Role management

The list of possible roles in the blockchain platform is given in module “Authorization of participants”.

Important

The prerequisite for changing permissions of participants (adding or deleting roles) is the availability of the participant’s private key with the “permissioner” role in the node keystore from which the query is made.

Option 1 (through REST API)

Participant permissions are managed by signing (sign method) and broadcasting (broadcast method) of permission transactions through Node REST API.

Query object for sign method:

{
  "type":102,
  "sender":3GLWx8yUFcNSL3DER8kZyE4TpyAyNiEYsKG,
  "senderPublicKey":4WnvQPit2Di1iYXDgDcXnJZ5yroKW54vauNoxdNeMi2g,
  "fee":0,
  "proofs":[""],
  "target":3GPtj5osoYqHpyfmsFv7BMiyKsVzbG1ykfL,
  "opType":"add",
  "role":"contract_developer",
  "dueTimestamp":null
}

Query fields:

  • type - the type of the transaction for the participant permission management (type = 102);

  • sender - the participant address with the permission to issue permission transactions;

  • proofs - the transaction signature;

  • target - the participant address, for which permissions are required to be assigned or deleted;

  • role - participant permissions to be assigned or removed. Possible values: “miner”, “issuer”, “dex”, “permissioner”, “blacklister”, “banned”, “contract_developer”, “connection_manager”;

  • opType - the type of the operation “add” (add permissions) or “remove” (delete permissions);

  • dueTimestamp - the permission validity date in the timestamp format. The field is optional.

Transfer the response from the node to the broadcast method.

Option 2 (using the utility)

Using the Generators utility the process can be automated.

Example of console launching:

java -jar generators.jar GrantRolesApp [configfile]

Example of configuration:

permission-granter {
waves-crypto = no
chain-id = T
account = {
    addresses = [
    "3N2cQFfUDzG2iujBrFTnD2TAsCNohDxYu8w"
    ]
    storage = ${user.home}"/node/keystore.dat"
    password = "some string as password"
}
send-to = [
    "devnet-aws-fr-2.we.wavesnodes.com:6864"
]
grants = [
    {
    address: "3N2cQFfUDzG2iujBrFTnD2TAsCNohDxYu8w"
    assigns = [
        {
        permission = "miner",
        operation = "add",
        due-timestamp = 1527698744623
        },
        {
        permission = "issuer",
        operation = "add",
        due-timestamp = 1527699744623
        },
        {
        permission = "blacklister",
        operation = "add"
        },
        {
        permission = "permissioner",
        operation = "remove"
        }
    ]
    }
]
txs-per-bucket = 10
}

The field “due-timestamp” limits the role validity; Fields “nodes”, “roles” are mandatory.

If the node is already assigned any of the roles specified in the config, then the case is handled in accordance with the rules:

Current node status

Status received from transaction

Processing result

No role assigned

New role

Success - role assigned

Role assigned without dueDate

Role with dueDate

Checking dueDate; if less than current, then IncorrectDatetime,
otherwise Success - role assigned with duedate

Role assigned with dueDate

Role with dueDate

Checking dueDate; if less than current, then IncorrectDatetime,
otherwise Success - updating dueDate

Role assigned with dueDate

Role without dueDate

Success - role assigned without dueDate

Role assigned with/without dueDate

Role removal

Checking node address; if <> for genesis address, then Success -
role removed