Role-based access control permissions
The following tables list the permissions for role-based access control. Each permission has a list of allowed REST endpoints.
Ethereum accounts
| Name | Description | Allowed endpoints |
|---|---|---|
read:ethereum | Allows reading operations over Ethereum accounts | Get, list, get deleted, list deleted |
write:ethereum | Allows creating Ethereum accounts | Create, import, update |
delete:ethereum | Allows soft-deleting Ethereum accounts | Delete, restore |
destroy:ethereum | Allows permanently deleting Ethereum accounts | Delete, restore, destroy |
sign:ethereum | Allows signing and verifying signatures | All sign endpoints, EC recover |
encrypt:ethereum | Allows encryption and decryption | Encrypt, decrypt |
Keys
| Name | Description | Allowed endpoints |
|---|---|---|
read:key | Allows reading operations over keys | Get, list, get deleted, list deleted |
write:key | Allows creating keys | Create, import, update |
delete:key | Allows soft-deleting keys | Delete, restore |
destroy:key | Allows permanently deleting keys | Delete, restore, destroy |
sign:key | Allows signing and verifying signatures | Sign |
encrypt:key | Allows encryption and decryption | Encrypt, decrypt |
Secrets
| Name | Description | Allowed endpoints |
|---|---|---|
read:secret | Allows reading operations over secrets | Get, list, get deleted, list deleted |
write:secret | Allows creating secrets | Set, update |
delete:secret | Allows soft-deleting secrets | Delete, restore |
destroy:secret | Allows permanently deleting secrets | Delete, restore, destroy |
Alias
| Name | Description | Allowed endpoints |
|---|---|---|
read:alias | Allows reading aliases over registries | Get, list |
write:alias | Allows creating aliases | Create, update |
delete:alias | Allows deleting aliases | Delete |
Nodes
| Name | Description |
|---|---|
proxy:nodes | Allows you to proxy traffic into nodes |