diff --git a/docs/auth_rules.md b/docs/auth_rules.md index ba19a4fbd..d06b87e11 100644 --- a/docs/auth_rules.md +++ b/docs/auth_rules.md @@ -1,378 +1,354 @@ # Current implemented rules in auth_map - - + + + + + - - - - - - + + + + + + - - - - - - + + + + + + - - - - - - + + + + + + - - - - - - + + + + + + - - - - - - + + + + + + - - - - - - + + + + + + - - - - - - + + + + + + - - - - - - + + + + + + - - - - - - + + + + + + - - - - - - + + + + + + - - - - - - + + + + + + - - - - - - + + + + + + - - - - - - + + + + + + - - - - - - + + + + + + - - - - - - + + + + + + - - - - - - + + + + + + - - - - - - + + + + + + - - - - - - + + + + + + - - - - - - + + + + + + - - - - - - + + + + + + - - - - - - + + + + + + - - - - - - + + + + + + - - - - - - + + + + + + - - - - - - + + + + + + - - - - - - + + + + + + - - - - - - + + + + + + - - - - - - + + + + + +
Transaction type - Field - Previous value - New value - Who can - Description + Transaction typeFieldPrevious valueNew valueWho canDescription
NYM`role```TRUSTEETRUSTEEAdding new TRUSTEENYM`role```TRUSTEETRUSTEEAdding new TRUSTEE
NYM`role```STEWARDTRUSTEEAdding new STEWARDNYM`role```STEWARDTRUSTEEAdding new STEWARD
NYM`role```TRUST_ANCHORTRUSTEE, STEWARDAdding new TRUST_ANCHORNYM`role```TRUST_ANCHORTRUSTEE, STEWARDAdding new TRUST_ANCHOR
NYM`role```NETWORK_MONITORTRUSTEE, STEWARDAdding new NETWORK_MONITORNYM`role```NETWORK_MONITORTRUSTEE, STEWARDAdding new NETWORK_MONITOR
NYM`role`````TRUSTEE, STEWARD, TRUST_ANCHORAdding new Identity OwnerNYM`role`````TRUSTEE, STEWARD, TRUST_ANCHORAdding new Identity Owner
NYM`role`TRUSTEE``TRUSTEEBlacklisting TrusteeNYM`role`TRUSTEE``TRUSTEEBlacklisting Trustee
NYM`role`STEWARD``TRUSTEEBlacklisting StewardNYM`role`STEWARD``TRUSTEEBlacklisting Steward
NYM`role`TRUST_ANCHOR``TRUSTEEBlacklisting Trust anchorNYM`role`TRUST_ANCHOR``TRUSTEEBlacklisting Trust anchor
NYM`role`NETWORK_MONITOR``TRUSTEE, STEWARDBlacklisting user with NETWORK_MONITOR roleNYM`role`NETWORK_MONITOR``TRUSTEE, STEWARDBlacklisting user with NETWORK_MONITOR role
NYM`verkey``*``*`Owner of this nymKey RotationNYM`verkey``*``*`Owner of this nymKey Rotation
SCHEMA`*``*``*`TRUSTEE, STEWARD, TRUST_ANCHORAdding new SchemaSCHEMA`*``*``*`TRUSTEE, STEWARD, TRUST_ANCHORAdding new Schema
SCHEMA`*``*``*`No one can edit existing SchemaEditing SchemaSCHEMA`*``*``*`No one can edit existing SchemaEditing Schema
CLAIM_DEF`*``*``*`TRUSTEE, STEWARD, TRUST_ANCHORAdding new CLAIM_DEF transactionCLAIM_DEF`*``*``*`TRUSTEE, STEWARD, TRUST_ANCHORAdding new CLAIM_DEF transaction
CLAIM_DEF`*``*``*`Owner of claim_def txnEditing CLAIM_DEF transactionCLAIM_DEF`*``*``*`Owner of claim_def txnEditing CLAIM_DEF transaction
NODE`services````[VALIDATOR]`STEWARD if it doesn't own NODE transaction yetAdding new node to poolNODE`services````[VALIDATOR]`STEWARD if it doesn't own NODE transaction yetAdding new node to pool
NODE`services``[VALIDATOR]``[]`TRUSTEE, STEWARD if it is owner of this transactionDemotion of nodeNODE`services``[VALIDATOR]``[]`TRUSTEE, STEWARD if it is owner of this transactionDemotion of node
NODE`services``[]``[VALIDATOR]`TRUSTEE, STEWARD if it is owner of this transactionPromotion of nodeNODE`services``[]``[VALIDATOR]`TRUSTEE, STEWARD if it is owner of this transactionPromotion of node
NODE`node_ip``*``*`STEWARD if it is owner of this transactionChanging Node's ip addressNODE`node_ip``*``*`STEWARD if it is owner of this transactionChanging Node's ip address
NODE`node_port``*``*`STEWARD if it is owner of this transactionChanging Node's portNODE`node_port``*``*`STEWARD if it is owner of this transactionChanging Node's port
NODE`client_ip``*``*`STEWARD if it is owner of this transactionChanging Client's ip addressNODE`client_ip``*``*`STEWARD if it is owner of this transactionChanging Client's ip address
NODE`client_port``*``*`STEWARD if it is owner of this transactionChanging Client's portNODE`client_port``*``*`STEWARD if it is owner of this transactionChanging Client's port
NODE`blskey``*``*`STEWARD if it is owner of this transactionChanging Node's blskeyNODE`blskey``*``*`STEWARD if it is owner of this transactionChanging Node's blskey
POOL_UPGRADE`action````start`TRUSTEEStarting upgrade procedurePOOL_UPGRADE`action````start`TRUSTEEStarting upgrade procedure
POOL_UPGRADE`action``start``cancel`TRUSTEECanceling upgrade procedurePOOL_UPGRADE`action``start``cancel`TRUSTEECanceling upgrade procedure
POOL_RESTART`action``*``*`TRUSTEERestarting pool commandPOOL_RESTART`action``*``*`TRUSTEERestarting pool command
POOL_CONFIG`action``*``*`TRUSTEEPool config command (like a `read only` option)POOL_CONFIG`action``*``*`TRUSTEEPool config command (like a `read only` option)
VALIDATOR_INFO`*``*``*`TRUSTEE, STEWARD, NETWORK_MONITORGetting validator_info from poolVALIDATOR_INFO`*``*``*`TRUSTEE, STEWARD, NETWORK_MONITORGetting validator_info from pool
### Also, there is a some optional rules for case if in config option ANYONE_CAN_WRITE is set to True: - - + + + + + <\/tr> - - - - - - + + + + + + <\/tr> - - - - - - + + + + + + <\/tr> - - - - - - + + + + + + <\/tr>
Transaction type - Field - Previous value - New value - Who can - Description + Transaction typeFieldPrevious valueNew valueWho canDescription
NYM`role`````AnyoneAdding new nymNYM`role`````AnyoneAdding new nym
SCHEMA`*``*``*`AnyoneAny operations with SCHEMA transactionSCHEMA`*``*``*`AnyoneAny operations with SCHEMA transaction
CLAIM_DEF`*``*``*`AnyoneAny operations with CLAIM_DEF transactionCLAIM_DEF`*``*``*`AnyoneAny operations with CLAIM_DEF transaction
### As of now it's not implemented yet, but the next rules for Revocation feature are needed: #### If ANYONE_CAN_WRITE is set to False: - - + + + + + <\/tr> - - - - - - + + + + + + <\/tr> - - - - - - + + + + + + <\/tr> - - - - - - + + + + + + <\/tr> - - - - - - + + + + + + <\/tr>
Transaction type - Field - Previous value - New value - Who can - Description + Transaction typeFieldPrevious valueNew valueWho canDescription
REVOC_REG_DEF`*``*``*`TRUSTEE, STEWARD, TRUST_ANCHORAdding new REVOC_REG_DEFREVOC_REG_DEF`*``*``*`TRUSTEE, STEWARD, TRUST_ANCHORAdding new REVOC_REG_DEF
REVOC_REG_DEF`*``*``*`Only owners can edit existing REVOC_REG_DEFEditing REVOC_REG_DEFREVOC_REG_DEF`*``*``*`Only owners can edit existing REVOC_REG_DEFEditing REVOC_REG_DEF
REVOC_REG_ENTRY`*``*``*`Only the owner of the corresponding REVOC_REG_DEF can create new REVOC_REG_ENTRYAdding new REVOC_REG_ENTRYREVOC_REG_ENTRY`*``*``*`Only the owner of the corresponding REVOC_REG_DEF can create new REVOC_REG_ENTRYAdding new REVOC_REG_ENTRY
REVOC_REG_ENTRY`*``*``*`Only owners can edit existing REVOC_REG_ENTRYEditing REVOC_REG_ENTRYREVOC_REG_ENTRY`*``*``*`Only owners can edit existing REVOC_REG_ENTRYEditing REVOC_REG_ENTRY
#### If ANYONE_CAN_WRITE is set to True: - - + + + + + <\/tr> - - - - - - + + + + + + <\/tr> - - - - - - + + + + + + <\/tr> - - - - - - + + + + + + <\/tr> - - - - - - + + + + + + <\/tr>
Transaction type - Field - Previous value - New value - Who can - Description + Transaction typeFieldPrevious valueNew valueWho canDescription
REVOC_REG_DEF`*``*``*`Anyone can create new REVOC_REG_DEFAdding new REVOC_REG_DEFREVOC_REG_DEF`*``*``*`Anyone can create new REVOC_REG_DEFAdding new REVOC_REG_DEF
REVOC_REG_DEF`*``*``*`Only owners can edit existing REVOC_REG_DEFEditing REVOC_REG_DEFREVOC_REG_DEF`*``*``*`Only owners can edit existing REVOC_REG_DEFEditing REVOC_REG_DEF
REVOC_REG_ENTRY`*``*``*`Only the owner of the corresponding REVOC_REG_DEF can create new REVOC_REG_ENTRYAdding new REVOC_REG_ENTRYREVOC_REG_ENTRY`*``*``*`Only the owner of the corresponding REVOC_REG_DEF can create new REVOC_REG_ENTRYAdding new REVOC_REG_ENTRY
REVOC_REG_ENTRY`*``*``*`Only owners can edit existing REVOC_REG_ENTRYAdding new REVOC_REG_ENTRYREVOC_REG_ENTRY`*``*``*`Only owners can edit existing REVOC_REG_ENTRYAdding new REVOC_REG_ENTRY