After Quorum Key Manager (QKM) authenticates an incoming request, it submits the request to the targeted service which performs authorization checks based on request context before performing service operations.
Role-based access control
See the full list of RBAC permissions.
Resource-based access control
An action is a functionality of your application to be restricted to authorized users. For example, read, create, sign, encrypt, delete, and destroy.
A resource represents a business entity to be managed by your application. Authorization restricts access over resources. QKM currently has the following resources:
|Secret||A key-value element stored in a secure vault system.|
|Key||A cryptographic key.|
|Ethereum account||A cryptographic key allowing interaction with the Ethereum network.|
|Vault||Vault client connector used to persist resources remotely.|
|Store||A storage space for a set of secrets, keys, or Ethereum accounts.|
|Node||A representation of an underlying blockchain node.|
|Alias||A representation of an external public key. For example, a Tessera address.|
|Registry||A storage space for clarifying a set of aliases|