User Management Service has been introduced to Daml Hub
The User Management Service and the concept of a Daml user were introduced in Daml 2.0. A Daml user is typically associated with a primary party and is given the rights to act as or read as other parties. More can be read about the User Management Service in the Daml v2.0 release notes here or the latest documentation on the feature here. Daml Hub has now introduced this feature, allowing Hub customers to add, change, and remove users in the UI or using the API.
Before the User Management Service, difficult to manage multi-party tokens were needed for mapping application users to rights for acting and reading as specific parties. The restriction on the number of parties which could be included in one JWT token header limited the number of parties that a user could act or read as. Introducing the User Management Service to Daml Hub means that the mapping of parties to users can be managed on Daml Hub and a single user token can be used to authenticate users. In addition, more act-as and read-as parties can be associated with a user than were possible in multi-party tokens. Parties also now become more like roles and Daml moves to be in line with more familiar concepts like users, roles, and groups in databases. This means that dynamic group management becomes easier.
All ledgers in Daml Hub have the User Management Service enabled and users can add, amend, and delete users in the UI on the Identities tab or using the new API.
To start using the User Management Service feature today, visit the ‘Identities’ tab of a ledger and more information about the User Management service can be found in the following places: