forked from hyperledger/indy-node
-
Notifications
You must be signed in to change notification settings - Fork 0
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Merge pull request hyperledger#1070 from anikitinDSR/add_auth_rules_md
[Auth rules] Add doc for describing current implemented auth rules
- Loading branch information
Showing
1 changed file
with
56 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,56 @@ | ||
| # Current implemented rules in auth_map | ||
| | Transaction type | Field | Previous value | New value | Who can| Description | | ||
| |------------------|-------|----------------|-----------|--------|-------------| | ||
| | NYM |`role` |`<empty>` | TRUSTEE | TRUSTEE|Adding new TRUSTEE| | ||
| | NYM |`role` |`<empty>` | STEWARD | TRUSTEE|Adding new STEWARD| | ||
| | NYM |`role` |`<empty>` | TRUST_ANCHOR| TRUSTEE, STEWARD|Adding new TRUST_ANCHOR| | ||
| | NYM |`role` |`<empty>` |`<empty>` | TRUSTEE, STEWARD, TRUST_ANCHOR| Adding new Identity Owner| | ||
| | NYM |`role` | TRUSTEE |`<empty>` | TRUSTEE | Blacklisting Trustee| | ||
| | NYM |`role` | STEWARD |`<empty>` | TRUSTEE | Blacklisting Steward| | ||
| | NYM |`role` | TRUST_ANCHOR |`<empty>` | TRUSTEE | Blacklisting Trust anchor| | ||
| | NYM |`verkey`|`*`|`*`| Owner of this nym | Key Rotation| | ||
| | SCHEMA |`*`|`*`|`*`| TRUSTEE, STEWARD, TRUST_ANCHOR | Adding new Schema| | ||
| | SCHEMA |`*`|`*`|`*`| No one can edit existing Schema | Editing Schema| | ||
| | CLAIM_DEF |`*`|`*`|`*`| TRUSTEE, STEWARD, TRUST_ANCHOR| Adding new CLAIM_DEF transaction| | ||
| | CLAIM_DEF |`*`|`*`|`*`| Owner of claim_def txn| Editing CLAIM_DEF transaction| | ||
| | NODE |`services`|`<empty>`|`[VALIDATOR]`| STEWARD if it is owner of this transaction| Adding new node to pool| | ||
| | NODE |`services`|`[VALIDATOR]`|`[]`| TRUSTEE, STEWARD if it is owner of this transaction| Demotion of node| | ||
| | NODE |`services`|`[]`|`[VALIDATOR]`| TRUSTEE, STEWARD if it is owner of this transaction| Promotion of node| | ||
| | NODE |`node_ip`|`*`|`*`| STEWARD if it is owner of this transaction| Changing Node's ip address| | ||
| | NODE |`node_port`|`*`|`*`| STEWARD if it is owner of this transaction| Changing Node's port| | ||
| | NODE |`client_ip`|`*`|`*`| STEWARD if it is owner of this transaction| Changing Client's ip address| | ||
| | NODE |`client_port`|`*`|`*`| STEWARD if it is owner of this transaction| Changing Client's port| | ||
| | NODE |`blskey`|`*`|`*`| STEWARD if it is owner of this transaction| Changing Node's blskey| | ||
| | POOL_UPGRADE |`action`|`<empty>`|`start`|TRUSTEE| Starting upgrade procedure| | ||
| | POOL_UPGRADE |`action`|`start`|`cancel`|TRUSTEE| Canceling upgrade procedure| | ||
| | POOL_RESTART |`action`|`*`|`*`|TRUSTEE| Restarting pool command| | ||
| | POOL_CONFIG |`action`|`*`|`*`|TRUSTEE| Pool config command (like a `read only` option)| | ||
| | VALIDATOR_INFO |`*`|`*`|`*`| TRUSTEE, STEWARD| Getting validator_info from pool| | ||
|
|
||
|
|
||
| ### Also, there is a some optional rules for case if in config option ANYONE_CAN_WRITE is set to True: | ||
| | Transaction type | Field | Previous value | New value | Who can| Description | | ||
| |------------------|-------|----------------|-----------|--------|-------------| | ||
| |NYM |`role`|`<empty>`|`<empty>`| Anyone| Adding new nym| | ||
| |SCHEMA |`*`|`*`|`*`| Anyone| Any operations with SCHEMA transaction| | ||
| |CLAIM_DEF |`*`|`*`|`*`| Anyone| Any operations with CLAIM_DEF transaction| | ||
|
|
||
|
|
||
| ### As of now it's not implemented yet, but the next rules for Revocation feature are needed: | ||
| #### If ANYONE_CAN_WRITE is set to False: | ||
| | Transaction type | Field | Previous value | New value | Who can| Description | | ||
| |------------------|-------|----------------|-----------|--------|-------------| | ||
| |REVOC_REG_DEF|`*`|`*`|`*`| TRUSTEE, STEWARD, TRUST_ANCHOR| Adding new REVOC_REG_DEF| | ||
| |REVOC_REG_DEF|`*`|`*`|`*`| Only owners can edit existing REVOC_REG_DEF| Editing REVOC_REG_DEF| | ||
| |REVOC_REG_ENTRY|`*`|`*`|`*`| Only the owner of the corresponding REVOC_REG_DEF can create new REVOC_REG_ENTRY| Adding new REVOC_REG_ENTRY| | ||
| |REVOC_REG_ENTRY|`*`|`*`|`*`| Only owners can edit existing REVOC_REG_ENTRY| Editing REVOC_REG_ENTRY| | ||
|
|
||
| #### If ANYONE_CAN_WRITE is set to True: | ||
| | Transaction type | Field | Previous value | New value | Who can| Description | | ||
| |------------------|-------|----------------|-----------|--------|-------------| | ||
| |REVOC_REG_DEF|`*`|`*`|`*`| Anyone can create new REVOC_REG_DEF| Adding new REVOC_REG_DEF| | ||
| |REVOC_REG_DEF|`*`|`*`|`*`| Only owners can edit existing REVOC_REG_DEF| Editing REVOC_REG_DEF| | ||
| |REVOC_REG_ENTRY|`*`|`*`|`*`| Only the owner of the corresponding REVOC_REG_DEF can create new REVOC_REG_ENTRY| Adding new REVOC_REG_ENTRY| | ||
| |REVOC_REG_ENTRY|`*`|`*`|`*`| Only owners can edit existing REVOC_REG_ENTRY| Adding new REVOC_REG_ENTRY| | ||
|
|
||
|
|