Child Chain Control

From ArdorDocs
Jump to: navigation, search

Description

Child Chain Control is a feature that introduces permissioning to the Ardor multichain platform. It manages authorization levels of users on child chains. When operating on the chain that has permissioning policy enabled users can be restricted from performing chain transactions.

Permission Types

In order to use child chain control features, you need to have the proper setup of the child chain. Namely, it's permissionPolicy property should be set to CHILD_CHAIN only then you will be able to control permissioning. To check if it is enabled for a given chain open Account Details dialog. At the bottom of the dialog you should see the value of the Account Permissions property for the current chain. If you don't see Account Permissions property it means you are operating on chain that doesn't support permissioning, ask chain developers to enable it.

Account Details modal on chain that has permission policy.

Without Chain User permission account will not be able to perform chain operations such as sending tokens and user will be presented with the warning.

Account without Chain User permission

Ardor child chains support the following permissions:

Permission Name Assigned by Features
Master Admin developers Can only designate/block admins. Cannot perform operations on chain.
Chain Admin Master Admin Can only designate/block users. Cannot perform operations on chain.
Blocked Chain Admin Master Admin Chain admin rights blocked.
Chain User Chain Admin Can perform operations on chain.
Blocked Chain User Chain Admin Cannot perform operations on chain.

Single account can have multiple permissions per chain:

Account Details modal on chain that has permission policy and has permissions specified

How to assign account permissions

For Ardor accounts to be able to use child chains you need to explicitly grant them Chain User permission. But first you need to designate a few accounts as admins by giving them Chain Admin permission. You need to have at least one Master Admin account (ask developers to configure one or few accounts with Master Admin permission) for that. Master Admin and Chain Admin accounts will have an extra link in the sidebar leading to Permissions Control page:

Sidebar with Permissions Control link

Permissions Control page has two buttons on top that open a modal dialog through which you can grant or remove permissions for specific account. It also lists all the recent permissioning operations on this chain.

Permissions Control page

To grant Chain Admin permission click on Grant Permission button and fill in fields in the modal dialog.

Granting permission to account

You can filter out operations performed by you using toggle control next to Granted by column title. Last column has action buttons that simplify granting or removing permissions by prepopulating account and permission fields in the modal dialog. Once account gets Chain Admin permission it can start granting Chain User permission to other accounts. Chain User permission is essential as it gives account access to chain features.

Grant chain user permission modal.png

How to see which permissions account has

Even if you don't have Chain Admin or Master Admin rights you can still see who granted you permissions from the Account Permissions tab in the User Info modal. It also shows who granted you permissions and when it happened.

Granting permission to account

How to remove previously granted permission

If permission was granted to a wrong account or account no longer needs it you can remove permission (you must yourself have sufficient permissions to do that, check the table above). Click the Remove Permission button on the Permissions Control page and complete the modal dialog. Hint: you can find all the permissions granted by you by clicking the toggle button next to Granted by column title. If you click Remove Permission button from the table - it will prepopulate the modal dialog account and permission fields.

Removing permission

How to block permissions

If you want to block user or admin simply grant them with Blocked Chain User or Blocked Chain Admin permissions. Blocked accounts will not be able to exercise their permissions until someone removes Blocked Chain User or Blocked Chain Admin permissions. Blocked accounts will see who blocked them.