user management: more rights, optional primary party

CHANGELOG_BEGIN - [user management]: introduce rights to act as or read as any party hosted on a participant node CHANGELOG_END
digital-asset · Nov 29, 2021 · cf6516f · cf6516f
1 parent e5d3902
commit cf6516f
Showing 1 changed file with 21 additions and 3 deletions.
diff --git a/ledger-api/grpc-definitions/com/daml/ledger/api/v1/admin/user_management_service.proto b/ledger-api/grpc-definitions/com/daml/ledger/api/v1/admin/user_management_service.proto
@@ -39,7 +39,7 @@ service UserManagementService {
     rpc GetUser (GetUserRequest) returns (User);
 
     // Delete an existing user and all its rights.
-    rpc DeleteUser (DeleteUserRequest) returns (google.protobuf.Empty);
+    rpc DeleteUser (DeleteUserRequest) returns (DeleteUserResponse);
 
     // List the all existing users.
     rpc ListUsers (ListUsersRequest) returns (ListUsersResponse);
@@ -72,14 +72,27 @@ message User {
     // The primary party as which this user reads and acts by default on the ledger
     // _provided_ it has the corresponding ``CanReadAs(primary_party)`` or 
     // ``CanActAs(primary_party)`` rights.
+    //
+    // Ledger API clients SHOULD set this field to a non-empty value for all users to
+    // enable the users to act on the ledger using their own Daml party.
+    // Ledger API clients MAY set this field to empty for special users; e.g., a user
+    // that is granted ``CanReadAsAnyParty`` so that it can export the data for all parties
+    // hosted on the participant node.
     string primary_party = 2;
 }
 
+
 // A right granted to a user.
 message Right {
     // The user is allowed to administrate the participant node.
     message ParticipantAdmin {}
 
+    // The user can authorize commands for any party hosted on this participant node.
+    message CanActAsAnyParty {}
+
+    // The user can all read ledger data visible to some party on this participant node.
+    message CanReadAsAnyParty {}
+
     // The user can authorize commands for the given party.
     message CanActAs {
         string party = 1;
@@ -92,8 +105,10 @@ message Right {
 
     oneof kind {
         ParticipantAdmin participant_admin = 1;
-        CanActAs can_act_as = 2;
-        CanReadAs can_read_as = 3;
+        CanActAsAnyParty can_act_as_any_party = 2;
+        CanReadAsAnyParty can_read_as_any_party = 3;
+        CanActAs can_act_as = 4;
+        CanReadAs can_read_as = 5;
     }
 }
 
@@ -123,6 +138,9 @@ message DeleteUserRequest {
     string user_id = 1;
 }
 
+message DeleteUserResponse {
+}
+
 // Required authorization: ``HasRight(ParticipantAdmin)``
 message ListUsersRequest {
     // TODO: add pagination, cf. https://cloud.google.com/apis/design/design_patterns#list_pagination