Required JWT authorization for filters_by_party of active contracts?

For this situation…

• admin is stakeholder on all contracts
• clientA is stakeholder on some contracts

… if I call the gRPC GetActiveContracts method (or the state/active-contracts JSON endpoint) with the following…

• A JWT authorizing canReadAs(admin)
• A filters_by_party for clientA

Question: Will the query result include the contracts on which clientA is a stakeholder, since admin has “visibility” to all the contracts?

No, that call will fail with an auth error.

To filter for clientA contracts, the caller must have authorization to canReadAs(clientA) (which is also implied by canActAs(clientA) and canReadAsAnyParty).

See here: