Role management

The list of possible roles in the blockchain platform is given in module “Authorization of participants”.

Important

The prerequisite for changing permissions of participants (adding or deleting roles) is the availability of the participant’s private key with the “permissioner” role in the node keystore from which the query is made.

Option 1 (through REST API)

Participant permissions are managed by signing (sign method) and broadcasting (broadcast method) of permission transactions through Node REST API.

Query object for sign method:

{
  "type":102,
  "sender":3GLWx8yUFcNSL3DER8kZyE4TpyAyNiEYsKG,
  "senderPublicKey":4WnvQPit2Di1iYXDgDcXnJZ5yroKW54vauNoxdNeMi2g,
  "fee":0,
  "proofs":[""],
  "target":3GPtj5osoYqHpyfmsFv7BMiyKsVzbG1ykfL,
  "opType":"add",
  "role":"contract_developer",
  "dueTimestamp":null
}

Query fields:

  • type - the type of the transaction for the participant permission management (type = 102);
  • sender - the participant address with the permission to issue permission transactions;
  • proofs - the transaction signature;
  • target - the participant address, for which permissions are required to be assigned or deleted;
  • role - participant permissions to be assigned or removed. Possible values: “miner”, “issuer”, “dex”, “permissioner”, “blacklister”, “banned”, “contract_developer”, “connection_manager”;
  • opType - the type of the operation “add” (add permissions) or “remove” (delete permissions);
  • dueTimestamp - the permission validity date in the timestamp format. The field is optional.

Transfer the response from the node to the broadcast method.

Option 2 (using the utility)

Using the Generators utility the process can be automated.

Example of console launching:

java -jar generators.jar GrantRolesApp [configfile]

Example of configuration:

permission-granter {
waves-crypto = no
chain-id = T
account = {
    addresses = [
    "3N2cQFfUDzG2iujBrFTnD2TAsCNohDxYu8w"
    ]
    storage = ${user.home}"/nodeName/keystore.dat"
    password = "some string as password"
}
send-to = [
    "devnet-aws-fr-2.we.wavesnodes.com:6864"
]
grants = [
    {
    address: "3N2cQFfUDzG2iujBrFTnD2TAsCNohDxYu8w"
    assigns = [
        {
        permission = "miner",
        operation = "add",
        due-timestamp = 1527698744623
        },
        {
        permission = "issuer",
        operation = "add",
        due-timestamp = 1527699744623
        },
        {
        permission = "blacklister",
        operation = "add"
        },
        {
        permission = "permissioner",
        operation = "remove"
        }
    ]
    }
]
txs-per-bucket = 10
}

The field “due-timestamp” limits the role validity; Fields “nodes”, “roles” are mandatory.

If the node is already assigned any of the roles specified in the config, then the case is handled in accordance with the rules:

Current node status Status received from transaction Processing result
No role assigned New role Success - role assigned
Role assigned without dueDate Role with dueDate Checking dueDate; if less than current, then IncorrectDatetime, otherwise Success - role assigned with duedate
Role assigned with dueDate Role with dueDate Checking dueDate; if less than current, then IncorrectDatetime, otherwise Success - updating dueDate
Role assigned with dueDate Role without dueDate Success - role assigned without dueDate
Role assigned with/without dueDate Role removal Checking node address; if <> for genesis address, then Success - role removed