Role-Based Access Control (RBAC)

Chainlink Nodes allow the root admin CLI user and any additional admin users to create and assign tiers of role-based access to new users. These new API users can able to log in to the Operator UI independently.

Each user has a specific role assigned to their account. There are four roles: admin, edit, run, and view.

If there are multiple users who need specific access to manage the Chainlink Node instance, permissions and level of access can be set here.

User management is configured through the use of the admin chainlink admin users command. Run chainlink admin login before you set user roles for other accounts. For example, a view-only user can be created with the following command:

chainlink admin users create --email=operator-ui-view-only@test.com --role=view

To modify permissions or delete existing users, run the admin users chrole or admin users delete commands. Use the -h flag to get a full list of options for these commands:

chainlink admin users chrole -h
chainlink admin users delete -h

Specific actions are enabled to check role-based access before they execute. The following table lists the actions that have role-based access and the role that is required to run that action:

ActionViewRunEditAdmin
Update passwordXXXX
Create self API tokenXXXX
Delete self API tokenXXXX
List external initiatorsXXXX
Create external initiatorXX
Delete external initiatorXX
List bridgesXXXX
View bridgeXXXX
Create bridgeXX
Edit bridgeXX
Delete bridgeXX
View configXXXX
Update configX
Dump env/configX
View transaction attemptsXXXX
View transaction attempts EVMXXXX
View transactionsXXXX
Replay a specific block numberXXX
List keys (CSA,ETH,OCR(2),P2P,Solana,Terra)XXXX
Create keys (CSA,ETH,OCR(2),P2P,Solana,Terra)XX
Delete keys (CSA,ETH,OCR(2),P2P,Solana,Terra)X
Import keys (CSA,ETH,OCR(2),P2P,Solana,Terra)X
Export keys (CSA,ETH,OCR(2),P2P,Solana,Terra)X
List jobsXXXX
View jobXXXX
Create jobXX
Delete jobXX
List pipeline runsXXXX
View job runsXXXX
Delete job spec errorsXX
View featuresXXXX
View logXXXX
Update logX
List chainsXXXX
View chainXXXX
Create chainXX
Update chainXX
Delete chainXX
View nodesXXXX
Create nodeXX
Update nodeXX
Delete nodeXX
View forwardersXXXX
Create forwarderXX
Delete forwarderXX
Create job runXXX
Create Transfer EVMX
Create Transfer TerraX
Create Transfer SolanaX
Create userX
Delete userX
Edit userX
List usersX

The run command allows for minimal interaction and only enables the ability to replay a specific block number and kick off a job run.

Get the latest Chainlink content straight to your inbox.