Role management¶
The list of possible roles in the blockchain platform is given in module “Authorization of participants”.
Important
The prerequisite for changing permissions of participants (adding or deleting roles) is the availability of the participant’s private key with the “permissioner” role in the node keystore from which the query is made.
Option 1: through REST API¶
Participant permissions are managed by signing (sign method) and broadcasting (broadcast method) of permission transactions through Node REST API.
Query object for sign method:
{
"type":102,
"sender":3GLWx8yUFcNSL3DER8kZyE4TpyAyNiEYsKG,
"senderPublicKey":4WnvQPit2Di1iYXDgDcXnJZ5yroKW54vauNoxdNeMi2g,
"fee":0,
"proofs":[""],
"target":3GPtj5osoYqHpyfmsFv7BMiyKsVzbG1ykfL,
"opType":"add",
"role":"contract_developer",
"dueTimestamp":null
}
Query fields:
type
- the type of the transaction for permission management of participants (type = 102);sender
- the participant address with the permission to issue permission transactions;proofs
- the transaction signature;target
- the participant address, for which permissions are required to be assigned or deleted;role
- participant permissions to be assigned or removed. Possible values: “miner”, “issuer”, “dex”, “permissioner”, “blacklister”, “banned”, “contract_developer”, “connection_manager”;opType
- the type of the operation “add” (add permissions) or “remove” (delete permissions);dueTimestamp
- the permission validity date in the timestamp format. The field is optional.
The response from the node is transferred to the broadcast method.
Option 2: using the Generators utility¶
With the use of the Generators utility, the permission management process can be automated.
Example of console launching:
java -jar generators.jar GrantRolesApp [configfile]
Example of configuration:
permission-granter {
waves-crypto = no
chain-id = T
account = {
addresses = [
"3N2cQFfUDzG2iujBrFTnD2TAsCNohDxYu8w"
]
storage = ${user.home}"/node/keystore.dat"
password = "some string as password"
}
send-to = [
"devnet-aws-fr-2.we.wavesnodes.com:6864"
]
grants = [
{
address: "3N2cQFfUDzG2iujBrFTnD2TAsCNohDxYu8w"
assigns = [
{
permission = "miner",
operation = "add",
due-timestamp = 1527698744623
},
{
permission = "issuer",
operation = "add",
due-timestamp = 1527699744623
},
{
permission = "blacklister",
operation = "add"
},
{
permission = "permissioner",
operation = "remove"
}
]
}
]
txs-per-bucket = 10
}
The field “due-timestamp” limits the role validity; Fields “nodes”, “roles” are mandatory.
If the node is already assigned any of the roles specified in the config, then the case is handled in accordance with the rules:
Current node status |
Status received from transaction |
Processing result |
---|---|---|
No role assigned |
New role |
Success - role assigned |
Role assigned without dueDate |
Role with dueDate |
Checking dueDate; if less than current, then IncorrectDatetime, |
Role assigned with dueDate |
Role with dueDate |
Checking dueDate; if less than current, then IncorrectDatetime, |
Role assigned with dueDate |
Role without dueDate |
Success - role assigned without dueDate |
Role assigned with/without dueDate |
Role removal |
Checking node address; if <> for genesis address, then Success - |