smartcontractkit · khadni · Mar 4, 2024 · Mar 5, 2024 · Mar 6, 2024 · Mar 6, 2024
@@ -22,7 +22,7 @@ You can generate the `config.toml` file using the `chainlink config dump` comman
    docker exec -it chainlink bash
    ```
 
-1. Log in to the Chainlink CLI with an account that has admin access:
+1. Log in to the Chainlink CLI with an account that has [`admin`](/chainlink-nodes/v1/roles-and-access#roles-and-access) access:
 
    ```shell
    chainlink admin login

@@ -2,11 +2,20 @@
 section: nodeOperator
 date: Last Modified
 title: "Bridges: Adding External Adapters to Nodes"
+whatsnext: { "Assign role-based access tiers to users": "/chainlink-nodes/v1/roles-and-access" }
 ---
 
 import { Aside } from "@components"
 
-You can add external adapters to a Chainlink node by creating a bridge in the Node Operators Interface. Each bridge must have a unique name and a URL for the external adapter. If a job has a [Bridge Task](/chainlink-nodes/oracle-jobs/all-tasks/#bridge-task), the node searches for a bridge by name and uses that bridge as your external adapter. Bridge names are case insensitive.
+You can add external adapters to a Chainlink node by creating a bridge in the Node Operators Interface.
+
+## Users access to Bridges
+
+Chainlink Nodes have a [role-based access control](/chainlink-nodes/v1/roles-and-access) system. Ensure you assign the appropriate role to users who manage bridges.
+
+## Create a Bridge
+
+Each bridge must have a unique name and a URL for the external adapter. If a job has a [Bridge Task](/chainlink-nodes/oracle-jobs/all-tasks/#bridge-task), the node searches for a bridge by name and uses that bridge as your external adapter. Bridge names are case insensitive.
 
 To create a bridge on the node, go to the **Create Bridge** tab in the Node Operators Interface. Specify a name for the bridge, the URL for your external adapter, and optionally specify the minimum contract payment and number of confirmations for the bridge. Minimum contract payment is a fee paid in LINK for the Chainlink node making a call to the external adapter via the bridge. This fee is in addition to the fee specified at the global node level for processing job requests.
 

@@ -2,6 +2,7 @@
 section: nodeOperator
 date: Last Modified
 title: "Adding External Initiators to Nodes"
+whatsnext: { "Assign role-based access tiers to users": "/chainlink-nodes/v1/roles-and-access" }
 ---
 
 import { Aside } from "@components"
@@ -11,9 +12,13 @@ import { Aside } from "@components"
   variable](/chainlink-nodes/v1/configuration) to enable this feature.
 </Aside>
 
+## Users access to external initiators
+
+Chainlink Nodes have a [role-based access control](/chainlink-nodes/v1/roles-and-access) system. Ensure you assign the appropriate role to users who manage external initiators.
+
 ## Creating an external initiator
 
-To create an external initiator you must use the remote API. You can do this yourself, like so:
+To create an external initiator, you must have an [`edit`](/chainlink-nodes/v1/roles-and-access#roles-and-access) or [`admin`](/chainlink-nodes/v1/roles-and-access#roles-and-access) role and use the remote API. Execute the following command:
 
 {/* prettier-ignore */}
 ```text
@@ -100,7 +105,7 @@ To try a real-life example, feel free to follow along with the <a href="https://
 
 ## Deleting an external initiator
 
-To delete an external initiator you must use the remote API. You can do this yourself, like so:
+To delete an external initiator, you must have an [`edit`](/chainlink-nodes/v1/roles-and-access#roles-and-access) or [`admin`](/chainlink-nodes/v1/roles-and-access#roles-and-access) role and use the remote API. Execute the following command:
 
 ```text
 DELETE http://<your chainlink node>/v2/external_initiators/<external initiator name>

@@ -26,6 +26,10 @@ Chainlink nodes require jobs to do anything useful. For example, posting asset p
 
 Jobs are represented by TOML specifications.
 
+## Users access to Jobs
+
+Chainlink Nodes have a [role-based access control](/chainlink-nodes/v1/roles-and-access) system. Ensure you assign the appropriate role to users who manage jobs.
+
 ## Example v2 job spec
 
 The following is an example `cron` job spec. This is a simple spec that you can add to a node:

@@ -66,6 +66,10 @@ Due to the early nature of the software, it may be required to perform frequent
 
 On performing system maintenance to update the Chainlink node, follow [this](/chainlink-nodes/resources/performing-system-maintenance/#failover-node-example) guide.
 
+## Role-based Access Control (RBAC)
+
+Use Chainlink Nodes [role-based access](/chainlink-nodes/v1/roles-and-access) tiers to grant specific access to multiple users without providing admin privileges to all users.
+
 ## Jobs and Config
 
 The following are suggestions for job specifications and configuration settings for the node.

@@ -2,13 +2,17 @@
 section: nodeOperator
 date: Last Modified
 title: "Miscellaneous"
-whatsnext: { "Security and Operation Best Practices": "/chainlink-nodes/resources/best-security-practices" }
+whatsnext:
+  {
+    "Security and Operation Best Practices": "/chainlink-nodes/resources/best-security-practices",
+    "Assign role-based access tiers to users": "/chainlink-nodes/v1/roles-and-access",
+  }
 ---
 
 import { Aside } from "@components"
 import { Tabs } from "@components/Tabs"
 
-## Execute Commands Running Docker
+## Execute commands running Docker
 
 In order to interact with the node's CLI commands, you need to be authenticated. This means that you need to access a shell within the Chainlink node's running container first. You can obtain the running container's `NAME` by running:
 
@@ -56,7 +60,7 @@ If no jobs have been added, you will receive the following output, otherwise, th
 ╬════╬════════════╬════════════╬═══════╬
 ```
 
-## Transfer funds from node wallet.
+## Transfer funds from node wallet
 
 <Aside type="note" title="Note for Docker">
   If using Docker, you will first need to follow the [Execute Commands Running Docker](#execute-commands-running-docker)
@@ -96,7 +100,7 @@ It will ask for your old password first, then ask for the new password and a con
 
 Once complete, you should see a message "Password updated."
 
-## Multi-user and Role Based Access Control (RBAC)
+## Multi-user and Role-Based Access Control (RBAC)
 
 See the [Roles and Access Control](/chainlink-nodes/v1/roles-and-access) page.
 
@@ -135,7 +139,7 @@ Updated:           2023-04-26 08:12:51.340348 +0000 UTC
 
 ### Create a new ETH Key
 
-To create a key in the node's keystore alongside the existing keys, run the following command:
+To create a key in the node's keystore alongside the existing keys, you must have an [`edit`](/chainlink-nodes/v1/roles-and-access#roles-and-access) or [`admin`](/chainlink-nodes/v1/roles-and-access#roles-and-access) role. Run the following command:
 
 ```shell
 chainlink keys eth create
@@ -161,7 +165,7 @@ Max Gas Price Wei: 1157920892373161954235709850086879078532699846656405640394575
 
 ### Export an ETH key
 
-To export an Ethereum key to a JSON file, run the following command:
+To export an Ethereum key to a JSON file, , you must have an [`admin`](/chainlink-nodes/v1/roles-and-access#roles-and-access) role. Run the following command:
 
 ```shell
 chainlink keys eth export [address] [command options]
@@ -186,7 +190,7 @@ chainlink keys eth export 0xd31961E1f62A2FaB824AC3C1A7a332daF8B11eE0 --newpasswo
 
 ### Delete an ETH key
 
-To remove an Ethereum key, run the following command:
+To remove an Ethereum key, you must have an [`admin`](/chainlink-nodes/v1/roles-and-access#roles-and-access) role. Run the following command:
 
 ```shell
 chainlink keys eth delete [address] [command options]
@@ -209,7 +213,7 @@ Deleted ETH key: 0xd31961E1f62A2FaB824AC3C1A7a332daF8B11eE0
 
 ### Import an ETH key
 
-To import an Ethereum key from a JSON file, run the following command:
+To import an Ethereum key from a JSON file, you must have an [`admin`](/chainlink-nodes/v1/roles-and-access#roles-and-access) role. Run the following command:
 
 ```shell
 chainlink keys eth import [JSON file] [command options]

@@ -6,6 +6,7 @@ whatsnext:
   {
     "Performing System Maintenance": "/chainlink-nodes/resources/performing-system-maintenance",
     "v2 Jobs": "/chainlink-nodes/oracle-jobs/jobs",
+    "Assign role-based access tiers to users": "/chainlink-nodes/v1/roles-and-access",
     "Security and Operation Best Practices": "/chainlink-nodes/resources/best-security-practices",
   }
 metadata:
@@ -101,7 +102,9 @@ Your node works with several different types of addresses. Each address type has
 
 You will create a job that calls an OpenAPI , parses the response and then return a `uint256`.
 
-1. In the Chainlink Operator UI on the **Jobs** tab, click **New Job**.
+1. Log in to the Chainlink Operator UI with an [admin](/chainlink-nodes/v1/roles-and-access#roles-and-access) or [edit](/chainlink-nodes/v1/roles-and-access#roles-and-access) role account.
+
+1. On the **Jobs** tab, click **New Job**.
 
    ![The new job button.](/images/chainlink-nodes/node-operators/new-job-button.png)
 

@@ -4,27 +4,15 @@ date: Last Modified
 title: "Role-Based Access Control (RBAC)"
 ---
 
-Chainlink Nodes allow the root admin CLI user and any additional admin users to create and assign tiers of role-based access to new users. These new API users can able to log in to the Operator UI independently.
+import { Aside } from "@components"
 
-Each user has a specific role assigned to their account. There are four roles: `admin`, `edit`, `run`, and `view`.
+Chainlink Nodes allow the root admin CLI user and additional admin users to assign role-based access tiers. This approach grants specific access to multiple users without providing admin privileges to all users.
 
-If there are multiple users who need specific access to manage the Chainlink Node instance, permissions and level of access can be set here.
+These new API users can log in to the Operator UI independently.
 
-User management is configured through the use of the admin `chainlink admin users` command. Run `chainlink admin login` before you set user roles for other accounts. For example, a view-only user can be created with the following command:
+## Roles and access
 
-```shell
-chainlink admin users create [email protected] --role=view
-```
-
-To modify permissions or delete existing users, run the `admin users chrole` or `admin users delete` commands. Use the `-h` flag to get a full list of options for these commands:
-
-```shell
-chainlink admin users chrole -h
-```
-
-```shell
-chainlink admin users delete -h
-```
+Each user has a specific role assigned to their account. There are four roles: `admin`, `edit`, `run`, and `view`.
 
 Specific actions are enabled to check role-based access before they execute. The following table lists the actions that have role-based access and the role that is required to run that action:
 
@@ -84,4 +72,69 @@ Specific actions are enabled to check role-based access before they execute. The
 | Edit user                                     |      |     |      |   X   |
 | List users                                    |      |     |      |   X   |
 
-The run command allows for minimal interaction and only enables the ability to replay a specific block number and kick off a job run.
+## Configure users and roles
+
+You can only use the CLI to configure role-based access.
+
+### Prerequisites
+
+Only admins can configure role-based access. Connect to the Chainlink node container and log in as an admin before you create, modify, or delete user roles for other accounts:
+
+1. Open an interactive shell session on the container that is running your node:
+
+   ```shell
+   docker exec -it chainlink /bin/bash
+   ```
+
+1. Log into the Chainlink CLI:
+
+   ```shell
+   chainlink admin login
+   ```
+
+   The CLI prompts you for the admin credentials that you configured for your node.
+
+<Aside type="note" title="Log out of the CLI after your changes">
+    Log out of the CLI after your changes. This prevents users with access to the shell from executing admin commands.
+
+    To log out from the shell session, run:
+
+    ```shell
+    chainlink admin logout
+    ```
+
+</Aside>
+
+### View the current list of users
+
+To view the current list of users, run the following command:
+
+```shell
+chainlink admin users list
+```
+
+### Create a new user with a specific role
+
+For example, you can create a user with view-only permissions on the node with the following command:
+
+```shell
+chainlink admin users create [email protected] --role=view
+```
+
+This user can now log into the UI and query the API, but cannot change any settings or jobs.
+
+### Modify a user role and permissions
+
+To modify permissions, run the `admin users chrole` command. Use the `-h` flag to get a complete list of options for these commands:
+
+```shell
+chainlink admin users chrole -h
+```
+
+### Delete a user role and permissions
+
+To delete existing users, run the `admin users delete` command. Use the `-h` flag to get a complete list of options for these commands:
+
+```shell
+chainlink admin users delete -h
+```
@@ -2,6 +2,7 @@
 section: nodeOperator
 date: Last Modified
 title: "Forwarder tutorial"
+whatsnext: { "Assign role-based access tiers to users": "/chainlink-nodes/v1/roles-and-access" }
 metadata:
   title: "Chainlink Node Operators: Forwarder tutorial"
   description: "Use a forwarder contract for more security and flexibility."

@@ -34,6 +34,25 @@ import styles from "@features/landing/styles/EthereumLandingPage.module.css"
         />
       </a>
     </div>
+    <div class="card">
+      <img src="/images/chainlink-nodes/cl-nodes-RBAC.png" class="cl-image-featured" height="50" />
+      <h3 class={styles.cardTitle}>Manage Node User Roles and Permissions</h3>
+      <p style="margin-top: var(--space-2x)">Configure user access and roles on your Node for tailored permissions.</p>
+      <a
+        href="/chainlink-nodes/v1/roles-and-access"
+        class={button.secondary}
+        style="margin-top: var(--space-4x); display: inline-flex;"
+      >
+        {"Learn More"}
+        <img
+          class="cta-learnmore-arrow"
+          src="/images/card-icons/navigation-arrow-right.svg"
+          loading="lazy"
+          alt="Right arrow"
+          style="height: 16px"
+        />
+      </a>
+    </div>
     <div class="card">
       <div>
         <img