Skip to content

docs: access management guide#29

Merged
marc0olo merged 2 commits into
mainfrom
docs/guides-security-access-management
Mar 19, 2026
Merged

docs: access management guide#29
marc0olo merged 2 commits into
mainfrom
docs/guides-security-access-management

Conversation

@marc0olo
Copy link
Copy Markdown
Member

@marc0olo marc0olo commented Mar 19, 2026

Summary

  • Covers caller identity model (user, canister, anonymous, management principals)
  • Rejecting anonymous callers in both Motoko and Rust
  • Rust guard attribute pattern for declarative access control
  • Owner and role-based access control with complete examples in both languages
  • Controller management via icp canister settings update
  • canister_inspect_message with clear warnings about its limitations
  • Debugging with whoami endpoint pattern

Sync recommendation

informed by dfinity/portal — docs/building-apps/best-practices/general.mdx + canister-security icskill

@marc0olo
Copy link
Copy Markdown
Member Author

marc0olo commented Mar 19, 2026

Review

Must-fix (2)

  1. Missing Runtime import in Controller checks Motoko snippet (line ~214) — The code calls Runtime.trap(...) but only imports Principal. Needs import Runtime "mo:core/Runtime";.

  2. Upstream comment format (line 339) — Missing em dash separator. Current: informed by dfinity/portal docs/.... Should be: informed by dfinity/portal — docs/.... Also, the content is heavily derived from the canister-security icskill, which should be acknowledged.

Suggestions (3)

  1. Rust #[init] takes explicit owner: Principal — differs from Motoko's shared(msg) pattern. A brief note explaining the difference and how to pass the owner during deployment would help.

  2. No Rust equivalent for controller checks — Motoko has Principal.isController but the Rust section doesn't show how to check controllers (requires management canister query). Worth noting the asymmetry.

  3. Checklist vs guide format — Content brief said "checklist" but the page is a proper how-to guide, which is actually better for Diataxis. No change needed, just noting the deviation.

@marc0olo marc0olo mentioned this pull request Mar 19, 2026
Merged
@marc0olo
Copy link
Copy Markdown
Member Author

marc0olo commented Mar 19, 2026

Additional suggestion: make principal type table more explicit

The current table doesn't make it easy to distinguish user vs canister principals. Since they look similar as opaque text, consider adding a format column:

Type Format Example Meaning
User Varies (self-authenticating) wo5qg-ysjaa-aaaaa-... Human with a cryptographic identity
Canister 10 bytes, ends in -cai rrkah-fqaaa-aaaaa-aaaaq-cai Another canister making an inter-canister call
Anonymous Fixed 2vxsx-fae Unauthenticated caller — no identity
Management Fixed aaaaa-aa IC management canister (system calls)

This helps developers who need to distinguish caller types in their access control logic.

@marc0olo
docs: address review feedback for access management guide
2d14d3a 
- Add missing Runtime import in controller checks Motoko snippet
- Expand principal types table with format column and -cai suffix
- Add note about Rust #[init] owner pattern vs Motoko shared(msg)
- Add note about Rust controller checks requiring management canister
- Fix Upstream comment format (em dash, add icskills source)
@marc0olo
Copy link
Copy Markdown
Member Author

marc0olo commented Mar 19, 2026

Feedback addressed:

  • Added missing Runtime import in controller checks Motoko snippet
  • Expanded principal types table with format column (self-authenticating vs 10-byte -cai suffix)
  • Added note about Rust #[init] requiring explicit owner principal at deploy time
  • Added note about Rust controller checks requiring management canister call, with link to onchain-calls page
  • Fixed Upstream comment: added em dash separator, added icskills source

@marc0olo marc0olo merged commit 8778470 into main Mar 19, 2026
1 check passed
@marc0olo marc0olo deleted the docs/guides-security-access-management branch March 19, 2026 11:45
This was referenced Mar 19, 2026
Merged
Merged
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@marc0olo