[Xu Xiaodi] In-depth understanding of EOS account permission mapping

What exactly is a “smart contract”?

There are many “actions” and “Active” in this article. Actions are actions that are acceptable to an EOS account, that is, what others can do to you. Active is one of the permissions of EOS accounts. It is recommended to read the previous article: Understand these two basic concepts before EOS goes live.

In EOS, both human users and smart contracts are essentially an Account. In other words, a human account is also a smart contract that can declare what others can do to it (such as Posting in a social contract), which EOS officially calls “actions”. For example, an account can declare an Action called “SayHi”, and other accounts can perform the “SayHi” Action using the Active privilege (see the previous article). The account can also declare how to respond to an Action, such as sending gold back after someone says hi to it. So the definition of a “smart contract” in EOS is: the actions that the account declares, and the scripts (programs) that respond to those actions. Any smart contract is made up of these two elements.

This architecture naturally raises a problem: For complex smart contract accounts, some actions have relatively simple functions, such as a query, with low security and high convenience requirements. Some actions are very sensitive, such as cash withdrawal, convenience requirements are not high, security should be very high. It is obviously unreasonable for a user account to execute all smart contract actions with its own Active privileges. In order to solve this problem, EOS adopted three steps: 1. (user) account user-defined hierarchical permissions. 2. (Smart contract) Account Action rating. 3. Mapping user rights to smart contract Actions. Again, just for the sake of presentation, accounts are classified as “users” and “smart contracts”, but there is no difference between the two in EOS. Users themselves are smart contracts, and smart contracts are “users” of other smart contracts.

(User) User defines hierarchical rights for an account

In EOS, accounts have two default permissions: Owner and Active. Owner is the highest right, and Active is the right to operate smart contracts mentioned earlier. All permissions are managed based on weights and thresholds. On this basis, EOS added custom permissions for classification and grouping, as shown in the figure below.

The direction of the arrow is “parent” or higher. As can be seen from the figure, the Owner right is the highest right of an account and can execute the Active right. Active You can perform the Family and Lawyer rights. Family permission You can execute the Friends permission. Conversely, low-level permissions are no substitute for performing higher-level permissions. Different levels of permissions with a “/” or “. “space, such as in the figure Friends permissions can be expressed as” @ User. Active. Family. Friends “.

(Smart contract) Account Action rating

Similar to the privilege hierarchy, actions can be hierarchical and grouped, as shown in the figure below (Message is Action).

The smart Contract account, called “Exchange.Contract”, first defines a Withdraw Action and then a set of actions called the “Trade group”, which contains three actions: Buy, Sell, Cancel. Action also follows “backward compatibility”, meaning that if a user account has a mapping for the “Trade group”, it can execute all actions for the “Trade group”. Different levels of the Action with a “/” or “. “space, such as in the figure Buy Action can be expressed as” @ Exchange. The Contract/Trade/Buy “.

Mapping between permissions and Actions

As a final step, we will connect the previous two steps to determine which permissions can execute which actions, as shown in the bottom left of the figure below.

First look at mapping 1. We map all actions of @exchange. Contract to Family privileges. This means that all actions of the @exchange. Contract Contract can be executed using @user’s Family privilege (or higher). Map 2 maps @exchange. Contract Withdraw Action to Lawyer privilege. Lawyer privilege can execute Withdraw Action. Other actions cannot be executed. 3 indicates that there is no special mapping for the Trade group, but since all actions in the @exchange. Contract are mapped to the Family privilege, they can be executed directly with the Family privilege or with more advanced Active or even Owner privileges.

If @ User accounts to perform @ Exchange Contract/Trade/Buy this Action, system will check whether defines @ @ User account Exchange. The Contract/Trade/Buy mapping, Contract/Trade (@exchange. Contract); Contract (@exchange. Contract); If the Family is insufficient, @user. Active is checked, and then @user.owner is checked.

If no matching mapping is found, the system checks whether the @user. Active permission is met. If not, the system checks @user. Owner.

mo4tech.com (Moment For Technology) is a global community with thousands techies from across the global hang out!Passionate technologists, be it gadget freaks, tech enthusiasts, coders, technopreneurs, or CIOs, you would find them all here.

[Xu Xiaodi] In-depth understanding of EOS account permission mapping

(User) User defines hierarchical rights for an account

(Smart contract) Account Action rating

Mapping between permissions and Actions

Related articles and videos recommended

[Xu Xiaodi] In-depth understanding of EOS account permission mapping

(User) User defines hierarchical rights for an account

(Smart contract) Account Action rating

Mapping between permissions and Actions

Related articles and videos recommended

Related Posts

👍 free and easy to use chart bed, you, chart shell!

Go a library of Gojsonq every day

5 ways to Filter and exclude Fastjson fields (including examples)