Almonte at 17:14, 15 April 2021

2021-04-15T17:14:52Z

New page

<languages />
<translate>
{{#seo:
|title=Child chain control
|titlemode=replace
|keywords=ardor learning hub, ardor documentation, blockchain, proof of stake, ardor, ignis, jelurida, development, ardor wiki, wiki, permissioned blockchain, child chain control
|description=Description of the child chain control, permissioned layer of the Ardor blockchain
}}
__TOC__
[[Category:Features]]
==Description== 
Child Chain Control is a feature that introduces permissioning to the Ardor multichain platform. It manages the authorization levels of users on child chains. When operating on a chain that has permissioning policy enabled users can be restricted from performing chain transactions.

==Permission Types== 
To use child chain control features, you need to have the proper setup of the child chain. Namely, its ''permissionPolicy'' property should be set to ''CHILD_CHAIN'' only then you will be able to control permissioning. To check if it is enabled for a given chain open Account Details dialog. At the bottom of the dialog, you should see the value of the ''Account Permissions'' property for the current chain. If you don't see ''Account Permissions'' property it means you are operating on a chain that doesn't support permissioning, ask chain developers to enable it.
[[File:Account Details.png|thumb|border|none|Account Details modal on a chain that has permission policy. ]]


Without ''Chain User'' permission account will not be able to perform chain operations such as sending tokens and the user will be presented with a warning.
[[File:No chain user permission.png|thumb|border|none|Account without Chain User permission]]


Ardor child chains support the following permissions:
{| class="wikitable"
|-
! Permission Name !! Assigned by !! Features
|-
| Master Admin || developers|| Can only designate/block admins. Cannot perform operations on the chain.
|-
| Chain Admin|| Master Admin|| Can only designate/block users. Cannot perform operations on the chain.
|-
| Blocked Chain Admin|| Master Admin|| Chain admin rights blocked.
|-
| Chain User|| Chain Admin|| Can perform operations on the chain.
|-
| Blocked Chain User|| Chain Admin|| Cannot perform operations on the chain.
|}
A single account can have multiple permissions per chain:
[[File:Account Details with permissions.png|thumb|border|none|Account Details modal on the chain that has permission policy and has permissions specified]]

==How to assign account permissions== 
For Ardor accounts to be able to use child chains you need to explicitly grant them ''Chain User'' permission. But first, you need to designate a few accounts as admins by giving them ''Chain Admin'' permission. You need to have at least one ''Master Admin'' account (ask developers to configure one or a few accounts with ''Master Admin'' permission) for that. ''Master Admin'' and ''Chain Admin'' accounts will have an extra link in the sidebar leading to Permissions Control page:
[[File:Sidebar permissions control.png|thumb|none|Sidebar with Permissions Control link]]
Permissions Control page has two buttons on top that open a modal dialog through which you can grant or remove permissions for a specific account. It also lists all the recent permissioning operations on this chain.
[[File:Permissions Control page.png|thumb|none|Permissions Control page]]
To grant ''Chain Admin'' permission click on ''Grant Permission'' button and fill in fields in the modal dialog.
[[File:Grant permission modal.png|thumb|none|Granting permission to account]]
You can filter out operations performed by you using toggle control next to ''Granted by'' column title. The last column has action buttons that simplify granting or removing permissions by prepopulating account and permission fields in the modal dialog. Once the account gets ''Chain Admin'' permission it can start granting ''Chain User'' permission to other accounts. ''Chain User'' permission is essential as it gives account access to chain features.
[[File:Grant chain user permission modal.png|thumb|none]]

==How to see which permissions account has== 
Even if you don't have ''Chain Admin'' or ''Master Admin'' rights you can still see who granted you permissions from the ''Account Permissions'' tab in the ''User Info'' modal. It also shows who granted you permissions and when it happened.
[[File:User info account permissions.png|thumb|none|Granting permission to account]]

==How to remove previously granted permission== 
If permission was granted to a wrong account or an account no longer needs it you can remove permission (you must yourself have sufficient permissions to do that, check the table above). Click the ''Remove Permission'' button on the ''Permissions Control'' page and complete the modal dialog. Hint: you can find all the permissions granted by you by clicking the toggle button next to ''Granted by'' column title. If you click ''Remove Permission'' button from the table - it will prepopulate the modal dialog account and permission fields.
[[File:Remove permission modal.png|thumb|none|Removing permission]]

==How to block permissions== 
If you want to block users or admin simply grant them with ''Blocked Chain User'' or ''Blocked Chain Admin'' permissions. Blocked accounts will not be able to exercise their permissions until someone removes ''Blocked Chain User'' or ''Blocked Chain Admin'' permissions. Blocked accounts will see who blocked them.

</translate>

Child Chain Control - Revision history

Almonte at 17:14, 15 April 2021