diff --git a/lnrpc/signrpc/signer_server.go b/lnrpc/signrpc/signer_server.go index 9ef07592..dba68fe8 100644 --- a/lnrpc/signrpc/signer_server.go +++ b/lnrpc/signrpc/signer_server.go @@ -38,6 +38,10 @@ var ( Entity: "signer", Action: "generate", }, + { + Entity: "signer", + Action: "read", + }, } // macPermissions maps RPC calls to the permissions they require. @@ -50,6 +54,14 @@ var ( Entity: "signer", Action: "generate", }}, + "/signrpc.Signer/SignMessage": {{ + Entity: "signer", + Action: "generate", + }}, + "/signrpc.Signer/VerifyMessage": {{ + Entity: "signer", + Action: "read", + }}, } // DefaultSignerMacFilename is the default name of the signer macaroon diff --git a/rpcserver.go b/rpcserver.go index bf2a12a8..5215befd 100644 --- a/rpcserver.go +++ b/rpcserver.go @@ -115,6 +115,10 @@ var ( Entity: "invoices", Action: "read", }, + { + Entity: "signer", + Action: "read", + }, } // writePermissions is a slice of all entities that allow write