User Management on Daml Hub

Summary

User Management Service has been introduced to Daml Hub

What’s New

The User Management Service and the concept of a Daml user were introduced in Daml 2.0. A Daml user is typically associated with a primary party and is given the rights to act as or read as other parties. More can be read about the User Management Service in the Daml v2.0 release notes here or the latest documentation on the feature here. Daml Hub has now introduced this feature, allowing Hub customers to add, change, and remove users in the UI or using the API.

Before the User Management Service, difficult to manage multi-party tokens were needed for mapping application users to rights for acting and reading as specific parties. The restriction on the number of parties which could be included in one JWT token header limited the number of parties that a user could act or read as. Introducing the User Management Service to Daml Hub means that the mapping of parties to users can be managed on Daml Hub and a single user token can be used to authenticate users. In addition, more act-as and read-as parties can be associated with a user than were possible in multi-party tokens. Parties also now become more like roles and Daml moves to be in line with more familiar concepts like users, roles, and groups in databases. This means that dynamic group management becomes easier.

All ledgers in Daml Hub have the User Management Service enabled and users can add, amend, and delete users in the UI on the Identities tab or using the new API.

To start using the User Management Service feature today, visit the ‘Identities’ tab of a ledger and more information about the User Management service can be found in the following places:

• Daml Hub docs here.
• Daml Hub API documentation here.
• A short video showing how to use the new User Management Service from the Daml Hub console here.
• A guide on how to automate user tokens is here.