diff options
author | Florian Dold <florian@dold.me> | 2021-01-20 21:07:47 +0100 |
---|---|---|
committer | Florian Dold <florian@dold.me> | 2021-01-20 21:07:47 +0100 |
commit | a1869a5950c97042f7c2570c99a7d6a648758f80 (patch) | |
tree | 89f6b7ddc7392c6b8eaeab7884561e435f424b19 /libeufin/nexus-tutorial.rst | |
parent | 93a3b61d241b20e36f7303bbba90c82f609ce1f6 (diff) | |
download | docs-a1869a5950c97042f7c2570c99a7d6a648758f80.tar.gz docs-a1869a5950c97042f7c2570c99a7d6a648758f80.tar.bz2 docs-a1869a5950c97042f7c2570c99a7d6a648758f80.zip |
libeufin permissions and user management
Diffstat (limited to 'libeufin/nexus-tutorial.rst')
-rw-r--r-- | libeufin/nexus-tutorial.rst | 44 |
1 files changed, 44 insertions, 0 deletions
diff --git a/libeufin/nexus-tutorial.rst b/libeufin/nexus-tutorial.rst index 8c0d941f..6ef78829 100644 --- a/libeufin/nexus-tutorial.rst +++ b/libeufin/nexus-tutorial.rst @@ -446,3 +446,47 @@ existing bank account / connection pair. At this point, the additional *taler-wire-gateway* (FIXME: link here to API here) API becomes offered by the Nexus. The purpose is to let a Taler exchange to rely on Nexus to manage its bank account. + + +Managing Permissions and Users +============================== + +This guide has so far assumed that a superuser is accessing the LibEuFin Nexus. +However, it is advisable that the Nexus is accessed with users that only have a +minimal set of permissions. + +The Nexus currently only has support for giving non-superusers access to Taler +wire gateway facades. + +To create a new user, use the ``users`` subcommand of the CLI: + +.. code-block:: console + + $ libeufin-cli users list + # [ ... shows available users ... ] + + $ libeufin-cli users create $USERNAME + # [ ... will prompt for password ... ] + +Permissions are managed with the ``permissions`` subcommand. +The following commands grant permissions to view the transaction history +and create payment initiations with a Taler wire gateway facade: + + +.. code-block:: console + + $ libeufin-cli permissions grant \ + user $USERNAME \ + facade $FACADENAME \ + facade.talerWireGateway.history + + $ libeufin-cli permissions grant \ + user $USERNAME \ + facade $FACADENAME \ + facade.talerWireGateway.transfer + +The list of all granted permissions can be reviewed: + +.. code-block:: console + + $ libeufin-cli permissions list |