7.1. Permissions¶
Hyperledger Iroha uses a role-based access control system to limit actions of its users. This system greatly helps to implement use cases involving user groups having different access levels — ranging from the weak users, who can't even receive asset transfer to the super-users. The beauty of our permission system is that you don't have to have a super-user in your Iroha setup or use all the possible permissions: you can create segregated and lightweight roles.
Maintenance of the system involves setting up roles and permissions, that are included in the roles. This might be done at the initial step of system deployment — in genesis block, or later when Iroha network is up and running, roles can be changed (if there is a role that can do that :)
This section will help you to understand permissions and give you an idea of how to create roles including certain permissions. Each permission is provided with an example written in Python that demonstrates the way of transaction or query creation, which require specific permission. Every example uses commons.py module, which listing is available at Supplementary Sources section.
7.2. List of Permissions¶
Permission Name | Category | Type |
---|---|---|
can_create_account | Account | 커맨드(command) |
can_set_detail | Account | 커맨드(command) |
can_set_my_account_detail grantable |
Account | 커맨드(command) |
can_create_asset | 에셋(Asset) | 커맨드(command) |
can_receive | 에셋(Asset) | 커맨드(command) |
can_transfer | 에셋(Asset) | 커맨드(command) |
can_transfer_my_assets grantable |
에셋(Asset) | 커맨드(command) |
can_add_asset_qty | Asset Quantity | 커맨드(command) |
can_subtract_asset_qty | Asset Quantity | 커맨드(command) |
can_add_domain_asset_qty | Asset Quantity | 커맨드(command) |
can_subtract_domain_asset_qty | Asset Quantity | 커맨드(command) |
can_create_domain | 도메인(Domain) | 커맨드(command) |
can_grant_can_add_my_signatory | Grant | 커맨드(command) |
can_grant_can_remove_my_signatory | Grant | 커맨드(command) |
can_grant_can_set_my_account_detail | Grant | 커맨드(command) |
can_grant_can_set_my_quorum | Grant | 커맨드(command) |
can_grant_can_transfer_my_assets | Grant | 커맨드(command) |
can_add_peer | Peer | 커맨드(command) |
can_append_role | 역할(Role) | 커맨드(command) |
can_create_role | 역할(Role) | 커맨드(command) |
can_detach_role | 역할(Role) | 커맨드(command) |
can_add_my_signatory grantable |
Signatory | 커맨드(command) |
can_add_signatory | Signatory | 커맨드(command) |
can_remove_my_signatory grantable |
Signatory | 커맨드(command) |
can_remove_signatory | Signatory | 커맨드(command) |
can_set_my_quorum grantable |
Signatory | 커맨드(command) |
can_set_quorum | Signatory | 커맨드(command) |
can_get_all_acc_detail | Account | 쿼리 |
can_get_all_accounts | Account | 쿼리 |
can_get_domain_acc_detail | Account | 쿼리 |
can_get_domain_accounts | Account | 쿼리 |
can_get_my_acc_detail | Account | 쿼리 |
can_get_my_account | Account | 쿼리 |
can_get_all_acc_ast | Account Asset | 쿼리 |
can_get_domain_acc_ast | Account Asset | 쿼리 |
can_get_my_acc_ast | Account Asset | 쿼리 |
can_get_all_acc_ast_txs | Account Asset Transaction | 쿼리 |
can_get_domain_acc_ast_txs | Account Asset Transaction | 쿼리 |
can_get_my_acc_ast_txs | Account Asset Transaction | 쿼리 |
can_get_all_acc_txs | Account Transaction | 쿼리 |
can_get_domain_acc_txs | Account Transaction | 쿼리 |
can_get_my_acc_txs | Account Transaction | 쿼리 |
can_read_assets | 에셋(Asset) | 쿼리 |
can_get_blocks | Block Stream | 쿼리 |
can_get_roles | 역할(Role) | 쿼리 |
can_get_all_signatories | Signatory | 쿼리 |
can_get_domain_signatories | Signatory | 쿼리 |
can_get_my_signatories | Signatory | 쿼리 |
can_get_all_txs | 트랜젝션 | 쿼리 |
can_get_my_txs | 트랜젝션 | 쿼리 |