Restricting participant to deploy/upload Daml contract

Hi DA Team,

Do we have any configuration related to how to provide control on who can deploy/upload the DAML contracts and dar file,
Like currently I am using the below command to upload the dar file on participant node, but if any one know the host and port of participant can also upload the dar file.

daml ledger upload-dar --host localhost --port 5012 /root/canton/canton-node/daml/canton-open-source-2.8.11/daml/CantonExamples/.daml/dist/CantonExamples-2.8.11.dar

When you run commands like daml ledger upload-dar, the Daml Assistant is making calls to the Ledger API. The Ledger API can be configured to require JWT authorization. If you enable JWT authorization on the participant, then daml ledger upload-dar will fail unless you also include an --access-token-file TOKEN_PATH argument.

See the related Authorization and Participant Configuration docs.

Note that the ability to upload DARs is part of the PackageManagementService. If you find that in the table, you will notice that the token must be for a user with participant_admin rights.

Use mock-oauth2-server with Canton Ledger API includes a sample which enables JWT authorization. You may find that a helpful reference.

Thanks @WallaceKelly, let me have look on the document you provided for using oauth service