User Groups and Roles
This overview describes the groups and roles that are relevant to Oracle Blockchain Platform. Anyone who uses or administers Oracle Blockchain Platform must be added to the authentication server and granted the correct group.
Groups
Below are the group roles that are available for Oracle Blockchain Platform.
| User Role | LDAP Group Name in LDAP | Description |
|---|---|---|
| Application | OBP_<platform-name>_<instance-name> |
Security identifier for an individual instance. |
| Control Plane Management | OBP_<platform-name>_CP_ADMIN |
User can provision a new Oracle Blockchain Platform instance, configure existing instances, set the LDAP configuration, and perform life cycle operations on Oracle Blockchain Platform instances. A user must be a member of this group to be able to log in to the Blockchain Platform Manager or create an instance. |
| CA Administrator | OBP_<platform-name>_<instance-name>_CA_ADMIN |
The CA Admin group is the bootstrap and overall administrator for the Oracle Blockchain Platform application. Users must be part of this group to create an instance. |
| Instance Administrator | OBP_<platform-name>_<instance-name>_ADMIN |
Users in this group can manage instances via the console UI or REST. Users must be part of this group to create an instance. See the table in Access Control List for Console Function by User Roles for a complete list of console functions available for this user role. |
| Instance User | OBP_<platform-name>_<instance-name>_USER |
Users in this group can view instance via console UI or REST See the table in Access Control List for Console Function by User Roles for a complete list of console functions available for this user role. |
| REST Proxy Client | OBP_<platform-name>_<instance-name>_REST | Users in this group can call REST proxy to execute transactions using the default enrollment. |
Access Control List for Console Function by User Roles
The following table lists which console features are available to the Instance Administrator and Instance User roles.
| Feature | Instance Administrator | Instance User |
|---|---|---|
|
Dashboard |
Yes |
Yes |
|
Network: list orgs |
Yes |
Yes |
|
Network: add orgs |
Yes |
No |
|
Network: Ordering service setting |
Yes |
No |
|
Network: Export certificates |
Yes |
No |
|
Network: Export orderer settings |
Yes |
Yes |
|
Node: list |
Yes |
Yes |
|
Node: start/stop/restart |
Yes |
No |
|
Node: view attributes |
Yes |
Yes |
|
Node: edit attributes |
Yes |
No |
|
Node: view metrics |
Yes |
Yes |
|
Node: Export/Import Peers |
Yes |
No |
|
Peer Node: list channels |
Yes |
Yes |
|
Peer Node: join channel |
Yes |
No |
|
Peer Node: list chaincode |
Yes |
Yes |
|
Channel: list |
Yes |
Yes |
|
Channel: create |
Yes |
No |
|
Channel: add org to channel |
Yes |
No |
|
Channel: Update ordering service settings |
Yes |
No |
|
Channel: view/query ledger |
Yes |
Yes |
|
Channel: list instantiated chaincode |
Yes |
Yes |
|
Channel: list joined peers |
Yes |
Yes |
|
Channel: set anchor peer |
Yes |
No |
|
Channel: upgrade chaincode |
Yes |
No |
|
Chaincode: list |
Yes |
Yes |
|
Chaincode: install |
Yes |
No |
|
Chaincode: instantiate |
Yes |
No |
|
Sample chaincode: install |
Yes |
No |
|
Sample chaincode: instantiate |
Yes |
No |
|
Sample chaincode: invoke |
Yes |
Yes |
|
CRL |
Yes |
No |