Skip to main content

PeaqRbac

The RBAC pallet, within the peaq network, operates as a decentralized system for access control. This enables users to create roles and permissions, and accordingly, grant or withdraw access to resources based on the defined roles and permissions.

Objects

The RBAC pallet has the following objects:

  • roleId: The unique ID of the role that will be used as part of the key in storage.
  • name: Name of the role for easy identification.
  • groupId: The unique ID of the group.
  • permissionId: The unique ID of the permission.
  • userId: The unique ID of the user.
  • owner: The account ID of the creator of the entity. This is added to curb an instant where the same entity ID is used by different accounts.

Add and Update functions

  • addRole(roleId: EntityId, name: Vec<u8>): Creates a new role on RoleStore storage.

  • updateRole(roleId: EntityId, name: Vec<u8>): Updates an existing role on RoleStore storage. Only the name field is being updated.

  • addGroup(groupId: EntityId, name: Vec<u8>): Creates a new group on GroupStore storage.

  • updateGroup(groupId: EntityId, name: Vec<u8>): Updates an existing group on GroupStore storage. Only the name field is updated.

  • addPermission(permissionId: EntityId, name: Vec<u8>): Creates a new permission entity on PermissionStore storage.

  • UpdatePermission(permissionId: EntityId, name: Vec<u8>): Updates an existing permission entity on PermissionStore storage. Only the name field is updated.

  • assignPermissionToRole(permissionId: EntityId, roleId: EntityId): Creates a new relationship between permission and role entity on Permission2RoleStore storage.

  • unassignPermissionToRole(permissionId: EntityId, roleId: EntityId): Disable an existing relationship between permission and role entity on Permission2RoleStore storage.

  • assignRoleToGroup(roleId: EntityId, groupId: EntityId): Creates a new relationship between role and group entities on Role2GroupStore storage.

  • unassignRoleToGroup(roleId: EntityId, groupId: EntityId): Disables an existing relationship between role and group entities on Role2GroupStore storage.

  • assignRoleToUser(roleId: EntityId, userId: EntityId): Creates a new relationship between role and user entities on Role2UserStore storage.

  • unassignRoleToUser(roleId: EntityId, userId: EntityId): Disable an existing relationship between role and user entities on Role2UserStore storage.

  • assignUserToGroup(userId: EntityId, groupId: EntityId): Creates a new relationship between user and group entities on UserToGroupStore storage. The userId and the tag are used as the key while the value is the vector of User2Group.

  • unassignUserToGroup(userId: EntityId, groupId: EntityId): Disable an existing relationship between user and group entities on UserToGroupStore storage. The userId and the tag are used as the key while the value is the vector of User2Group.

Disable functions

  • disableGroup(groupId: EntityId): Disable a group and all its relationships.

  • disableRole(roleId: EntityId): Disable a role and all its relationships.

  • disablePermission(permissionId: EntityId): Disable a permission and all its relationships.

Fetch functions

  • fetchGroup(owner: AccountId, groupId: EntityId): Fetches a single group.

  • fetchGroupPermissions(owner: AccountId, groupId: EntityId): Fetches all permissions of a group.

  • fetchGroupRoles(owner: AccountId, groupId: EntityId): Fetches all roles of a group.

  • fetchGroups(owner: AccountId): Fetches all groups.

  • fetchPermission(owner: AccountId, permissionId: EntityId): Fetches a single permission using its ID.

  • fetchPermissions(owner: AccountId): Fetches all permissions.

  • fetchRole(owner: AccountId, roleId: EntityId): Fetches a single role using its ID.

  • fetchRolePermissions(owner: AccountId, roleId: EntityId): Fetches all permissions of a role.

  • fetchRoles(owner: AccountId): Fetches all roles.

  • fetchUserGroups(owner: AccountId, userId: EntityId): Fetches all groups of a user.

  • fetchUserPermissions(owner: AccountId, userId: EntityId): Fetches all permissions of a user.

  • fetchUserRoles(owner: AccountId, userId: EntityId): Fetches all roles of a user.