NEW

Chainlink Data Streams have officially launched on mainnet. Sign up for early access.

Back

Role-Based Access Control (RBAC)

Chainlink Nodes allow the root admin CLI user and additional admin users to assign role-based access tiers. This approach grants specific access to multiple users without providing admin privileges to all users.

These new API users can log in to the Operator UI independently.

Roles and access

Each user has a specific role assigned to their account. There are four roles: admin, edit, run, and view.

Specific actions are enabled to check role-based access before they execute. The following table lists the actions that have role-based access and the role that is required to run that action:

ActionViewRunEditAdmin
Update passwordXXXX
Create self API tokenXXXX
Delete self API tokenXXXX
List external initiatorsXXXX
Create external initiatorXX
Delete external initiatorXX
List bridgesXXXX
View bridgeXXXX
Create bridgeXX
Edit bridgeXX
Delete bridgeXX
View configXXXX
Update configX
Dump env/configX
View transaction attemptsXXXX
View transaction attempts EVMXXXX
View transactionsXXXX
Replay a specific block numberXXX
List keys (CSA,ETH,OCR(2),P2P,Solana,Terra)XXXX
Create keys (CSA,ETH,OCR(2),P2P,Solana,Terra)XX
Delete keys (CSA,ETH,OCR(2),P2P,Solana,Terra)X
Import keys (CSA,ETH,OCR(2),P2P,Solana,Terra)X
Export keys (CSA,ETH,OCR(2),P2P,Solana,Terra)X
List jobsXXXX
View jobXXXX
Create jobXX
Delete jobXX
List pipeline runsXXXX
View job runsXXXX
Delete job spec errorsXX
View featuresXXXX
View logXXXX
Update logX
List chainsXXXX
View chainXXXX
Create chainXX
Update chainXX
Delete chainXX
View nodesXXXX
Create nodeXX
Update nodeXX
Delete nodeXX
View forwardersXXXX
Create forwarderXX
Delete forwarderXX
Create job runXXX
Create Transfer EVMX
Create Transfer TerraX
Create Transfer SolanaX
Create userX
Delete userX
Edit userX
List usersX

Configure users and roles

You can only use the CLI to configure role-based access.

Prerequisites

Only admins can configure role-based access. Connect to the Chainlink node container and log in as an admin before you create, modify, or delete user roles for other accounts:

  1. Open an interactive shell session on the container that is running your node:

    docker exec -it chainlink /bin/bash
  2. Log into the Chainlink CLI:

    chainlink admin login

    The CLI prompts you for the admin credentials that you configured for your node.

View the current list of users

To view the current list of users, run the following command:

chainlink admin users list

Create a new user with a specific role

For example, you can create a user with view-only permissions on the node with the following command:

chainlink admin users create --email=operator-ui-view-only@test.com --role=view

This user can now log into the UI and query the API, but cannot change any settings or jobs.

Modify a user role and permissions

To modify permissions, run the admin users chrole command. Use the -h flag to get a complete list of options for these commands:

chainlink admin users chrole -h

Delete a user role and permissions

To delete existing users, run the admin users delete command. Use the -h flag to get a complete list of options for these commands:

chainlink admin users delete -h

Stay updated on the latest Chainlink news