Skip to content
This repository has been archived by the owner on Jan 29, 2022. It is now read-only.

Latest commit

 

History

History
1196 lines (824 loc) · 42.7 KB

permissions.rst

File metadata and controls

1196 lines (824 loc) · 42.7 KB
Raw

Permissions

Hyperledger Iroha uses a role-based access control system to limit actions of its users. This system greatly helps to implement use cases involving user groups having different access levels — ranging from the weak users, who can't even receive asset transfer to the super-users. The beauty of our permission system is that you don't have to have a super-user in your Iroha setup or use all the possible permissions: you can create segregated and lightweight roles.

Maintenance of the system involves setting up roles and permissions, that are included in the roles. This might be done at the initial step of system deployment — in genesis block, or later when Iroha network is up and running, roles can be changed (if there is a role that can do that :)

This section will help you to understand permissions and give you an idea of how to create roles including certain permissions. Each permission is provided with an example written in Python that demonstrates the way of transaction or query creation, which require specific permission. Every example uses commons.py module, which listing is available at Supplementary Sources section.

List of Permissions

Permission Name Category Type
can_create_account Account Command
can_set_detail Account Command
can_set_my_account_detail grantable Account Command
can_create_asset Asset Command
can_receive Asset Command
can_transfer Asset Command
can_transfer_my_assets grantable Asset Command
can_add_asset_qty Asset Quantity Command
can_subtract_asset_qty Asset Quantity Command
can_add_domain_asset_qty Asset Quantity Command
can_subtract_domain_asset_qty Asset Quantity Command
can_create_domain Domain Command
can_grant_can_add_my_signatory Grant Command
can_grant_can_remove_my_signatory Grant Command
can_grant_can_set_my_account_detail Grant Command
can_grant_can_set_my_quorum Grant Command
can_grant_can_transfer_my_assets Grant Command
can_add_peer Peer Command
can_remove_peer Peer Command
can_append_role Role Command
can_create_role Role Command
can_detach_role Role Command
can_add_my_signatory grantable Signatory Command
can_add_signatory Signatory Command
can_remove_my_signatory grantable Signatory Command
can_remove_signatory Signatory Command
can_set_my_quorum grantable Signatory Command
can_set_quorum Signatory Command
can_get_all_acc_detail Account Query
can_get_all_accounts Account Query
can_get_domain_acc_detail Account Query
can_get_domain_accounts Account Query
can_get_my_acc_detail Account Query
can_get_my_account Account Query
can_get_all_acc_ast Account Asset Query
can_get_domain_acc_ast Account Asset Query
can_get_my_acc_ast Account Asset Query
can_get_all_acc_ast_txs Account Asset Transaction Query
can_get_domain_acc_ast_txs Account Asset Transaction Query
can_get_my_acc_ast_txs Account Asset Transaction Query
can_get_all_acc_txs Account Transaction Query
can_get_domain_acc_txs Account Transaction Query
can_get_my_acc_txs Account Transaction Query
can_read_assets Asset Query
can_get_blocks Block Stream Query
can_get_roles Role Query
can_get_all_signatories Signatory Query
can_get_domain_signatories Signatory Query
can_get_my_signatories Signatory Query
can_get_all_txs Transaction Query
can_get_my_txs Transaction Query
can_get_peers Peer Query

Command-related permissions

Account

can_create_account

Allows creating new accounts.

Related API method: Create Account

Example

Admin creates domain "test" that contains only can_create_account permission and Alice account in that domain. Alice can create Bob account.

.. literalinclude:: ../../../example/python/permissions/can_create_account.py
    :language: python
    :linenos:
    :lines: 10-31
can_set_detail

Allows setting account detail.

The permission allows setting details to other accounts. Another way to set detail without can_set_detail permission is to grant can_set_my_account_detail permission to someone. In order to grant, transaction creator should have can_grant_can_set_my_account_detail permission.

Note

Transaction creator can always set detail for own account even without that permission.

Related API method: Set Account Detail

Example

Admin creates domain "test" that contains only can_set_detail permission and Alice account in that domain. Alice can set detail for Admin account.

.. literalinclude:: ../../../example/python/permissions/can_set_detail.py
    :language: python
    :linenos:
    :lines: 10-30
can_set_my_account_detail

Hint

This is a grantable permission.

Permission that allows a specified account to set details for the another specified account.

Note

To grant the permission an account should already have a role with can_grant_can_set_my_account_detail permission.

Related API method: Set Account Detail

Example

Admin creates domain "test" that contains only can_grant_can_set_my_account_detail permission and two accounts for Alice and Bob in that domain. Alice grants to Bob can_set_my_account_detail permission. Bob can set detail for Alice account.

.. literalinclude:: ../../../example/python/permissions/can_set_my_account_detail.py
    :language: python
    :linenos:
    :lines: 10-44

Asset

can_create_asset

Allows creating new assets.

Related API method: Create Asset

Example

Admin creates domain "test" that contains only can_create_asset permission and Alice account in that domain. Alice can create new assets.

.. literalinclude:: ../../../example/python/permissions/can_create_asset.py
    :language: python
    :linenos:
    :lines: 10-30
can_receive

Allows account receive assets.

Related API method: Transfer Asset

Example

Admin creates domain "test" that contains can_receive and can_transfer permissions and two accounts for Alice and Bob. Admin creates "coin" asset, adds some quantity of it and transfers the asset to Alice. Alice can transfer assets to Bob (Alice has can_transfer permission and Bob has can_receive permission).

.. literalinclude:: ../../../example/python/permissions/can_receive.py
    :language: python
    :linenos:
    :lines: 10-48
can_transfer

Allows sending assets from an account of transaction creator.

You can transfer an asset from one domain to another, even if the other domain does not have an asset with the same name.

Note

Destination account should have can_receive permission.

Related API method: Transfer Asset
.. literalinclude:: ../../../example/python/permissions/can_transfer.py
    :language: python
    :linenos:
    :lines: 1-10
can_transfer_my_assets

Hint

This is a grantable permission.

Permission that allows a specified account to transfer assets of another specified account.

See the example (to be done) for the usage details.

Related API method: Transfer Asset

Example

Admin creates domain "test" that contains can_grant_can_transfer_my_assets, can_receive, can_transfer permissions and two accounts for Alice and Bob in that domain. Admin issues some amount of "coin" asset and transfers it to Alice. Alice grants to Bob can_transfer_my_assets permission. Bob can transfer Alice's assets to any account that has can_receive permission, for example, to Admin.

.. literalinclude:: ../../../example/python/permissions/can_transfer_my_assets.py
    :language: python
    :linenos:
    :lines: 10-61

Asset Quantity

can_add_asset_qty

Allows issuing assets.

The corresponding command can be executed only for an account of transaction creator and only if that account has a role with the permission.

Related API method: Add Asset Quantity

Example

Admin creates domain "test" that contains only can_add_asset_qty permission and Alice account in that domain. Admin craetes "coin" asset. Alice can add to own account any amount of any asset (e.g. "coin" asset).

.. literalinclude:: ../../../example/python/permissions/can_add_asset_qty.py
    :language: python
    :linenos:
    :lines: 10-32
can_subtract_asset_qty

Allows burning assets.

The corresponding command can be executed only for an account of transaction creator and only if that account has a role with the permission.

Related API method: Subtract Asset Quantity

Example

Admin creates domain "test" that contains only can_subtract_asset_qty permission and Alice account in that domain. Admin issues some amount of "coin" asset and transfers some amount of "coin" asset to Alice. Alice can burn any amount of "coin" assets.

.. literalinclude:: ../../../example/python/permissions/can_subtract_asset_qty.py
    :language: python
    :linenos:
    :lines: 10-40
can_add_domain_asset_qty

Allows issuing assets only in own domain.

The corresponding command can be executed only for an account of transaction creator and only if that account has a role with the permission and only for assets in creator’s domain.

Related API method: Add Asset Quantity
.. literalinclude:: ../../../example/python/permissions/can_add_domain_asset_qty.py
    :language: python
    :linenos:
    :lines: 1-10
can_subtract_domain_asset_qty

Allows burning assets only in own domain.

The corresponding command can be executed only for an account of transaction creator and only if that account has a role with the permission and only for assets in creator’s domain.

Related API method: Subtract Asset Quantity
.. literalinclude:: ../../../example/python/permissions/can_subtract_domain_asset_qty.py
    :language: python
    :linenos:
    :lines: 1-10

Domain

can_create_domain

Allows creating new domains within the system.

Related API method: Create Domain

Example

Admin creates domain that contains only can_create_domain permission and Alice account in that domain. Alice can create new domains.

.. literalinclude:: ../../../example/python/permissions/can_create_domain.py
    :language: python
    :linenos:
    :lines: 10-31

Grant

can_grant_can_add_my_signatory

Allows role owners grant can_add_my_signatory permission.

Related API methods: Grant Permission, Revoke Permission

Example

Admin creates domain that contains only can_grant_can_add_my_signatory permission and two accounts for Alice and Bob in that domain. Alice can grant to Bob and revoke can_add_my_signatory permission.

.. literalinclude:: ../../../example/python/permissions/can_grant_can_add_my_signatory.py
    :language: python
    :linenos:
    :lines: 10-43
can_grant_can_remove_my_signatory

Allows role owners grant can_remove_my_signatory permission.

Related API methods: Grant Permission, Revoke Permission

Example

Admin creates domain that contains only can_grant_can_remove_my_signatory permission and two accounts for Alice and Bob in that domain. Alice can grant to Bob and revoke can_remove_my_signatory permission.

.. literalinclude:: ../../../example/python/permissions/can_grant_can_remove_my_signatory.py
    :language: python
    :linenos:
    :lines: 10-43
can_grant_can_set_my_account_detail

Allows role owners grant can_set_my_account_detail permission.

Related API methods: Grant Permission, Revoke Permission

Example

Admin creates domain that contains only can_grant_can_set_my_account_detail permission and two accounts for Alice and Bob in that domain. Alice can grant to Bob and revoke can_set_my_account_detail permission.

.. literalinclude:: ../../../example/python/permissions/can_grant_can_set_my_account_detail.py
    :language: python
    :linenos:
    :lines: 10-43
can_grant_can_set_my_quorum

Allows role owners grant can_set_my_quorum permission.

Related API methods: Grant Permission, Revoke Permission

Example

Admin creates domain that contains only can_grant_can_set_my_quorum permission and two accounts for Alice and Bob in that domain. Alice can grant to Bob and revoke can_set_my_quorum permission.

.. literalinclude:: ../../../example/python/permissions/can_grant_can_set_my_quorum.py
    :language: python
    :linenos:
    :lines: 10-44
can_grant_can_transfer_my_assets

Allows role owners grant can_transfer_my_assets permission.

Related API methods: Grant Permission, Revoke Permission

Example

Admin creates domain that contains only can_grant_can_transfer_my_assets permission and two accounts for Alice and Bob in that domain. Alice can grant to Bob and revoke can_transfer_my_assets permission.

.. literalinclude:: ../../../example/python/permissions/can_grant_can_transfer_my_assets.py
    :language: python
    :linenos:
    :lines: 10-56

Peer

can_add_peer

Allows adding peers to the network.

A new peer will be a valid participant in the next consensus round after an agreement on transaction containing "addPeer" command.

Related API method: Add Peer

Example

Admin creates domain that contains only can_add_peer permission and Alice account in that domain. Alice can add new peers.

.. literalinclude:: ../../../example/python/permissions/can_add_peer.py
    :language: python
    :linenos:
    :lines: 10-34
can_remove_peer

Allows removing peers from the network.

Removed peer will not participate in the next consensus round after an agreement on transaction containing "removePeer" command.

Related API method: Remove Peer

Example

Admin creates domain that contains only can_remove_peer permission and Alice account in that domain. Admin adds a second peer. Alice can remove existing peers.

.. literalinclude:: ../../../example/python/permissions/can_remove_peer.py
    :language: python
    :linenos:
    :lines: 10-37

Role

can_append_role

Allows appending roles to another account.

You can append only that role that has lesser or the same set of privileges as transaction creator.

Related API method: Append Role

Example

Admin creates domian that contains can_append_role and can_add_peer permissions and two accounts for Alice and Bob in that domain. Admin creates the second role that contains only can_add_peer permission. Alice can append role to Bob.

.. literalinclude:: ../../../example/python/permissions/can_append_role.py
    :language: python
    :linenos:
    :lines: 10-40
can_create_role

Allows creating a new role within a system.

Possible set of permissions for a new role is limited to those permissions that transaction creator has.

Related API method: Create Role

Example

Admin creates domain that contains only can_create_role permission and Alice account in that domain. Alice can create new roles.

.. literalinclude:: ../../../example/python/permissions/can_create_role.py
    :language: python
    :linenos:
    :lines: 10-33
can_detach_role

Allows revoking a role from a user.

Note

Due to a known issue the permission allows to detach any role without limitations https://soramitsu.atlassian.net/browse/IR-1468

Related API method: Detach Role

Example

Admin creates domain that contains only can_detach_role permission and creates Alice account in that domain. Admin has two roles test_role and admin_role. Alice can detach test_role from Admin account.

.. literalinclude:: ../../../example/python/permissions/can_detach_role.py
    :language: python
    :linenos:
    :lines: 10-30

Signatory

can_add_my_signatory

Hint

This is a grantable permission.

Permission that allows a specified account to add an extra public key to the another specified account.

Related API method: Add Signatory

Example

Admin creates domain that contains only can_grant_can_add_my_signatory permission and two accounts for Alice and Bob in that domain. Alice can grant to Bob can_add_my_signatory permission. Bob can add an extra key to Alice account.

.. literalinclude:: ../../../example/python/permissions/can_add_my_signatory.py
    :language: python
    :linenos:
    :lines: 10-45
can_add_signatory

Allows linking additional public keys to account.

The corresponding command can be executed only for an account of transaction creator and only if that account has a role with the permission.

Related API method: Add Signatory

Example

Admin creates domain that contains only can_add_signatory permission and Alice account in that domain. Alice can add to own account additional keys.

.. literalinclude:: ../../../example/python/permissions/can_add_signatory.py
    :language: python
    :linenos:
    :lines: 10-32
can_remove_my_signatory

Hint

This is a grantable permission.

Permission that allows a specified account remove public key from the another specified account.

See the example (to be done) for the usage details.

Related API method: Remove Signatory

Example

Admin creates domain that contains can_add_signatory and can_grant_can_remove_my_signatory permissions and two accounts for Alice and Bob. Alice grants can_remove_my_signatory permission to Bob and adds additional key to own account. Bob can remove one of Alice's keys.

.. literalinclude:: ../../../example/python/permissions/can_remove_my_signatory.py
    :language: python
    :linenos:
    :lines: 10-51
can_remove_signatory

Allows unlinking additional public keys from an account.

The corresponding command can be executed only for an account of transaction creator and only if that account has a role with the permission.

Related API method: Remove Signatory

Example

Admin creates domian that contains can_remove_signatory permission and Alice account in that domain. Admin adds an extra key to Alice account. Alice can remove one of the keys.

.. literalinclude:: ../../../example/python/permissions/can_remove_signatory.py
    :language: python
    :linenos:
    :lines: 10-36
can_set_my_quorum

Hint

This is a grantable permission.

Permission that allows a specified account to set quorum for the another specified account.

Account should have greater or equal amount of keys than quorum.

Related API method: Set Account Quorum

Example

Admin creates domain that contains can_grant_can_set_my_quorum and can_add_signatory permissions and create two accounts for Alice and Bob in that domain. Alice grants to Bob can_set_my_qourum permission and adds an extra key to account. Bob can set quorum for Alice.

.. literalinclude:: ../../../example/python/permissions/can_set_my_quorum.py
    :language: python
    :linenos:
    :lines: 10-50
can_set_quorum

Allows setting quorum.

At least the same number (or more) of public keys should be already linked to an account.

Related API method: Set Account Quorum

Example

Admin creates domain that contains only can_set_quorum permission and creates Alice account in that domain. Admin adds an extra key for Alice account. Alice can set quorum equals two.

.. literalinclude:: ../../../example/python/permissions/can_set_quorum.py
    :language: python
    :linenos:
    :lines: 10-36

Query-related permissions

Account

can_get_all_acc_detail

Allows getting all the details set to any account within the system.

Related API method: Get Account Detail

Example

Admin creates Alice account in a diffrerent domain that has only can_get_all_acc_detail permission. Alice can access details set to Admin account.

.. literalinclude:: ../../../example/python/permissions/can_get_all_acc_detail.py
    :language: python
    :linenos:
    :lines: 10-28
can_get_all_accounts

Allows getting account information: quorum and all the details related to the account.

With this permission, query creator can get information about any account within a system.

All the details (set by the account owner or owners of other accounts) will be returned.

Related API method: Get Account

Example

Admin creates Alice account in a different domain that has only can_get_all_accounts permission. Alice can access account information of Admin.

.. literalinclude:: ../../../example/python/permissions/can_get_all_accounts.py
    :language: python
    :linenos:
    :lines: 10-28
can_get_domain_acc_detail

Allows getting all the details set to any account within the same domain as a domain of query creator account.

Related API method: Get Account Detail

Example

Admin creates Alice account in the same domain that has only can_get_domain_acc_detail permission. Alice can get details set to Admin account.

.. literalinclude:: ../../../example/python/permissions/can_get_domain_acc_detail.py
    :language: python
    :linenos:
    :lines: 10-28
can_get_domain_accounts

Allows getting account information: quorum and all the details related to the account.

With this permission, query creator can get information only about accounts from the same domain.

All the details (set by the account owner or owners of other accounts) will be returned.

Related API method: Get Account

Example

Admin creates Alice account in the same domain that has only can_get_domain_accounts. Alice can access account information of Admin.

.. literalinclude:: ../../../example/python/permissions/can_get_domain_accounts.py
    :language: python
    :linenos:
    :lines: 10-28
can_get_my_acc_detail

Allows getting all the details set to the account of query creator.

Related API method: Get Account Detail

Example

Admin creates Alice account in the domain that has only can_get_my_acc_detail permission. Alice can get details set to own account.

.. literalinclude:: ../../../example/python/permissions/can_get_my_acc_detail.py
    :language: python
    :linenos:
    :lines: 10-28
can_get_my_account

Allows getting account information: quorum and all the details related to the account.

With this permission, query creator can get information only about own account.

All the details (set by the account owner or owners of other accounts) will be returned.

Related API method: Get Account

Example

Admin creates Alice account in the domain that has only can_get_my_account permission. Alice can access own account information.

.. literalinclude:: ../../../example/python/permissions/can_get_my_account.py
    :language: python
    :linenos:
    :lines: 10-28

Account Asset

can_get_all_acc_ast

Allows getting a balance of assets on any account within the system.

Query response will contain information about all the assets that ever been assigned to an account.

Related API method: Get Account Assets

Example

Admin creates Alice account in a different domain that has only can_get_all_acc_ast permission. Alice can access assets balance on Admin account.

.. literalinclude:: ../../../example/python/permissions/can_get_all_acc_ast.py
    :language: python
    :linenos:
    :lines: 10-28
can_get_domain_acc_ast

Allows getting a balance of specified asset on any account within the same domain as a domain of query creator account.

Query response will contain information about all the assets that ever been assigned to an account.

Related API method: Get Account Assets

Example

Admin creates Alice account in the same domain that has only can_get_domain_acc_ast permission. Alice can access assets balance on Admin account.

.. literalinclude:: ../../../example/python/permissions/can_get_domain_acc_ast.py
    :language: python
    :linenos:
    :lines: 10-28
can_get_my_acc_ast

Allows getting a balance of specified asset on account of query creator.

Query response will contain information about all the assets that ever been assigned to an account.

Related API method: Get Account Assets

Example

Admin creates Alice account in a domain that has only can_get_my_acc_ast permission. Alice can access assets balance on own account.

.. literalinclude:: ../../../example/python/permissions/can_get_my_acc_ast.py
    :language: python
    :linenos:
    :lines: 10-28

Account Asset Transaction

can_get_all_acc_ast_txs

Allows getting transactions associated with a specified asset and any account within the system.

Note

Incoming asset transfers will also appear in the query response.

Related API method: Get Account Asset Transactions

Example

Admin creates Alice account in a different domain that has can_get_all_acc_ast_txs, can_receive and can_transfer permissions. Admin issues some amount of coins and transfers them to Alice. Alice can query all transactions related to coins and Admin account.

.. literalinclude:: ../../../example/python/permissions/can_get_all_acc_ast_txs.py
    :language: python
    :linenos:
    :lines: 10-43
can_get_domain_acc_ast_txs

Allows getting transactions associated with a specified asset and an account from the same domain as query creator.

Note

Incoming asset transfers will also appear in the query response.

Related API method: Get Account Asset Transactions

Example

Admin creates Alice in the same domain that has only can_get_domain_acc_ast_txs permission. Admin issues some amount of coins and transfers them to Alice. Alice can query all transactions related to coins and Admin account.

.. literalinclude:: ../../../example/python/permissions/can_get_domain_acc_ast_txs.py
    :language: python
    :linenos:
    :lines: 10-39
can_get_my_acc_ast_txs

Allows getting transactions associated with the account of query creator and specified asset.

Note

Incoming asset transfers will also appear in the query response.

Related API method: Get Account Asset Transactions

Example

Admin creates Alice account in a domain that has only can_get_my_acc_ast_txs permission. Admin issues some amount of coins and transfers them to Alice. Alice can query all transactions related to coins and own account.

.. literalinclude:: ../../../example/python/permissions/can_get_my_acc_ast_txs.py
    :language: python
    :linenos:
    :lines: 10-39

Account Transaction

can_get_all_acc_txs

Allows getting all transactions issued by any account within the system.

Note

Incoming asset transfer inside a transaction would NOT lead to an appearance of the transaction in the command output.

Related API method: Get Account Transactions

Example

Admin creates Alice account in a different domain that has only can_get_all_acc_txs permiison. Alice can request all the transactions issues by Admin.

.. literalinclude:: ../../../example/python/permissions/can_get_all_acc_txs.py
    :language: python
    :linenos:
    :lines: 10-28
can_get_domain_acc_txs

Allows getting all transactions issued by any account from the same domain as query creator.

Note

Incoming asset transfer inside a transaction would NOT lead to an appearance of the transaction in the command output.

Related API method: Get Account Transactions

Example

Admin creates Alice account in the same domain that has only can_get_domain_acc_txs permission. Alice can request all the transactions issued by Admin.

.. literalinclude:: ../../../example/python/permissions/can_get_domain_acc_txs.py
    :language: python
    :linenos:
    :lines: 10-28
can_get_my_acc_txs

Allows getting all transactions issued by an account of query creator.

Note

Incoming asset transfer inside a transaction would NOT lead to an appearance of the transaction in the command output.

Related API method: Get Account Transactions

Example

Admin creates Alice account in a domain that has only can_get_my_acc_txs permission. Alice can get all transactions issued by own account.

.. literalinclude:: ../../../example/python/permissions/can_get_my_acc_txs.py
    :language: python
    :linenos:
    :lines: 10-28

Asset

can_read_assets

Allows getting information about asset precision.

Related API method: Get Asset Info

Example

Admin creates Alice account in a domain that has can_read_assets permissions. Alice can query information about any asset.

.. literalinclude:: ../../../example/python/permissions/can_read_assets.py
    :language: python
    :linenos:
    :lines: 10-31

Block Stream

can_get_blocks

Allows subscription to the stream of accepted blocks.

Role

can_get_roles

Allows getting a list of roles within the system. Allows getting a list of permissions associated with a role.

Related API methods: Get Roles, Get Role Permissions

Example

Admin creates Alice account in a domain that has can_get_roles permission. Alice can query list of all existing roles. Alice can query list of permissions contained in any role.

.. literalinclude:: ../../../example/python/permissions/can_get_roles.py
    :language: python
    :linenos:
    :lines: 10-35

Signatory

can_get_all_signatories

Allows getting a list of public keys linked to an account within the system.

Related API method: Get Signatories

Example

Admin creates Alice account in a different domain that has only can_get_all_signatories permission. Alice can query a list of public keys related to Admin account.

.. literalinclude:: ../../../example/python/permissions/can_get_all_signatories.py
    :language: python
    :linenos:
    :lines: 10-28
can_get_domain_signatories

Allows getting a list of public keys of any account within the same domain as the domain of query creator account.

Related API method: Get Signatories

Example

Admin creates Alice account in the same domain that has only can_get_domain_signatories permission. Alice can query a list of public keys related to Admin account.

.. literalinclude:: ../../../example/python/permissions/can_get_domain_signatories.py
    :language: python
    :linenos:
    :lines: 10-28
can_get_my_signatories

Allows getting a list of public keys of query creator account.

Related API method: Get Signatories

Example

Admin creates Alice account in a domain that has only can_get_my_signatories permission. Alice can query a list of public keys related to own account.

.. literalinclude:: ../../../example/python/permissions/can_get_my_signatories.py
    :language: python
    :linenos:
    :lines: 10-28

Transaction

can_get_all_txs

Allows getting any transaction by hash.

Related API method: Get Transactions

Example

Admin issues several transactions and creates Alice account in a different domain that has only can_get_all_txs permission. Alice (knowing transactions hashes) can query transactions issued by Admin Account.

.. literalinclude:: ../../../example/python/permissions/can_get_all_txs.py
    :language: python
    :linenos:
    :lines: 11-58
can_get_my_txs

Allows getting transaction (that was issued by query creator) by hash.

Related API method: Get Transactions

Example

Admin creates Alice account in a different domain. Alice (knowing transactions hashes) issues several transactions. Alice can query own transactions.

.. literalinclude:: ../../../example/python/permissions/can_get_my_txs.py
    :language: python
    :linenos:
    :lines: 11-62

Peer

can_get_peers

Allows to request the list of peers in the Iroha network.

Related API method: Get Peers

Example

Admin creates Alice account in any domain that has can_get_peers. Alice can now request the list of peers in the system.

.. literalinclude:: ../../../example/python/permissions/can_get_peers.py
    :language: python
    :linenos:
    :lines: 10-28

Supplementary Sources

.. literalinclude:: ../../../example/python/permissions/commons.py
    :language: python
    :linenos:
    :caption: commons.py