From 9e583c30b56d30ff51ddd9f060405c46a25eaaf9 Mon Sep 17 00:00:00 2001 From: Karim <98668332+khadni@users.noreply.github.com> Date: Mon, 4 Mar 2024 22:19:39 +0100 Subject: [PATCH 1/4] Update NOP - RBAC --- .../images/chainlink-nodes/cl-nodes-RBAC.png | Bin 0 -> 9106 bytes .../chainlink-nodes/configuring-nodes.mdx | 2 +- .../external-adapters/node-operators.mdx | 2 +- .../external-initiators-in-nodes.mdx | 4 +- .../chainlink-nodes/oracle-jobs/jobs.mdx | 2 + .../resources/miscellaneous.mdx | 12 +-- .../chainlink-nodes/v1/roles-and-access.mdx | 89 ++++++++++++++---- src/pages/chainlink-nodes.astro | 19 ++++ 8 files changed, 102 insertions(+), 28 deletions(-) create mode 100644 public/images/chainlink-nodes/cl-nodes-RBAC.png diff --git a/public/images/chainlink-nodes/cl-nodes-RBAC.png b/public/images/chainlink-nodes/cl-nodes-RBAC.png new file mode 100644 index 0000000000000000000000000000000000000000..2483feca617644b066b5b648d22608d36eeae67d GIT binary patch literal 9106 zcmch6c|4Ts`|v$uFo+pNRAMAbWG!1XqY#xPD(YlkN|v!kS!Re7Em|pRq=inBQYm62 zN~chVqHJSV_H1L8=Xvj$&N<)rkN5ljKA-c)Z|0BZd9LTa_Upcu`#I(0uuWQWxg-EU z+RoO>82~K2#R9w-yv)S5aNuQGl(k!w3pF4r#yi3vSo%?Y{7H5p-Ut1i{k{E;hQISS z2S8+P;BL1lH~XDtzSIyMZ^0U!*pM)Y4S+d0Hq6^M$UlnY<9{$P)MC{{1#=ZC(9dF( z>qdJ$`>?J4hXQSnMfkfMbJ*>BEXdc?Zxwkn$voB!5(x2+@+QTG1cyeN#agTq(lvwk z0kj1KBLb=&Hk+xDJ{7I%d`s;o5^bAPGraA$J8#nj|_!{eJlMM6>40ZMO zb@fcw>l>KqZ8Y0xNc!uy3NnoF3ovuGviXZ0e6m<|C@Lzm7 z)Kpi`K-a)vJzTLq@@Qz3ckKGmNVUHySouf#Mg)dM1yVyv0*c-~)aWRSRZ!SpT7-oC zLpC(>FH1q2>Bf48>FVp~3AFlqp}qb8e`!d_KdU37oc;eJ@Bfo<JtD53c2Z#T5iZNEqa7*f*L{+YHb$y-(@lWuk`-H_51I# znEY2J6U}t5yJNDaXC;6P5 zYq>b<_czN7Rz0;k6nID8OG#VGL2+}+9WDJUxo!7Es4^G3rE`y6ybQi?M~E9F-k5kT zx^-FG^hv+m8EX^w7zaYbT=h=J`JJr`E<;CeYn8OdOnuqi%8l!e{1Me2?JfdZ{QDOJ zI^2$U@b4}#F_0kozq$Mymeu;3!z7jlwSTep8Vd~$rG7wXZ!fb)kF`84lR^2Ref*ZL zv)#y0$UJ+JW^|Oxut*3C8QtzuT0C+f#d@|ubTK&TG+YrGb53hGJhVR`XekjVf&(~! zp({%!4i9c!!zgOgRoy8Y(0u$Lp}1@M;#NR}|FsV)jMV{#0&h<`&CE+BPSqu*Y9>iw zuym+?-mojz(j;33FM!kdEZ*Ir$M|m;CdJa%XIgAEQvV;uMj~u~r zH=dy~pEg~0XR5(bCz!2y*+QC#b?Sy*piFs|kDzn!cbFkbxTIapXBnGcMzlNH0)bcL zP+uu#II4G?P9zCKW?6lBGb5ZP+6;2Aq5`c*;q#2Icgb~374M5I*BDyE;cGr*I;fUq zNM+I2){#pm!qL_*p3mgb#FRUiP;NKVL1eEE>hOXYDv1TJ*CSVpxM{P9Q*P1xye_UN zcT4q|O}eQd+gE~hTgp#@HHsl!{KPy@TW&fgRU+r4Fx!Bmw{$XlJ^8Ci+AsPiCww%a z7(VjoA{#WFcFg;odKS@30OH(bU-ZUjZ|Jm%RsZaW!vM|?M4lFL9Tzn;&Iu%eYEVI| z^Tg|k!WjFb{C~Vf!)h44o}qZ#Xdka^Z2ys+8}VQmah)8?%2FEpt%TUM<>YQDwe(>5SW-oc?y*ZI=EEH1G*+TCDm+;$T`|Ee%jx7mp-H@&fP9r0kz43Ip z9s5YY=`OAheXqh`4%ZMo+X$IHn$-p{iRO~(;?SF1Lh7r}54T<@!)l8_Y7)kd$*$;W z#2&*5FeG7tHc>hAQR|Kno}sAF4zcrKZ7$4-QX5&lfgQ8jw)EF5u(a*v-D;<@_g3kuX!SmVg!5oGJ zSOKTnB)%j2R?h`cxG*jY_ZKVat+?E9HYfv+Nux6N2#lvauUs)ifc)3Y~PZJ{RDHA3dw_CO2dDZrF=>`Vq$IeV;a zkAOifOm&qua8r#`T56an0}ROXn5%`ZyT*T6I${wD0bWOq&chJBCah)apo||^q`k;Q zMVjxr;Q&3jZ7UWFDmzw(%aEsZj0?OY1iF@<&*(UQ%R(P67V$j*4RN~GoL6g-wWscy z(tOu73lrmLl`4Qhoc`OqD;T%_x1L9C$@`66=%jkWz zN{|Au?+7pS2WJ;Y@@QdA?cgK;yS^^6mFZ+k)A4|4WlpS@gE@uPZ1h{P85XP_J`pSi zi(&oX-BaBCyJw2e1=lH~S6u}k@i_3u{R-wfL}UzU?szL8UcKEpSS&Yu3u`i+_WLbH zB_|C4QG3j&xZ>H#BikNNBz)w%^!c_ge{~XciT+q&>%HSH<-p9P|v~2qrP9+#_>OL zB*0~R%ucKv>R(PHOY8)zS1+L_IS3%MPNoFV0J}{@^(35l(I^RIR?h_OF^p}K#H6D% zmDsViH{{rhsb_2*o>Q)XM(wmabdt7sJbz)^nI$4xW4sl&&~Js*j0D!=kF@k}?T5>E z{lpSAFkG}X{-3(~YDO#fgQCpAZ_L4?2ZC5cJ&GrGdcdTQXY3WYdaFhVo@*>w0^UE%eP8=Baa&ojyc?1_NodZ&wNdwCDIg36BvSKoz@ zt6xr*vko#mV%70-``J0i=lQ>?{B~iLkI2ROJy)sT!17a%Pkm?)15MCl;PBX>QBLWx zrxR_22cO8owgZnzuHG+6YwSy`Q~9L@{g5R~(09r3ZF}-1nZ4(PJO>h;sG;L>OR&kR zp-Z)khqVwPO}*2E!-1+^iR<+E^SXMAQu3M8?IW%*k$GqrPck(TawjvQ=|BC}mF3vM z*Oc)cxSPXio*AQa=hh;d@Bbo{NjUsn)hpoHPGTa%K<6w@xOp-gaoUpNrQJ;$;@c!fW=p#XkEkdZecvyz?+=w#XeD-@X<}C*#3xMeG(#nEK&(+oyfIHobVjetpgGsjOfdET-&@ zK$co^G?A*$=bD|ncLK%CK!rn#o$NTF&*W%u!#m;eYTjJz33uKZ-p!$NSN}r$qAjuL zf!bF>^jO!IX7SdPO^rJfmcZPq3f#%C8bfd3Gu?-}9YRMq!d?=_&XpQ!)-R`!@GX1T z4`$V%ud#riO8@RcA;NwhCRiM328$E2gMSKU4>+78{a&6p!V_AMPIB7SV?4g?*9%Ol zil7w)B!aO~nXyL0p{+s+f_Y{MMlMnKjtG8Vgl#TJ)5{zF#p*5=P89;-==bRP1YvwQ zc`GWyPRFh}WYLS^v~I0m@4>e0N;{{+r0k{K?+wK)0X81wniBiX)bXOUKaZT-*5Fsv z_6uxvZSe=hgYk+L;)>4MeCbpZ`qOX4Vq}GkOZIhHnKGQleqA*))ToB$^IN#(| zt=|wK0b?0Jf&bkF1E3`U_%|2GGHjF?XC1ym0~7DH>5ev<-!`qQ-1yz*oCBH{L6Z>pfWq;auxyYlrdB;~ zjcVvDMdnXmJHngkx!hh{C^TWw{>fJNQH9vK$=_FGJe5Zmh##NC{bnR7DZs8?yfX20 z^26V5P4v=+5jZ%c{u(N5TLu{Mk^5u{=R96c|J>C*p9kjvfzR_9E}s;z9T#QOnZF>E z&(`Gk$ut}nBS%wp5k}QIO-}g+*kTKZ8M>hy-_G#caFE)bC%|hfYjUEw^ktteP8dLx zg-#?~TV#<7V-x=`&TuZhB1Eu+Uv9u7;kT_+0!VE@3)# z;$C4#y*jBiZ8)mA1vwsdawYk-oDH(CXkK?2w&vgm#|9ku`GZ~IG!xCe6x)48EoEdR z#v`in7HnYyhvdu_`zEGqAPfBdaY4?Q76-$zDttU&{`ctAMbpreC+jA zu|g`eQ>Jh02G&acMsk>Z;`|+SMZibav1rZJd2JeeRk~@jnV7!ss#QN54^JS z(kB{+yCME+OJNZ8g=?#VSj|M_i!vd}kFy77GlRcXuD?#}r*NLF%FXG@kxcAxB3_ZI z@qAk~@zNB;V|bSxkE1T=7rgm z;mP-p8Ea{Bbp;_`q zTt}mkMYGc{Ske21=u!LvEzXeigG2k+1dV-57T0AA<9iEpaC~*j-F*!pcN%gYUL;ih8WgP_pc>3NU08)=kcj&XmgNx z0byYOy$YiJJ=?W%)rYi%}oa6UIIX@3i@){XFx#zFG(tx4wR zX-mL*E=~;`TF~MhPjG78&Ayn+a{Y}66Y+Y64uHensYU}coGP+sT-T2 z=J0E112-5-l1x&GHWgbmdGhIwpD9usGRwgBZ=(w3NCDwt$B}vI_RKDTw?+jgEakkZ zg^U+Vk-iiXF>$4{Vs@oO9&8_nc~Y9l8-Db%EmKXE?Vd+gg-zZcz+gZfS+pcmZWZwQ`Wwhn0i_DK!#Z3)e z@AN@pny$!xhSngsxs#6`Ibnml7MOHVn5Z_-%w zav_@2N~`K>?^+m}y+6s#y(0Be;@7GO=_L0!t+_IX#&V9=-qE4*I8jut=4no9Qb~+g z;�pxetj{A2>`0PPNWntl8xG{1&jzUHrjOGN7iG1sh|IDXja=3nLsmzb^w9n`*1~ z)Zf$JIyEsZ7PO{}Ve$NTw#X+&MsYIGi#1(}>iuM(9-$^tP2X;dzT1agYcZg#RB+9G zD&~@I*rk$X%_k^JK;t3Kz~&dx&fb-tQ)`xd$+ZNEep5~3C%gH*)Jhdt67qYgr7D>h zI~;T5fZNxogFz?ix&z32%hQtjgR$E7F`-QM(4+570c5W|J#udtF-P3-OTgaq&G0aW z(b1s7m%;;U1vJfuxrY{b_@V0oQNr!Bojt7B|2r7Gj-2AW7Uuz+6rv=5?Jt79i=5FqZ_f{p|aM82jJqL zE!TILaa?)J4AL6=2jB=O5SVfiDMEK`dep~Q9ls0eemMpW+=d#x(~I&jz5lf2=zA+r z|B~ytk9P*KZGj;>AOufIL5BsS1_wVQT7qj=jPx*C%Oq9?5F@t-s5rT%1!61;%dqx zm3{1eUSde_jHvrN;vRo^(4IcyBdSk@)w3LZ(fg3QX4{uQOYo6DZ#%VSLfk1gd~BY~ z>+xA5H;woDwaU1Yd7scy>t_cFtGF>Ng8Ip)9xJ{u#zbs~D!5GQb4e_HoVrz zi)V(f9|?&+Ad1QRG2X4fujY=5*s2Y3n8pA{|4~7^McXcGSZGFoPp@K79dmz+l-@HT zVT>TSn4J+5x2!kxITVeSfR`Y>uKmSrl}VFR9OM2JV689_SJP z9Ab%e?c!d`NN3wDcZjS8t7Cj4olRU3rdi4+m@Z%OY z?Q&`YxPm#MHrPWJPyKM}0+!xXsLVkJ~X%D5zxgjf?1sD%#9b z`JSLYp9|Zj6IvMmsPMC5HX!d~sNH-MQN=c#*|7dt+5RMW=G0_~AywArpdB-d4BOtg zi^cwopU=H)x5+BZ8=b=tsU3kb7l+PLmEtaZk0?pr16z?*8jp1@irFjAD*o z#jXulh(T2qucb(WcXh}h+1TQ#J?4bRhbXilcKlhVud4^JrA_(V;8S^ymkEW>--B0z zbAw8-V<{?^WCscR8DLJv%rPHU+};jP8L%s`Sr`5G=gTez5k&4R*)zuO3>?W91>?B^6db`KHQH-C1aZ}4WrG$)C%ula-`P44rM*lP~iN@25<<{TFH zbVA&ABZs`!*&}HwFp!;Qckd=_s*jN@$?}tQn$~}%nE~6zO6+>zr#3jn{8Gs(*-gda zZsNZz#n$|}?T^0m_7qY2OC7h`KH8Zo5<|0E8`ttgh4lT;H0h66O5zfF>|1ns!Yh47 zMoOJ(uw+q>Sz6#WH;%ya8_qKkS59hh#_Nww;Va3_s^Af5SU8>rvgu>?FoU$1kaE2VEcrAjJ* zJ6C`=Ee#;OYnQs0I332<-xcx!)%%jCUu%^`vgh%tEE+P!&=~SPzSZ{K9rg;S$V+|_ z8%r{o9a_`#6-@jwRUuNN|K=vUz`SRoQ%LnE)9JhiW=50}c0!Y)!No)@!t`{jDf#Bw zPf<@pUvH`9$pBWcwR(Zwemv&hylDTEF7z4OZ^HvwP~R`!D-BGhSCcOCf#JP5(GNDr z3wc!U&ZDoUm4pMy7gJr~=abvwSp?Cd2d{IZZf!H=Z(1qWE9{4cD@j9bvrXyDPfQ7l ze!K+n($HHj<8)+)w{m&}qnRFDff(1J1zcA-^gyDLd+Q6y3>~L-qgG?jj-c|vP&BY; z<&aT%igUw_5cplj|5DRLV8V3WF%9g^NgDcE#oi%@*EQRGTx)Ff#qw$8Y8-1u;oS;Y zVLpZr@{Wy-+9x?xJ94|v_sO91H*Oj6B>;HDXS05eb!?@qW!=}2N}+AmUgKvvPAgzL zX8F~ptJ5#)IJse;Pv>XMsy>n+e(5Vb*xt}^eVh8rKUZ84)uF{By=g;Dm93xB>|O~z z014`q{?J+4uBkFyrZ^P?_Sj>$<1y1K`N8KX5<$F)7^j9Sjot9;mX}16vPXz}_;5G; z454D$aUbnvaH7exA^LHE{v)LBKy?8Yt4q#SX8lcFOpC<6-_D9*mwJ zcLDsuRmmu3OM%shrJ{ARa3R2B(#cqgSrs1tLju$68g9tL-VBziPdwx-z_QFbG?9KqPl0^bbE5RNBF(vG%R4kLdVnGUk;|D#f z4?HUABAZ+R;7YbwOZjTz7w+qOr^c~M=o}rV)~*P7`Z{Cr6SIkRo}h3~QNz(&0R~5& zs-i@v_ZR5rnQ&URZ>E=gqLTY#>l{H?(yHje&B0#FGw1fjOolRxnaUxp(Zx0SQZ3IK zW;f|_Ds4R;B=ri<`fBZyn)#cbHYGi5vB}2?} zI1}r`R{mIASc?8CujRx?ldXEuyW!bLV^M3=C|y>ue*@_)AM<5FALAB|CC=!JhE})!*3182p}Q;&sqN4QZ6TtJ1#OyT(xtvcnDlSRi zGOFNAHnS8oF2}~3Bt<)l)uKZ06S|3tKuzQ$^Qr4F!yx; literal 0 HcmV?d00001 diff --git a/src/content/chainlink-nodes/configuring-nodes.mdx b/src/content/chainlink-nodes/configuring-nodes.mdx index 6c8ed77e60f..098e0fcd035 100644 --- a/src/content/chainlink-nodes/configuring-nodes.mdx +++ b/src/content/chainlink-nodes/configuring-nodes.mdx @@ -22,7 +22,7 @@ You can generate the `config.toml` file using the `chainlink config dump` comman docker exec -it chainlink bash ``` -1. Log in to the Chainlink CLI with an account that has admin access: +1. Log in to the Chainlink CLI with an account that has [`admin`](/chainlink-nodes/v1/roles-and-access#roles-and-access) access: ```shell chainlink admin login diff --git a/src/content/chainlink-nodes/external-adapters/node-operators.mdx b/src/content/chainlink-nodes/external-adapters/node-operators.mdx index f9f02900634..827894fa868 100644 --- a/src/content/chainlink-nodes/external-adapters/node-operators.mdx +++ b/src/content/chainlink-nodes/external-adapters/node-operators.mdx @@ -8,7 +8,7 @@ import { Aside } from "@components" You can add external adapters to a Chainlink node by creating a bridge in the Node Operators Interface. Each bridge must have a unique name and a URL for the external adapter. If a job has a [Bridge Task](/chainlink-nodes/oracle-jobs/all-tasks/#bridge-task), the node searches for a bridge by name and uses that bridge as your external adapter. Bridge names are case insensitive. -To create a bridge on the node, go to the **Create Bridge** tab in the Node Operators Interface. Specify a name for the bridge, the URL for your external adapter, and optionally specify the minimum contract payment and number of confirmations for the bridge. Minimum contract payment is a fee paid in LINK for the Chainlink node making a call to the external adapter via the bridge. This fee is in addition to the fee specified at the global node level for processing job requests. +You must have an [`edit`](/chainlink-nodes/v1/roles-and-access#roles-and-access) or [`admin`](/chainlink-nodes/v1/roles-and-access#roles-and-access) role to create, edit, or delete a bridge on the node. Go to the **Create Bridge** tab in the Node Operators Interface. Specify a name for the bridge, the URL for your external adapter, and optionally specify the minimum contract payment and number of confirmations for the bridge. Minimum contract payment is a fee paid in LINK for the Chainlink node making a call to the external adapter via the bridge. This fee is in addition to the fee specified at the global node level for processing job requests. ![Node UI New Bridge Screen](/files/ea-new-bridge.png) diff --git a/src/content/chainlink-nodes/external-initiators/external-initiators-in-nodes.mdx b/src/content/chainlink-nodes/external-initiators/external-initiators-in-nodes.mdx index c4b37e44545..f2a04086489 100644 --- a/src/content/chainlink-nodes/external-initiators/external-initiators-in-nodes.mdx +++ b/src/content/chainlink-nodes/external-initiators/external-initiators-in-nodes.mdx @@ -13,7 +13,7 @@ import { Aside } from "@components" ## Creating an external initiator -To create an external initiator you must use the remote API. You can do this yourself, like so: +To create an external initiator, you must have an [`edit`](/chainlink-nodes/v1/roles-and-access#roles-and-access) or [`admin`](/chainlink-nodes/v1/roles-and-access#roles-and-access) role and use the remote API. Execute the following command: {/* prettier-ignore */} ```text @@ -100,7 +100,7 @@ To try a real-life example, feel free to follow along with the If using Docker, you will first need to follow the [Execute Commands Running Docker](#execute-commands-running-docker) @@ -135,7 +135,7 @@ Updated: 2023-04-26 08:12:51.340348 +0000 UTC ### Create a new ETH Key -To create a key in the node's keystore alongside the existing keys, run the following command: +To create a key in the node's keystore alongside the existing keys, you must have an [`edit`](/chainlink-nodes/v1/roles-and-access#roles-and-access) or [`admin`](/chainlink-nodes/v1/roles-and-access#roles-and-access) role. Run the following command: ```shell chainlink keys eth create @@ -161,7 +161,7 @@ Max Gas Price Wei: 1157920892373161954235709850086879078532699846656405640394575 ### Export an ETH key -To export an Ethereum key to a JSON file, run the following command: +To export an Ethereum key to a JSON file, , you must have an [`admin`](/chainlink-nodes/v1/roles-and-access#roles-and-access) role. Run the following command: ```shell chainlink keys eth export [address] [command options] @@ -186,7 +186,7 @@ chainlink keys eth export 0xd31961E1f62A2FaB824AC3C1A7a332daF8B11eE0 --newpasswo ### Delete an ETH key -To remove an Ethereum key, run the following command: +To remove an Ethereum key, you must have an [`admin`](/chainlink-nodes/v1/roles-and-access#roles-and-access) role. Run the following command: ```shell chainlink keys eth delete [address] [command options] @@ -209,7 +209,7 @@ Deleted ETH key: 0xd31961E1f62A2FaB824AC3C1A7a332daF8B11eE0 ### Import an ETH key -To import an Ethereum key from a JSON file, run the following command: +To import an Ethereum key from a JSON file, you must have an [`admin`](/chainlink-nodes/v1/roles-and-access#roles-and-access) role. Run the following command: ```shell chainlink keys eth import [JSON file] [command options] diff --git a/src/content/chainlink-nodes/v1/roles-and-access.mdx b/src/content/chainlink-nodes/v1/roles-and-access.mdx index 275b9780fde..4fbe7507835 100644 --- a/src/content/chainlink-nodes/v1/roles-and-access.mdx +++ b/src/content/chainlink-nodes/v1/roles-and-access.mdx @@ -4,27 +4,15 @@ date: Last Modified title: "Role-Based Access Control (RBAC)" --- -Chainlink Nodes allow the root admin CLI user and any additional admin users to create and assign tiers of role-based access to new users. These new API users can able to log in to the Operator UI independently. +import { Aside } from "@components" -Each user has a specific role assigned to their account. There are four roles: `admin`, `edit`, `run`, and `view`. +Chainlink Nodes allow the root admin CLI user and additional admin users to assign role-based access tiers. This approach grants specific access to multiple users without providing admin privileges to all users. -If there are multiple users who need specific access to manage the Chainlink Node instance, permissions and level of access can be set here. +These new API users can log in to the Operator UI independently. -User management is configured through the use of the admin `chainlink admin users` command. Run `chainlink admin login` before you set user roles for other accounts. For example, a view-only user can be created with the following command: +## Roles and access -```shell -chainlink admin users create --email=operator-ui-view-only@test.com --role=view -``` - -To modify permissions or delete existing users, run the `admin users chrole` or `admin users delete` commands. Use the `-h` flag to get a full list of options for these commands: - -```shell -chainlink admin users chrole -h -``` - -```shell -chainlink admin users delete -h -``` +Each user has a specific role assigned to their account. There are four roles: `admin`, `edit`, `run`, and `view`. Specific actions are enabled to check role-based access before they execute. The following table lists the actions that have role-based access and the role that is required to run that action: @@ -84,4 +72,69 @@ Specific actions are enabled to check role-based access before they execute. The | Edit user | | | | X | | List users | | | | X | -The run command allows for minimal interaction and only enables the ability to replay a specific block number and kick off a job run. +## Configure users and roles + +You can only use the CLI to configure role-based access. + +### Prerequisites + +Only admins can configure role-based access. Connect to the Chainlink node container and log in as an admin before you create, modify, or delete user roles for other accounts: + +1. Open an interactive shell session on the container that is running your node: + + ```shell + docker exec -it chainlink /bin/bash + ``` + +1. Log into the Chainlink CLI: + + ```shell + chainlink admin login + ``` + + The CLI prompts you for the admin credentials that you configured for your node. + + + +### View the current list of users + +To view the current list of users, run the following command: + +```shell +chainlink admin users list +``` + +### Create a new user with a specific role + +For example, you can create a user with view-only permissions on the node with the following command: + +```shell +chainlink admin users create --email=operator-ui-view-only@test.com --role=view +``` + +This user can now log into the UI and query the API, but cannot change any settings or jobs. + +### Modify a user role and permissions + +To modify permissions, run the `admin users chrole` command. Use the `-h` flag to get a complete list of options for these commands: + +```shell +chainlink admin users chrole -h +``` + +### Delete a user role and permissions + +To delete existing users, run the `admin users delete` command. Use the `-h` flag to get a complete list of options for these commands: + +```shell +chainlink admin users delete -h +``` diff --git a/src/pages/chainlink-nodes.astro b/src/pages/chainlink-nodes.astro index 62eea5423fd..1307d76ba75 100644 --- a/src/pages/chainlink-nodes.astro +++ b/src/pages/chainlink-nodes.astro @@ -34,6 +34,25 @@ import styles from "@features/landing/styles/EthereumLandingPage.module.css" /> +
+ +

Manage Node User Roles and Permissions

+

Configure user access and roles on your Node for tailored permissions.

+ + {"Learn More"} + Right arrow + +
Date: Tue, 5 Mar 2024 15:37:06 +0100 Subject: [PATCH 2/4] Update NOP - RBAC --- .../external-adapters/node-operators.mdx | 12 ++++++++++-- .../external-initiators-in-nodes.mdx | 4 ++++ src/content/chainlink-nodes/oracle-jobs/jobs.mdx | 4 +++- 3 files changed, 17 insertions(+), 3 deletions(-) diff --git a/src/content/chainlink-nodes/external-adapters/node-operators.mdx b/src/content/chainlink-nodes/external-adapters/node-operators.mdx index 827894fa868..3a792b549d8 100644 --- a/src/content/chainlink-nodes/external-adapters/node-operators.mdx +++ b/src/content/chainlink-nodes/external-adapters/node-operators.mdx @@ -6,9 +6,17 @@ title: "Bridges: Adding External Adapters to Nodes" import { Aside } from "@components" -You can add external adapters to a Chainlink node by creating a bridge in the Node Operators Interface. Each bridge must have a unique name and a URL for the external adapter. If a job has a [Bridge Task](/chainlink-nodes/oracle-jobs/all-tasks/#bridge-task), the node searches for a bridge by name and uses that bridge as your external adapter. Bridge names are case insensitive. +You can add external adapters to a Chainlink node by creating a bridge in the Node Operators Interface. -You must have an [`edit`](/chainlink-nodes/v1/roles-and-access#roles-and-access) or [`admin`](/chainlink-nodes/v1/roles-and-access#roles-and-access) role to create, edit, or delete a bridge on the node. Go to the **Create Bridge** tab in the Node Operators Interface. Specify a name for the bridge, the URL for your external adapter, and optionally specify the minimum contract payment and number of confirmations for the bridge. Minimum contract payment is a fee paid in LINK for the Chainlink node making a call to the external adapter via the bridge. This fee is in addition to the fee specified at the global node level for processing job requests. +## Users access to Bridges + +Chainlink Nodes have a [role-based access control](/chainlink-nodes/v1/roles-and-access) system. Ensure you assign the appropriate role to users who manage bridges. + +## Create a Bridge + +Each bridge must have a unique name and a URL for the external adapter. If a job has a [Bridge Task](/chainlink-nodes/oracle-jobs/all-tasks/#bridge-task), the node searches for a bridge by name and uses that bridge as your external adapter. Bridge names are case insensitive. + +To create a bridge on the node, go to the **Create Bridge** tab in the Node Operators Interface. Specify a name for the bridge, the URL for your external adapter, and optionally specify the minimum contract payment and number of confirmations for the bridge. Minimum contract payment is a fee paid in LINK for the Chainlink node making a call to the external adapter via the bridge. This fee is in addition to the fee specified at the global node level for processing job requests. ![Node UI New Bridge Screen](/files/ea-new-bridge.png) diff --git a/src/content/chainlink-nodes/external-initiators/external-initiators-in-nodes.mdx b/src/content/chainlink-nodes/external-initiators/external-initiators-in-nodes.mdx index f2a04086489..88a848dae24 100644 --- a/src/content/chainlink-nodes/external-initiators/external-initiators-in-nodes.mdx +++ b/src/content/chainlink-nodes/external-initiators/external-initiators-in-nodes.mdx @@ -11,6 +11,10 @@ import { Aside } from "@components" variable](/chainlink-nodes/v1/configuration) to enable this feature. +## Users access to external initiators + +Chainlink Nodes have a [role-based access control](/chainlink-nodes/v1/roles-and-access) system. Ensure you assign the appropriate role to users who manage external initiators. + ## Creating an external initiator To create an external initiator, you must have an [`edit`](/chainlink-nodes/v1/roles-and-access#roles-and-access) or [`admin`](/chainlink-nodes/v1/roles-and-access#roles-and-access) role and use the remote API. Execute the following command: diff --git a/src/content/chainlink-nodes/oracle-jobs/jobs.mdx b/src/content/chainlink-nodes/oracle-jobs/jobs.mdx index f049625bdbd..b624ed5aea9 100644 --- a/src/content/chainlink-nodes/oracle-jobs/jobs.mdx +++ b/src/content/chainlink-nodes/oracle-jobs/jobs.mdx @@ -26,7 +26,9 @@ Chainlink nodes require jobs to do anything useful. For example, posting asset p Jobs are represented by TOML specifications. -You must have an [`edit`](/chainlink-nodes/v1/roles-and-access#roles-and-access) or [`admin`](/chainlink-nodes/v1/roles-and-access#roles-and-access) role to create or delete a job. +## Users access to Jobs + +Chainlink Nodes have a [role-based access control](/chainlink-nodes/v1/roles-and-access) system. Ensure you assign the appropriate role to users who manage jobs. ## Example v2 job spec From 79eb29ab804811a1ba7a7fd725e5346646088c66 Mon Sep 17 00:00:00 2001 From: Karim <98668332+khadni@users.noreply.github.com> Date: Wed, 6 Mar 2024 10:33:01 +0100 Subject: [PATCH 3/4] Update NOP - RBAC --- .../chainlink-nodes/external-adapters/node-operators.mdx | 1 + .../external-initiators/external-initiators-in-nodes.mdx | 1 + .../chainlink-nodes/resources/best-security-practices.mdx | 4 ++++ src/content/chainlink-nodes/resources/miscellaneous.mdx | 8 ++++++-- src/content/chainlink-nodes/v1/fulfilling-requests.mdx | 5 ++++- src/content/chainlink-nodes/v1/using-forwarder.mdx | 1 + 6 files changed, 17 insertions(+), 3 deletions(-) diff --git a/src/content/chainlink-nodes/external-adapters/node-operators.mdx b/src/content/chainlink-nodes/external-adapters/node-operators.mdx index 3a792b549d8..12718d5a049 100644 --- a/src/content/chainlink-nodes/external-adapters/node-operators.mdx +++ b/src/content/chainlink-nodes/external-adapters/node-operators.mdx @@ -2,6 +2,7 @@ section: nodeOperator date: Last Modified title: "Bridges: Adding External Adapters to Nodes" +whatsnext: { "Assign role-based access tiers to users": "/chainlink-nodes/v1/roles-and-access" } --- import { Aside } from "@components" diff --git a/src/content/chainlink-nodes/external-initiators/external-initiators-in-nodes.mdx b/src/content/chainlink-nodes/external-initiators/external-initiators-in-nodes.mdx index 88a848dae24..30d0796a44c 100644 --- a/src/content/chainlink-nodes/external-initiators/external-initiators-in-nodes.mdx +++ b/src/content/chainlink-nodes/external-initiators/external-initiators-in-nodes.mdx @@ -2,6 +2,7 @@ section: nodeOperator date: Last Modified title: "Adding External Initiators to Nodes" +whatsnext: { "Assign role-based access tiers to users": "/chainlink-nodes/v1/roles-and-access" } --- import { Aside } from "@components" diff --git a/src/content/chainlink-nodes/resources/best-security-practices.mdx b/src/content/chainlink-nodes/resources/best-security-practices.mdx index 6472dc08b23..f273d2530a4 100644 --- a/src/content/chainlink-nodes/resources/best-security-practices.mdx +++ b/src/content/chainlink-nodes/resources/best-security-practices.mdx @@ -66,6 +66,10 @@ Due to the early nature of the software, it may be required to perform frequent On performing system maintenance to update the Chainlink node, follow [this](/chainlink-nodes/resources/performing-system-maintenance/#failover-node-example) guide. +## Role-based Access Control (RBAC) + +Use Chainlink Nodes [role-based access](/chainlink-nodes/v1/roles-and-access) tiers to grant specific access to multiple users without providing admin privileges to all users. + ## Jobs and Config The following are suggestions for job specifications and configuration settings for the node. diff --git a/src/content/chainlink-nodes/resources/miscellaneous.mdx b/src/content/chainlink-nodes/resources/miscellaneous.mdx index 08252a5d3bf..e719d5ea4d5 100644 --- a/src/content/chainlink-nodes/resources/miscellaneous.mdx +++ b/src/content/chainlink-nodes/resources/miscellaneous.mdx @@ -2,7 +2,11 @@ section: nodeOperator date: Last Modified title: "Miscellaneous" -whatsnext: { "Security and Operation Best Practices": "/chainlink-nodes/resources/best-security-practices" } +whatsnext: + { + "Security and Operation Best Practices": "/chainlink-nodes/resources/best-security-practices", + "Assign role-based access tiers to users": "/chainlink-nodes/v1/roles-and-access", + } --- import { Aside } from "@components" @@ -96,7 +100,7 @@ It will ask for your old password first, then ask for the new password and a con Once complete, you should see a message "Password updated." -## Multi-user and Role Based Access Control (RBAC) +## Multi-user and Role-Based Access Control (RBAC) See the [Roles and Access Control](/chainlink-nodes/v1/roles-and-access) page. diff --git a/src/content/chainlink-nodes/v1/fulfilling-requests.mdx b/src/content/chainlink-nodes/v1/fulfilling-requests.mdx index 00ff543152a..dd6bbbd5437 100644 --- a/src/content/chainlink-nodes/v1/fulfilling-requests.mdx +++ b/src/content/chainlink-nodes/v1/fulfilling-requests.mdx @@ -6,6 +6,7 @@ whatsnext: { "Performing System Maintenance": "/chainlink-nodes/resources/performing-system-maintenance", "v2 Jobs": "/chainlink-nodes/oracle-jobs/jobs", + "Assign role-based access tiers to users": "/chainlink-nodes/v1/roles-and-access", "Security and Operation Best Practices": "/chainlink-nodes/resources/best-security-practices", } metadata: @@ -101,7 +102,9 @@ Your node works with several different types of addresses. Each address type has You will create a job that calls an OpenAPI , parses the response and then return a `uint256`. -1. In the Chainlink Operator UI on the **Jobs** tab, click **New Job**. +1. Log in to the Chainlink Operator UI with an [admin](/chainlink-nodes/v1/roles-and-access#roles-and-access) or [edit](/chainlink-nodes/v1/roles-and-access#roles-and-access) role account. + +1. On the **Jobs** tab, click **New Job**. ![The new job button.](/images/chainlink-nodes/node-operators/new-job-button.png) diff --git a/src/content/chainlink-nodes/v1/using-forwarder.mdx b/src/content/chainlink-nodes/v1/using-forwarder.mdx index 08210fefaab..df809ba879b 100644 --- a/src/content/chainlink-nodes/v1/using-forwarder.mdx +++ b/src/content/chainlink-nodes/v1/using-forwarder.mdx @@ -2,6 +2,7 @@ section: nodeOperator date: Last Modified title: "Forwarder tutorial" +whatsnext: { "Assign role-based access tiers to users": "/chainlink-nodes/v1/roles-and-access" } metadata: title: "Chainlink Node Operators: Forwarder tutorial" description: "Use a forwarder contract for more security and flexibility." From 8ad86e171829a6b716e40d00e0ccfe5143a437eb Mon Sep 17 00:00:00 2001 From: Karim H <98668332+khadni@users.noreply.github.com> Date: Thu, 7 Mar 2024 21:37:07 +0100 Subject: [PATCH 4/4] Update src/content/chainlink-nodes/v1/fulfilling-requests.mdx Co-authored-by: Crystal Gomes --- src/content/chainlink-nodes/v1/fulfilling-requests.mdx | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/content/chainlink-nodes/v1/fulfilling-requests.mdx b/src/content/chainlink-nodes/v1/fulfilling-requests.mdx index dd6bbbd5437..9f4a70645f3 100644 --- a/src/content/chainlink-nodes/v1/fulfilling-requests.mdx +++ b/src/content/chainlink-nodes/v1/fulfilling-requests.mdx @@ -102,7 +102,7 @@ Your node works with several different types of addresses. Each address type has You will create a job that calls an OpenAPI , parses the response and then return a `uint256`. -1. Log in to the Chainlink Operator UI with an [admin](/chainlink-nodes/v1/roles-and-access#roles-and-access) or [edit](/chainlink-nodes/v1/roles-and-access#roles-and-access) role account. +1. Log in to the Chainlink Operator UI with an [`admin`](/chainlink-nodes/v1/roles-and-access#roles-and-access) or [`edit`](/chainlink-nodes/v1/roles-and-access#roles-and-access) role account. 1. On the **Jobs** tab, click **New Job**.