api.v2.admin
Interface UserManagementServiceGrpc.AsyncService
- All Known Implementing Classes:
UserManagementServiceGrpc.UserManagementServiceImplBase
- Enclosing class:
- UserManagementServiceGrpc
public static interface UserManagementServiceGrpc.AsyncService
Service to manage users and their rights for interacting with the Ledger API
served by a participant node.
The authorization rules for its RPCs are specified on the ``<RpcName>Request``
messages as boolean expressions over these facts:
1. ``HasRight(r)`` denoting whether the authenticated user has right ``r`` and
2. ``IsAuthenticatedUser(uid)`` denoting whether ``uid`` is the empty string or equal to the id of the authenticated user.
3. ``IsAuthenticatedIdentityProviderAdmin(idp)`` denoting whether ``idp`` is equal to the ``identity_provider_id``
of the authenticated user and the user has an IdentityProviderAdmin right.
If `user_id` is set to the empty string (the default), then the data for the authenticated user will be retrieved.
If `identity_provider_id` is set to an empty string, then it's effectively set to the value of access token's 'iss' field if that is provided.
If `identity_provider_id` remains an empty string, the default identity provider will be assumed.
The fields of request messages (and sub-messages) are marked either as ``Optional`` or ``Required``:
1. ``Optional`` denoting the client may leave the field unset when sending a request.
2. ``Required`` denoting the client must set the field to a non-default value when sending a request.
A user resource consists of:
1. a set of properties represented by the ``User`` message,
2. a set of user rights, where each right is represented by the ``Right`` message.
A user resource, once it has been created, can be modified.
In order to update the properties represented by the ``User`` message use the ``UpdateUser`` RPC. The only fields that can be modified are those marked as ``Modifiable``.
In order to grant or revoke user rights use ``GrantRights' and ``RevokeRights`` RPCs.
-
Method Summary
Modifier and TypeMethodDescriptiondefault voidcreateUser(UserManagementServiceOuterClass.CreateUserRequest request, io.grpc.stub.StreamObserver<UserManagementServiceOuterClass.CreateUserResponse> responseObserver) Create a new user.default voiddeleteUser(UserManagementServiceOuterClass.DeleteUserRequest request, io.grpc.stub.StreamObserver<UserManagementServiceOuterClass.DeleteUserResponse> responseObserver) Delete an existing user and all its rights.default voidgetUser(UserManagementServiceOuterClass.GetUserRequest request, io.grpc.stub.StreamObserver<UserManagementServiceOuterClass.GetUserResponse> responseObserver) Get the user data of a specific user or the authenticated user.default voidgrantUserRights(UserManagementServiceOuterClass.GrantUserRightsRequest request, io.grpc.stub.StreamObserver<UserManagementServiceOuterClass.GrantUserRightsResponse> responseObserver) Grant rights to a user.default voidlistUserRights(UserManagementServiceOuterClass.ListUserRightsRequest request, io.grpc.stub.StreamObserver<UserManagementServiceOuterClass.ListUserRightsResponse> responseObserver) List the set of all rights granted to a user.default voidlistUsers(UserManagementServiceOuterClass.ListUsersRequest request, io.grpc.stub.StreamObserver<UserManagementServiceOuterClass.ListUsersResponse> responseObserver) List all existing users.default voidrevokeUserRights(UserManagementServiceOuterClass.RevokeUserRightsRequest request, io.grpc.stub.StreamObserver<UserManagementServiceOuterClass.RevokeUserRightsResponse> responseObserver) Revoke rights from a user.default voidupdateUser(UserManagementServiceOuterClass.UpdateUserRequest request, io.grpc.stub.StreamObserver<UserManagementServiceOuterClass.UpdateUserResponse> responseObserver) Update selected modifiable attribute of a user resource described by the ``User`` message.default voidupdateUserIdentityProviderId(UserManagementServiceOuterClass.UpdateUserIdentityProviderIdRequest request, io.grpc.stub.StreamObserver<UserManagementServiceOuterClass.UpdateUserIdentityProviderIdResponse> responseObserver) Update the assignment of a user from one IDP to another.
-
Method Details
-
createUser
default void createUser(UserManagementServiceOuterClass.CreateUserRequest request, io.grpc.stub.StreamObserver<UserManagementServiceOuterClass.CreateUserResponse> responseObserver) Create a new user.
-
getUser
default void getUser(UserManagementServiceOuterClass.GetUserRequest request, io.grpc.stub.StreamObserver<UserManagementServiceOuterClass.GetUserResponse> responseObserver) Get the user data of a specific user or the authenticated user.
-
updateUser
default void updateUser(UserManagementServiceOuterClass.UpdateUserRequest request, io.grpc.stub.StreamObserver<UserManagementServiceOuterClass.UpdateUserResponse> responseObserver) Update selected modifiable attribute of a user resource described by the ``User`` message.
-
deleteUser
default void deleteUser(UserManagementServiceOuterClass.DeleteUserRequest request, io.grpc.stub.StreamObserver<UserManagementServiceOuterClass.DeleteUserResponse> responseObserver) Delete an existing user and all its rights.
-
listUsers
default void listUsers(UserManagementServiceOuterClass.ListUsersRequest request, io.grpc.stub.StreamObserver<UserManagementServiceOuterClass.ListUsersResponse> responseObserver) List all existing users.
-
grantUserRights
default void grantUserRights(UserManagementServiceOuterClass.GrantUserRightsRequest request, io.grpc.stub.StreamObserver<UserManagementServiceOuterClass.GrantUserRightsResponse> responseObserver) Grant rights to a user. Granting rights does not affect the resource version of the corresponding user.
-
revokeUserRights
default void revokeUserRights(UserManagementServiceOuterClass.RevokeUserRightsRequest request, io.grpc.stub.StreamObserver<UserManagementServiceOuterClass.RevokeUserRightsResponse> responseObserver) Revoke rights from a user. Revoking rights does not affect the resource version of the corresponding user.
-
listUserRights
default void listUserRights(UserManagementServiceOuterClass.ListUserRightsRequest request, io.grpc.stub.StreamObserver<UserManagementServiceOuterClass.ListUserRightsResponse> responseObserver) List the set of all rights granted to a user.
-
updateUserIdentityProviderId
default void updateUserIdentityProviderId(UserManagementServiceOuterClass.UpdateUserIdentityProviderIdRequest request, io.grpc.stub.StreamObserver<UserManagementServiceOuterClass.UpdateUserIdentityProviderIdResponse> responseObserver) Update the assignment of a user from one IDP to another.
-