Role management

The list of possible roles in the blockchain platform is given in module “Authorization of participants”.


The prerequisite for changing permissions of participants (adding or deleting roles) is the availability of the participant’s private key with the “permissioner” role in the node keystore from which the query is made.

Option 1: through REST API

Participant permissions are managed by signing (sign method) and broadcasting (broadcast method) of permission transactions through Node REST API.

Query object for sign method:


Query fields:

  • type - the type of the transaction for permission management of participants (type = 102);

  • sender - the participant address with the permission to issue permission transactions;

  • proofs - the transaction signature;

  • target - the participant address, for which permissions are required to be assigned or deleted;

  • role - participant permissions to be assigned or removed. Possible values: “miner”, “issuer”, “dex”, “permissioner”, “blacklister”, “banned”, “contract_developer”, “connection_manager”;

  • opType - the type of the operation “add” (add permissions) or “remove” (delete permissions);

  • dueTimestamp - the permission validity date in the timestamp format. The field is optional.

The response from the node is transferred to the broadcast method.

Option 2: using the Generators utility

With the use of the Generators utility, the permission management process can be automated.

Example of console launching:

java -jar generators.jar GrantRolesApp [configfile]

Example of configuration:

permission-granter {
waves-crypto = no
chain-id = T
account = {
    addresses = [
    storage = ${user.home}"/node/keystore.dat"
    password = "some string as password"
send-to = [
grants = [
    address: "3N2cQFfUDzG2iujBrFTnD2TAsCNohDxYu8w"
    assigns = [
        permission = "miner",
        operation = "add",
        due-timestamp = 1527698744623
        permission = "issuer",
        operation = "add",
        due-timestamp = 1527699744623
        permission = "blacklister",
        operation = "add"
        permission = "permissioner",
        operation = "remove"
txs-per-bucket = 10

The field “due-timestamp” limits the role validity; Fields “nodes”, “roles” are mandatory.

If the node is already assigned any of the roles specified in the config, then the case is handled in accordance with the rules:

Current node status

Status received from transaction

Processing result

No role assigned

New role

Success - role assigned

Role assigned without dueDate

Role with dueDate

Checking dueDate; if less than current, then IncorrectDatetime,
otherwise Success - role assigned with duedate

Role assigned with dueDate

Role with dueDate

Checking dueDate; if less than current, then IncorrectDatetime,
otherwise Success - updating dueDate

Role assigned with dueDate

Role without dueDate

Success - role assigned without dueDate

Role assigned with/without dueDate

Role removal

Checking node address; if <> for genesis address, then Success -
role removed