CipherLabs
/
besu
mirror of https://github.com/hyperledger/besu
2
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
An enterprise-grade Java-based, Apache 2.0 licensed Ethereum client https://wiki.hyperledger.org/display/besu
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
1439 Commits
44 Branches
214 Tags
204 MiB
Tag: Branch: Tree: 51c6736320
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '51c6736320'
${ noResults }
besu/docs/Permissions/Onchain-Permissioning/Onchain-Permissioning.md

56 lines
2.6 KiB
Raw Normal View History Unescape

[PAN-2881] [PAN-2885] Updated onchain permissioning to include accounts and dapp (#1652) Signed-off-by: Adrian Sutton <adrian.sutton@consensys.net>
5 years ago
description: Onchain Permissioning
<!--- END of page meta data -->
# Onchain Permissioning
Onchain permissioning uses smart contracts to store and maintain the node, account, and admin whitelists.
Using onchain permissioning enables all nodes to read the whitelists from a single source, the blockchain.
!!! important
The dependency chain for our implementation of onchain permissioning includes [web3j](https://github.com/web3j/web3j) which is
LGPL licensed.
## Permissioning Contracts
The permissioning smart contracts are provided in the [PegaSysEng/permissioning-smart-contracts](https://github.com/PegaSysEng/permissioning-smart-contracts) repository:
* Ingress contracts for nodes and accounts - proxy contracts defined in the genesis file that defer the permissioning logic to the
Node Rules and Account Rules contracts. The Ingress contracts are deployed to static addresses.
* Node Rules - stores the node whitelist and node whitelist operations (for example, add and remove).
* Account Rules - stores the accounts whitelist and account whitelist operations (for example, add and remove).
* Admin - stores the list of admin accounts and admin list operations (for example, add and remove). There is
one list of admin accounts for node and accounts.
## Permissioning Management Dapp
The [Permissioning Management Dapp](Getting-Started-Onchain-Permissioning.md) is provided to view
and maintain the whitelists.
!!! tip
Before v1.2, we provided a [management interface using Truffle](https://docs.pantheon.pegasys.tech/en/1.1.4/Permissions/Onchain-Permissioning/).
The management interface using Truffle is deprecated and we recommend using the Dapp for an improved user experience.
### Whitelists
Permissioning implements three whitelists:
* [Accounts](Getting-Started-Onchain-Permissioning.md#update-accounts-or-admin-accounts-whitelists) can submit
transactions to the network
* [Nodes](Getting-Started-Onchain-Permissioning.md#update-nodes-whitelist) can participate in the network
* [Admins](Getting-Started-Onchain-Permissioning.md#update-accounts-or-admin-accounts-whitelists) are accounts that
can update the accounts and nodes whitelists
## Bootnodes
When a node is added to the network, it connects to the bootnodes until it synchronizes to the chain head regardless of
node permissions. Once in sync, the permissioning rules in the Account Rules and Node Rules smart contracts are applied.
If a sychronized node loses all peer connections (that is, it has 0 peers), it reconnects to the bootnodes to
rediscover peers.