github.com/hyperion-hyn/go-ethereum@v2.4.0+incompatible/docs/Permissioning/Permissioning apis.md (about) 1 # Permission APIs 2 ## APIs 3 ### `quorumPermission_orgList` 4 Returns the list of all organizations with the status of each organization in the network 5 #### Parameters 6 None 7 #### Returns 8 * `fullOrgId`: complete org id including the all parent org ids separated by ".". 9 * `level`: level of the org in org hierarchy 10 * `orgId`: organization identifier 11 * `parentOrgId`: immediate parent org id 12 * `status`: org status. [refer](#organization-status-types) for complete list of statuses 13 * `subOrgList`: list of sub orgs linked to the org 14 * `ultimateParent`: Master org under which the org falls 15 #### Examples 16 ```jshelllanguage tab="JSON RPC" 17 // Request 18 curl -X POST http://127.0.0.1:22000 --data '{"jsonrpc":"2.0","method":"quorumPermission_orgList","id":10}' --header "Content-Type: application/json" 19 20 // Response 21 { 22 fullOrgId: "INITORG", 23 level: 1, 24 orgId: "INITORG", 25 parentOrgId: "", 26 status: 2, 27 subOrgList: null, 28 ultimateParent: "INITORG" 29 } 30 ``` 31 32 ```javascript tab="geth console" 33 > quorumPermission.orgList 34 [{ 35 fullOrgId: "INITORG", 36 level: 1, 37 orgId: "INITORG", 38 parentOrgId: "", 39 status: 2, 40 subOrgList: null, 41 ultimateParent: "INITORG" 42 }] 43 ``` 44 ### `quorumPermission_acctList` 45 Returns the list of accounts permissioned in the network 46 47 #### Parameters 48 None 49 50 #### Returns 51 * `acctId`: account id 52 * `isOrgAdmin`: indicates if the account is admin account for the organization 53 * `orgId`: org identifier 54 * `roleId`: role assigned to the account 55 * `status`: account status. [refer](#account-status-types) for the complete list of account status. 56 57 #### Examples 58 59 ```jshelllanguage tab="JSON RPC" 60 // Request 61 curl -X POST http://127.0.0.1:22000 --data '{"jsonrpc":"2.0","method":"quorumPermission_acctList","id":10}' --header "Content-Type: application/json" 62 63 // Response 64 { 65 acctId: "0xed9d02e382b34818e88b88a309c7fe71e65f419d", 66 isOrgAdmin: true, 67 orgId: "INITORG", 68 roleId: "NWADMIN", 69 status: 2 70 }, { 71 acctId: "0xca843569e3427144cead5e4d5999a3d0ccf92b8e", 72 isOrgAdmin: true, 73 orgId: "INITORG", 74 roleId: "NWADMIN", 75 status: 2 76 } 77 ``` 78 79 ```javascript tab="geth console" 80 > quorumPermission.acctList 81 [{ 82 acctId: "0xed9d02e382b34818e88b88a309c7fe71e65f419d", 83 isOrgAdmin: true, 84 orgId: "INITORG", 85 roleId: "NWADMIN", 86 status: 2 87 }, { 88 acctId: "0xca843569e3427144cead5e4d5999a3d0ccf92b8e", 89 isOrgAdmin: true, 90 orgId: "INITORG", 91 roleId: "NWADMIN", 92 status: 2 93 }] 94 ``` 95 ### `quorumPermission_nodeList` 96 Returms the list of nodes part of the network 97 #### Parameters 98 None 99 #### Returns 100 * `orgId`: org id to which the node belongs 101 * `status`: status of the node. [refer](#node-status-types) for the complete list of node statuses 102 * `url`: complete enode id 103 #### Examples 104 105 ```jshelllanguage tab="JSON RPC" 106 // Request 107 curl -X POST http://127.0.0.1:22000 --data '{"jsonrpc":"2.0","method":"quorumPermission_nodeList","id":10}' --header "Content-Type: application/json" 108 109 // Response 110 { 111 orgId: "INITORG", 112 status: 2, 113 url: "enode://72c0572f7a2492cffb5efc3463ef350c68a0446402a123dacec9db5c378789205b525b3f5f623f7548379ab0e5957110bffcf43a6115e450890f97a9f65a681a@127.0.0.1:21000?discport=0" 114 }, { 115 orgId: "INITORG", 116 status: 2, 117 url: "enode://7a1e3b5c6ad614086a4e5fb55b6fe0a7cf7a7ac92ac3a60e6033de29df14148e7a6a7b4461eb70639df9aa379bd77487937bea0a8da862142b12d326c7285742@127.0.0.1:21001?discport=0" 118 }, { 119 orgId: "INITORG", 120 status: 2, 121 url: "enode://5085e86db5324ca4a55aeccfbb35befb412def36e6bc74f166102796ac3c8af3cc83a5dec9c32e6fd6d359b779dba9a911da8f3e722cb11eb4e10694c59fd4a1@127.0.0.1:21002?discport=0" 122 }, { 123 orgId: "INITORG", 124 status: 2, 125 url: "enode://28a4afcf56ee5e435c65b9581fc36896cc684695fa1db83c9568de4353dc6664b5cab09694d9427e9cf26a5cd2ac2fb45a63b43bb24e46ee121f21beb3a7865e@127.0.0.1:21003?discport=0" 126 } 127 ``` 128 129 ```javascript tab="geth console" 130 > quorumPermission.nodeList 131 [{ 132 orgId: "INITORG", 133 status: 2, 134 url: "enode://72c0572f7a2492cffb5efc3463ef350c68a0446402a123dacec9db5c378789205b525b3f5f623f7548379ab0e5957110bffcf43a6115e450890f97a9f65a681a@127.0.0.1:21000?discport=0" 135 }, { 136 orgId: "INITORG", 137 status: 2, 138 url: "enode://7a1e3b5c6ad614086a4e5fb55b6fe0a7cf7a7ac92ac3a60e6033de29df14148e7a6a7b4461eb70639df9aa379bd77487937bea0a8da862142b12d326c7285742@127.0.0.1:21001?discport=0" 139 }, { 140 orgId: "INITORG", 141 status: 2, 142 url: "enode://5085e86db5324ca4a55aeccfbb35befb412def36e6bc74f166102796ac3c8af3cc83a5dec9c32e6fd6d359b779dba9a911da8f3e722cb11eb4e10694c59fd4a1@127.0.0.1:21002?discport=0" 143 }, { 144 orgId: "INITORG", 145 status: 2, 146 url: "enode://28a4afcf56ee5e435c65b9581fc36896cc684695fa1db83c9568de4353dc6664b5cab09694d9427e9cf26a5cd2ac2fb45a63b43bb24e46ee121f21beb3a7865e@127.0.0.1:21003?discport=0" 147 }] 148 ``` 149 150 ### `quorumPermission_roleList` 151 Returns the list of roles in the network 152 #### Parameters 153 None 154 #### Returns 155 * `access`: account access. [refer](#account-access-types) for the complete list of different values of account access. 156 * `active`: indicates if the role is active or not 157 * `isAdmin`: indicates if the role is org admin role 158 * `isVoter`: indicates if the role is enabled for voting. Applicable only for network admin role 159 * `orgId`: org id to which the role is linked 160 * `roleId`: unique role id 161 #### Examples 162 163 ```jshelllanguage tab="JSON RPC" 164 // Request 165 curl -X POST http://127.0.0.1:22000 --data '{"jsonrpc":"2.0","method":"quorumPermission_roleList","id":10}' --header "Content-Type: application/json" 166 167 // Response 168 { 169 access: 3, 170 active: true, 171 isAdmin: true, 172 isVoter: true, 173 orgId: "INITORG", 174 roleId: "NWADMIN" 175 } 176 ``` 177 178 ```javascript tab="geth console" 179 > quorumPermission.roleList 180 [{ 181 access: 3, 182 active: true, 183 isAdmin: true, 184 isVoter: true, 185 orgId: "INITORG", 186 roleId: "NWADMIN" 187 }] 188 ``` 189 190 ### `quorumPermission_getOrgDetails` 191 This returns the list of accounts, nodes, roles, and sub organizations linked to an organization 192 #### Parameters 193 * org or sub org id 194 #### Returns 195 * `acctList` 196 * `nodeList` 197 * `roleList` 198 * `subOrgList`: array of sub orgs linked to the org 199 * Output: list of all accounts, nodes, roles, and sub orgs 200 #### Examples 201 202 ```jshelllanguage tab="JSON RPC" 203 // Request 204 curl -X POST http://127.0.0.1:22000 --data '{"jsonrpc":"2.0","method":"quorumPermission_getOrgDetails","params":["INITORG"],"id":10}' --header "Content-Type: application/json" 205 206 // Response 207 { 208 acctList: [{ 209 acctId: "0xed9d02e382b34818e88b88a309c7fe71e65f419d", 210 isOrgAdmin: true, 211 orgId: "INITORG", 212 roleId: "NWADMIN", 213 status: 2 214 }, { 215 acctId: "0xca843569e3427144cead5e4d5999a3d0ccf92b8e", 216 isOrgAdmin: true, 217 orgId: "INITORG", 218 roleId: "NWADMIN", 219 status: 2 220 }], 221 nodeList: [{ 222 orgId: "INITORG", 223 status: 2, 224 url: "enode://72c0572f7a2492cffb5efc3463ef350c68a0446402a123dacec9db5c378789205b525b3f5f623f7548379ab0e5957110bffcf43a6115e450890f97a9f65a681a@127.0.0.1:21000?discport=0" 225 }, { 226 orgId: "INITORG", 227 status: 2, 228 url: "enode://7a1e3b5c6ad614086a4e5fb55b6fe0a7cf7a7ac92ac3a60e6033de29df14148e7a6a7b4461eb70639df9aa379bd77487937bea0a8da862142b12d326c7285742@127.0.0.1:21001?discport=0" 229 }, { 230 orgId: "INITORG", 231 status: 2, 232 url: "enode://5085e86db5324ca4a55aeccfbb35befb412def36e6bc74f166102796ac3c8af3cc83a5dec9c32e6fd6d359b779dba9a911da8f3e722cb11eb4e10694c59fd4a1@127.0.0.1:21002?discport=0" 233 }, { 234 orgId: "INITORG", 235 status: 2, 236 url: "enode://28a4afcf56ee5e435c65b9581fc36896cc684695fa1db83c9568de4353dc6664b5cab09694d9427e9cf26a5cd2ac2fb45a63b43bb24e46ee121f21beb3a7865e@127.0.0.1:21003?discport=0" 237 }], 238 roleList: [{ 239 access: 3, 240 active: true, 241 isAdmin: true, 242 isVoter: true, 243 orgId: "INITORG", 244 roleId: "NWADMIN" 245 }], 246 subOrgList: null 247 } 248 ``` 249 250 ```javascript tab="geth console" 251 > quorumPermission_getOrgDetails("INITORG") 252 { 253 acctList: [{ 254 acctId: "0xed9d02e382b34818e88b88a309c7fe71e65f419d", 255 isOrgAdmin: true, 256 orgId: "INITORG", 257 roleId: "NWADMIN", 258 status: 2 259 }, { 260 acctId: "0xca843569e3427144cead5e4d5999a3d0ccf92b8e", 261 isOrgAdmin: true, 262 orgId: "INITORG", 263 roleId: "NWADMIN", 264 status: 2 265 }], 266 nodeList: [{ 267 orgId: "INITORG", 268 status: 2, 269 url: "enode://72c0572f7a2492cffb5efc3463ef350c68a0446402a123dacec9db5c378789205b525b3f5f623f7548379ab0e5957110bffcf43a6115e450890f97a9f65a681a@127.0.0.1:21000?discport=0" 270 }, { 271 orgId: "INITORG", 272 status: 2, 273 url: "enode://7a1e3b5c6ad614086a4e5fb55b6fe0a7cf7a7ac92ac3a60e6033de29df14148e7a6a7b4461eb70639df9aa379bd77487937bea0a8da862142b12d326c7285742@127.0.0.1:21001?discport=0" 274 }, { 275 orgId: "INITORG", 276 status: 2, 277 url: "enode://5085e86db5324ca4a55aeccfbb35befb412def36e6bc74f166102796ac3c8af3cc83a5dec9c32e6fd6d359b779dba9a911da8f3e722cb11eb4e10694c59fd4a1@127.0.0.1:21002?discport=0" 278 }, { 279 orgId: "INITORG", 280 status: 2, 281 url: "enode://28a4afcf56ee5e435c65b9581fc36896cc684695fa1db83c9568de4353dc6664b5cab09694d9427e9cf26a5cd2ac2fb45a63b43bb24e46ee121f21beb3a7865e@127.0.0.1:21003?discport=0" 282 }], 283 roleList: [{ 284 access: 3, 285 active: true, 286 isAdmin: true, 287 isVoter: true, 288 orgId: "INITORG", 289 roleId: "NWADMIN" 290 }], 291 subOrgList: null 292 } 293 ``` 294 ### `quorumPermission_addOrg` 295 This api can be executed by a network admin account (`from:` in transactions args) only for proposing a new organization into the network 296 #### Parameter 297 * `orgId`: unique org identfiier 298 * `enodeId`: complete enode id 299 * `accountId`: account which will be the org admin account 300 301 #### Returns 302 * `msg`: response message 303 * `status`: `bool` indicating if the operation was success or failure 304 #### Examples 305 306 ```jshelllanguage tab="JSON RPC" 307 // Request 308 curl -X POST http://127.0.0.1:22000 --data '{"jsonrpc":"2.0","method":"quorumPermission_addOrg","params":["ABC", "enode://3d9ca5956b38557aba991e31cf510d4df641dce9cc26bfeb7de082f0c07abb6ede3a58410c8f249dabeecee4ad3979929ac4c7c496ad20b8cfdd061b7401b4f5@127.0.0.1:21003?discport=0&raftport=50404", "0x0638e1574728b6d862dd5d3a3e0942c3be47d996", {"from":"0xed9d02e382b34818e88b88a309c7fe71e65f419d"}],"id":10}' --header "Content-Type: application/json" 309 310 // Response 311 {"jsonrpc":"2.0","id":10,"result":"Action completed successfully"} 312 ``` 313 314 ```javascript tab="geth console" 315 > quorumPermission.addOrg("ABC", "enode://3d9ca5956b38557aba991e31cf510d4df641dce9cc26bfeb7de082f0c07abb6ede3a58410c8f249dabeecee4ad3979929ac4c7c496ad20b8cfdd061b7401b4f5@127.0.0.1:21003?discport=0&raftport=50404", "0x0638e1574728b6d862dd5d3a3e0942c3be47d996", {from: eth.accounts[0]}) 316 "Action completed successfully" 317 ``` 318 If there are any pending items for approval, proposal of any new organization will fail. Also the enode id and accounts can be linked to one organization only. 319 ```javascript tab="geth console" 320 > quorumPermission.addOrg("ABC", "enode://3d9ca5956b38557aba991e31cf510d4df641dce9cc26bfeb7de082f0c07abb6ede3a58410c8f249dabeecee4ad3979929ac4c7c496ad20b8cfdd061b7401b4f5@127.0.0.1:21003?discport=0&raftport=50404", "0x0638e1574728b6d862dd5d3a3e0942c3be47d996", {from: eth.accounts[0]}) 321 Error: Pending approvals for the organization. Approve first 322 at web3.js:3143:20 323 at web3.js:6347:15 324 at web3.js:5081:36 325 at <anonymous>:1:1 326 327 > quorumPermission.addOrg("XYZ", "enode://3d9ca5956b38557aba991e31cf510d4df641dce9cc26bfeb7de082f0c07abb6ede3a58410c8f249dabeecee4ad3979929ac4c7c496ad20b8cfdd061b7401b4f5@127.0.0.1:21003?discport=0&raftport=50404", "0x0638e1574728b6d862dd5d3a3e0942c3be47d996", {from: eth.accounts[0]}) 328 Error: EnodeId already part of network. 329 at web3.js:3143:20 330 at web3.js:6347:15 331 at web3.js:5081:36 332 at <anonymous>:1:1 333 > quorumPermission.addOrg("XYZ", "enode://de9c2d5937e599930832cecc1df8cc90b50839bdf635c1a4e68e1dab2d001cd4a11c626e155078cc65958a72e2d72c1342a28909775edd99cc39470172cce0ac@127.0.0.1:21004?discport=0", "0x0638e1574728b6d862dd5d3a3e0942c3be47d996", {from: eth.accounts[0]}) 334 Error: Account already in use in another organization 335 at web3.js:3143:20 336 at web3.js:6347:15 337 at web3.js:5081:36 338 at <anonymous>:1:1 339 340 ``` 341 ### `quorumPermission_approveOrg` 342 This api can be executed by a network admin account (`from:` in transactions args) only for approving a proposed organization into the network. 343 #### Parameters 344 * `orgId`: unique org identfiier 345 * `enodeId`: complete enode id 346 * `accountId`: account which will be the org admin account 347 #### Returns 348 * `msg`: response message 349 * `status`: `bool` indicating if the operation was success or failure 350 #### Examples 351 352 ```jshelllanguage tab="JSON RPC" 353 // Request 354 curl -X POST http://127.0.0.1:22000 --data '{"jsonrpc":"2.0","method":"quorumPermission_approveOrg","params":["ABC", "enode://3d9ca5956b38557aba991e31cf510d4df641dce9cc26bfeb7de082f0c07abb6ede3a58410c8f249dabeecee4ad3979929ac4c7c496ad20b8cfdd061b7401b4f5@127.0.0.1:21003?discport=0&raftport=50404", "0x0638e1574728b6d862dd5d3a3e0942c3be47d996", {"from":"0xed9d02e382b34818e88b88a309c7fe71e65f419d"}],"id":10}' --header "Content-Type: application/json" 355 356 // Response 357 {"jsonrpc":"2.0","id":10,"result":"Action completed successfully"} 358 ``` 359 360 ```javascript tab="geth console" 361 quorumPermission.approveOrg("ABC", "enode://3d9ca5956b38557aba991e31cf510d4df641dce9cc26bfeb7de082f0c07abb6ede3a58410c8f249dabeecee4ad3979929ac4c7c496ad20b8cfdd061b7401b4f5@127.0.0.1:21003?discport=0&raftport=50404", "0x0638e1574728b6d862dd5d3a3e0942c3be47d996", {from: eth.accounts[0]}) 362 "Action completed successfully" 363 ``` 364 ### `quorumPermission_updateOrgStatus` 365 This api can only be executed by a network admin account and is used for temporarily suspending an organization or re-enabling a suspended organization. This activity can be performed for master organization only and requires majority approval from network admins. 366 #### Parameters 367 * `orgId`: org id 368 * `action`: 369 * 1 - for suspending a org 370 * 2 - for activating a suspended organization 371 #### Returns 372 * `msg`: response message 373 * `status`: `bool` indicating if the operation was success or failure 374 #### Examples 375 376 ```jshelllanguage tab="JSON RPC" 377 // Request 378 curl -X POST http://127.0.0.1:22000 --data '{"jsonrpc":"2.0","method":"quorumPermission_updateOrgStatus","params":["ABC", 1, {"from":"0xed9d02e382b34818e88b88a309c7fe71e65f419d"}],"id":10}' --header "Content-Type: application/json" 379 //Response 380 {"jsonrpc":"2.0","id":10,"result":"Action completed successfully"} 381 ``` 382 383 ```javascript tab="geth console" 384 > quorumPermission.updateOrgStatus("ABC", 1, {from:eth.accounts[0]}) 385 "Action completed successfully" 386 ``` 387 388 ### `quorumPermission_approveOrgStatus` 389 This api can only be executed by a network admin account and is used for approving the org status change proposal. Once majority approval is received from network admins, the org status is updated. 390 391 #### Parameters 392 * `orgId`: org id 393 * `action`: 394 * 1 - for approving org suspension 395 * 2 - for approving activation of suspended org 396 397 #### Returns 398 * `msg`: response message 399 * `status`: `bool` indicating if the operation was success or failure 400 401 #### Examples 402 403 ```jshelllanguage tab="JSON RPC" 404 // Request 405 curl -X POST http://127.0.0.1:22000 --data '{"jsonrpc":"2.0","method":"quorumPermission_approveOrgStatus","params":["ABC", 1, {"from":"0xed9d02e382b34818e88b88a309c7fe71e65f419d"}],"id":10}' --header "Content-Type: application/json" 406 407 //Response 408 {"jsonrpc":"2.0","id":10,"result":"Action completed successfully"} 409 ``` 410 411 ```javascript tab="geth console" 412 quorumPermission.approveOrgStatus("ABC", 1, {from: eth.accounts[0]}) 413 "Action completed successfully" 414 415 ``` 416 417 When an organization is in suspended status, no transactions or contract deploy activities are allowed from any nodes linked to the org and sub organizations under it. Similarly no transactions will be allowed from any accounts linked to the organization 418 419 ### `quorumPermission_addSubOrg` 420 This api can be executed by a organization admin account to create a sub organization under the master org. 421 #### Parameters 422 * `parentOrgId`: parent org id under which the sub org is being added. parent org id should contain the complete org hierarchy from master org id to the immediate parent. The org hierarchy is separated by `.`. For example, if master org `ABC` has a sub organization `SUB1`, then while creating the sub organization at `SUB1` level, the parent org should be given as `ABC.SUB1` 423 * `subOrgId`: sub org identifier 424 * `enodeId`: complete enode id of the node linked to the sub org id 425 #### Returns 426 * `msg`: response message 427 * `status`: `bool` indicating if the operation was success or failure 428 #### Examples 429 430 ```jshelllanguage tab="JSON RPC" 431 // Request 432 curl -X POST http://127.0.0.1:22000 --data '{"jsonrpc":"2.0","method":"quorumPermission_addSubOrg","params":["ABC", "SUB1","", {"from":"0xed9d02e382b34818e88b88a309c7fe71e65f419d"}],"id":10}' --header "Content-Type: application/json" 433 434 // Response 435 {"jsonrpc":"2.0","id":10,"result":"Action completed successfully"} 436 ``` 437 438 ```javascript tab="geth console" 439 > quorumPermission.addSubOrg("ABC", "SUB1", "", {from: eth.accounts[0]}) 440 "Action completed successfully" 441 ``` 442 443 Few examples of adding sub org in nested hierarchy: 444 ```javascript 445 > quorumPermission.addSubOrg("ABC.SUB1", "SUB2","", {from: eth.accounts[0]}) 446 "Action completed successfully" 447 448 > quorumPermission.addSubOrg("ABC.SUB1.SUB2", "SUB3","", {from: eth.accounts[0]}) 449 "Action completed successfully" 450 ``` 451 452 ### `quorumPermission_addNewRole` 453 This api can be executed by an organization admin account to create a new role for the organization. 454 455 #### Parameters 456 * `orgId`: org id for which the role is being created 457 * `roleId`: unique role identifier 458 * `accountAccess`: account level access. [Refer](#account-access-types) for complete list 459 * `isVoter`: `bool` indicates if its a voting role 460 * `isAdminRole`: `bool` indicates if its an admin role 461 462 #### Returns 463 * `msg`: response message 464 * `status`: `bool` indicating if the operation was success or failure 465 466 #### Examples 467 468 ```jshelllanguage tab="JSON RPC" 469 // Request 470 curl -X POST http://127.0.0.1:22000 --data '{"jsonrpc":"2.0","method":"quorumPermission_addNewRole","params":["ABC", "TRANSACT",1,false,false, {"from":"0xed9d02e382b34818e88b88a309c7fe71e65f419d"}],"id":10}' --header "Content-Type: application/json" 471 472 // Response 473 {"jsonrpc":"2.0","id":10,"result":"Action completed successfully"} 474 ``` 475 476 ```javascript tab="geth console" 477 > quorumPermission.addNewRole("ABC", "TRANSACT", 1, false, false,{from: eth.accounts[0]}) 478 "Action completed successfully" 479 > quorumPermission.addNewRole("ABC.SUB1.SUB2.SUB3", "TRANSACT", 1, false, false,{from: eth.accounts[0]}) 480 "Action completed successfully" 481 ``` 482 483 ### `quorumPermission_removeRole` 484 This api can be executed by an organization admin account to create a new role for the organization. 485 486 #### Parameters 487 * `orgId`: org or sub org id to which the role belongs 488 * `roleId`: role id 489 490 #### Returns 491 * `msg`: response message 492 * `status`: `bool` indicating if the operation was success or failure 493 494 #### Examples 495 496 ```jshelllanguage tab="JSON RPC" 497 // Request 498 curl -X POST http://127.0.0.1:22000 --data '{"jsonrpc":"2.0","method":"quorumPermission_removeRole","params":["ABC", "TRANSACT", {"from":"0xed9d02e382b34818e88b88a309c7fe71e65f419d"}],"id":10}' --header "Content-Type: application/json" 499 500 // Response 501 {"jsonrpc":"2.0","id":10,"result":"Action completed successfully"} 502 ``` 503 504 ```javascript tab="geth console" 505 > quorumPermission.removeRole("ABC.SUB1.SUB2.SUB3", "TRANSACT", {from: eth.accounts[1]}) 506 "Action completed successfully" 507 ``` 508 509 ### `quorumPermission_addAccountToOrg` 510 This api can be executed by an organization admin to add an account to an organization and assign a role to the account 511 512 #### Parameters 513 * `acctId`: org or sub org id to which the role belongs 514 * `orgId`: org id 515 * `roleId`: role id 516 517 #### Returns 518 * `msg`: response message 519 * `status`: `bool` indicating if the operation was success or failure 520 521 #### Examples 522 523 ```jshelllanguage tab="JSON RPC" 524 // Request 525 curl -X POST http://127.0.0.1:22000 --data '{"jsonrpc":"2.0","method":"quorumPermission_addAccountToOrg","params":["0xf017976fdf1521de2e108e63b423380307f501f8", "ABC", "TRANSACT", {"from":"0xed9d02e382b34818e88b88a309c7fe71e65f419d"}],"id":10}' --header "Content-Type: application/json" 526 527 // Response 528 {"jsonrpc":"2.0","id":10,"result":"Action completed successfully"} 529 ``` 530 531 ```javascript tab="geth console" 532 > quorumPermission.addAccountToOrg("0xf017976fdf1521de2e108e63b423380307f501f8", "ABC", "TRANSACT", {from: eth.accounts[1]}) 533 "Action completed successfully" 534 ``` 535 536 The account can at best be linked to a single organization or sub organization and cannot belong to multiple organizations or sub organizations 537 ```javascript 538 > quorumPermission.addAccountToOrg("0xf017976fdf1521de2e108e63b423380307f501f8", "ABC.SUB1", "TRANSACT", {from: eth.accounts[1]}) 539 Error: Account already in use in another organization 540 at web3.js:3143:20 541 at web3.js:6347:15 542 at web3.js:5081:36 543 at <anonymous>:1:1 544 ``` 545 ### `quorumPermission_changeAccountRole` 546 This api can be executed by an organization admin account to assign a role to an account. 547 #### Parameters 548 * `acctId`: account id 549 * `orgId`: org id 550 * `roleId`: new role id to be assigned to the account 551 #### Returns 552 * `msg`: response message 553 * `status`: `bool` indicating if the operation was success or failure 554 #### Examples 555 556 ```jshelllanguage tab="JSON RPC" 557 // Request 558 curl -X POST http://127.0.0.1:22000 --data '{"jsonrpc":"2.0","method":"quorumPermission_changeAccountRole","params":["0xf017976fdf1521de2e108e63b423380307f501f8", "ABC", "TRANSACT", {"from":"0xed9d02e382b34818e88b88a309c7fe71e65f419d"}],"id":10}' --header "Content-Type: application/json" 559 560 // Response 561 {"jsonrpc":"2.0","id":10,"result":"Action completed successfully"} 562 ``` 563 564 ```javascript tab="geth console" 565 > quorumPermission.changeAccountRole("0xf017976fdf1521de2e108e63b423380307f501f8", "ABC", "TRANSACT", {from: eth.accounts[1]}) 566 "Action completed successfully" 567 ``` 568 569 ### `quorumPermission_updateAccountStatus` 570 This api can be executed by an organization admin account to update the account status. 571 572 #### Parameters 573 * `orgId`: org id 574 * `acctId`: org or sub org id to which the role belongs 575 * `action`: 576 * 1 - for suspending the account 577 * 2 - for activating a suspended account 578 * 3 - for blacklisting an account 579 580 #### Returns 581 * `msg`: response message 582 * `status`: `bool` indicating if the operation was success or failure 583 584 #### Examples 585 586 ```jshelllanguage tab="JSON RPC" 587 // Request 588 curl -X POST http://127.0.0.1:22000 --data '{"jsonrpc":"2.0","method":"quorumPermission_updateAccountStatus","params":["ABC", "0xf017976fdf1521de2e108e63b423380307f501f8", 1, {"from":"0xed9d02e382b34818e88b88a309c7fe71e65f419d"}],"id":10}' --header "Content-Type: application/json" 589 590 // Response 591 {"jsonrpc":"2.0","id":10,"result":"Action completed successfully"} 592 ``` 593 594 ```javascript tab="geth console" 595 > quorumPermission.updateAccountStatus("ABC", "0xf017976fdf1521de2e108e63b423380307f501f8", 1, {from: eth.accounts[1]}) 596 "Action completed successfully" 597 ``` 598 599 Once a account is blacklisted it can only be recovered by network admins. Refer to [quorumPermission_recoverBlackListedAccount](#quorumpermission_recoverblacklistedaccount) and [quorumPermission_approveBlackListedAccountRecovery](#quorumpermission_approveblacklistedaccountrecovery) for further details. 600 601 ### `quorumPermission_recoverBlackListedAccount` 602 This api can be executed by the network admin account to initiate the recovery of a blacklisted account. Post majority approval from network admin accounts, the blacklisted account will be marked as active. 603 604 #### Parameters 605 * `orgId`: org or sub org id to which the node belongs 606 * `acctId`: blacklisted account id 607 608 #### Returns 609 * `msg`: response message 610 * `status`: `bool` indicating if the operation was success or failure 611 612 613 ```jshelllanguage tab="JSON RPC" 614 // Request 615 curl -X POST http://127.0.0.1:22000 --data '{"jsonrpc":"2.0","method":"quorumPermission_recoverBlackListedAccount","params":["ABC.SUB1.SUB2.SUB3", "0xf017976fdf1521de2e108e63b423380307f501f8", {"from":"0xed9d02e382b34818e88b88a309c7fe71e65f419d"}],"id":10}' --header "Content-Type: application/json" 616 617 // Response 618 {"jsonrpc":"2.0","id":10,"result":"Action completed successfully"} 619 ``` 620 621 ```javascript tab="geth console" 622 > quorumPermission.recoverBlackListedAccount("ABC.SUB1.SUB2.SUB3", "0xf017976fdf1521de2e108e63b423380307f501f8", {from: eth.accounts[1]}) 623 "Action completed successfully" 624 ``` 625 626 ### `quorumPermission_approveBlackListedAccountRecovery` 627 This api can be executed by the network admin approve the recovery of a blacklisted account. Once majority approvals from network admin accounts is received, the account is marked as active. 628 629 #### Parameters 630 * `orgId`: org or sub org id to which the node belongs 631 * `acctId`: blacklisted account id 632 633 #### Returns 634 * `msg`: response message 635 * `status`: `bool` indicating if the operation was success or failure 636 637 #### Examples 638 639 ```jshelllanguage tab="JSON RPC" 640 // Request 641 curl -X POST http://127.0.0.1:22000 --data '{"jsonrpc":"2.0","method":"quorumPermission_approveBlackListedNodeRecovery","params":["ABC.SUB1.SUB2.SUB3", "0xf017976fdf1521de2e108e63b423380307f501f8", {"from":"0xed9d02e382b34818e88b88a309c7fe71e65f419d"}],"id":10}' --header "Content-Type: application/json" 642 643 // Response 644 {"jsonrpc":"2.0","id":10,"result":"Action completed successfully"} 645 ``` 646 647 ```javascript tab="geth console" 648 > quorumPermission.approveBlackListedNodeRecovery("ABC.SUB1.SUB2.SUB3", "0xf017976fdf1521de2e108e63b423380307f501f8", {from: eth.accounts[1]}) 649 "Action completed successfully" 650 ``` 651 652 ### `quorumPermission_assignAdminRole` 653 This api can be executed by the network admin to add a new account as network admin or change the org admin account for an organization. 654 655 #### Parameters 656 * `orgId`: org id to which the account belongs 657 * `acctId`: account id 658 * `roleId`: new role id to be assigned to the account. This can be the network admin role or org admin role only 659 660 #### Returns 661 * `msg`: response message 662 * `status`: `bool` indicating if the operation was success or failure 663 664 #### Examples 665 666 ```jshelllanguage tab="JSON RPC" 667 // Request 668 curl -X POST http://127.0.0.1:22000 --data '{"jsonrpc":"2.0","method":"quorumPermission_assignAdminRole","params":["ABC", "0xf017976fdf1521de2e108e63b423380307f501f8", "NWADMIN", {"from":"0xed9d02e382b34818e88b88a309c7fe71e65f419d"}],"id":10}' --header "Content-Type: application/json" 669 // Response 670 {"jsonrpc":"2.0","id":10,"result":"Action completed successfully"} 671 ``` 672 673 ```javascript tab="geth console" 674 > quorumPermission.assignAdminRole("ABC", "0xf017976fdf1521de2e108e63b423380307f501f8", "NWADMIN", {from: eth.accounts[0]}) 675 "Action completed successfully" 676 ``` 677 678 ### `quorumPermission_approveAdminRole` 679 This api can be executed by the network admin to approve the organization admin or network admin role assignment to an account. The role is approved once majority approval is received. 680 681 #### Parameters 682 * `orgId`: org id to which the account belongs 683 * `acctId`: account id 684 685 #### Returns 686 * `msg`: response message 687 * `status`: `bool` indicating if the operation was success or failure 688 689 #### Examples 690 691 ```jshelllanguage tab="JSON RPC" 692 // Request 693 curl -X POST http://127.0.0.1:22000 --data '{"jsonrpc":"2.0","method":"quorumPermission_approveAdminRole","params":["ABC", "0xf017976fdf1521de2e108e63b423380307f501f8", {"from":"0xed9d02e382b34818e88b88a309c7fe71e65f419d"}],"id":10}' --header "Content-Type: application/json" 694 695 // Response 696 {"jsonrpc":"2.0","id":10,"result":"Action completed successfully"} 697 ``` 698 699 ```javascript tab="geth console" 700 > quorumPermission.approveAdminRole("ABC", "0xf017976fdf1521de2e108e63b423380307f501f8", {from: eth.accounts[0]}) 701 "Action completed successfully" 702 ``` 703 704 ### `quorumPermission_addNode` 705 This api can be executed by the organization admin account to add a node to the organization or sub organization. A node cannot be part of multiple organizations. 706 707 #### Parameters 708 * `orgId`: org or sub org id to which the node belongs 709 * `enodeId`: complete enode id 710 711 #### Returns 712 * `msg`: response message 713 * `status`: `bool` indicating if the operation was success or failure 714 715 #### Examples 716 717 ```jshelllanguage tab="JSON RPC" 718 // Request 719 curl -X POST http://127.0.0.1:22000 --data '{"jsonrpc":"2.0","method":"quorumPermission_addNode","params":["ABC.SUB1.SUB2.SUB3", "enode://239c1f044a2b03b6c4713109af036b775c5418fe4ca63b04b1ce00124af00ddab7cc088fc46020cdc783b6207efe624551be4c06a994993d8d70f684688fb7cf@127.0.0.1:21006?discport=0&raftport=50407", {"from":"0xed9d02e382b34818e88b88a309c7fe71e65f419d"}],"id":10}' --header "Content-Type: application/json" 720 721 // Response 722 {"jsonrpc":"2.0","id":10,"result":"Action completed successfully"} 723 ``` 724 725 ```javascript tab="geth console" 726 > quorumPermission.addNode("ABC.SUB1.SUB2.SUB3", "enode://239c1f044a2b03b6c4713109af036b775c5418fe4ca63b04b1ce00124af00ddab7cc088fc46020cdc783b6207efe624551be4c06a994993d8d70f684688fb7cf@127.0.0.1:21006?discport=0&raftport=50407", {from: eth.accounts[1]}) 727 "Action completed successfully" 728 ``` 729 730 ### `quorumPermission_updateNodeStatus` 731 This api can be executed by the organization admin account to update the status of a node. 732 733 #### Parameters 734 * `orgId`: org or sub org id to which the node belongs 735 * `enodeId`: complete enode id 736 * `action`: 737 * 1 - for deactivating the node 738 * 2 - for activating a deactivated node 739 * 3 - for blacklisting a node 740 741 #### Returns 742 * `msg`: response message 743 * `status`: `bool` indicating if the operation was success or failure 744 745 #### Examples 746 747 ```jshelllanguage tab="JSON RPC" 748 // Request 749 curl -X POST http://127.0.0.1:22000 --data '{"jsonrpc":"2.0","method":"quorumPermission_updateNodeStatus","params":["ABC.SUB1.SUB2.SUB3", "enode://239c1f044a2b03b6c4713109af036b775c5418fe4ca63b04b1ce00124af00ddab7cc088fc46020cdc783b6207efe624551be4c06a994993d8d70f684688fb7cf@127.0.0.1:21006?discport=0&raftport=50407",1, {"from":"0xed9d02e382b34818e88b88a309c7fe71e65f419d"}],"id":10}' --header "Content-Type: application/json" 750 751 // Response 752 {"jsonrpc":"2.0","id":10,"result":"Action completed successfully"} 753 ``` 754 755 ```javascript tab="geth console" 756 > quorumPermission.updateNodeStatus("ABC.SUB1.SUB2.SUB3", "enode://239c1f044a2b03b6c4713109af036b775c5418fe4ca63b04b1ce00124af00ddab7cc088fc46020cdc783b6207efe624551be4c06a994993d8d70f684688fb7cf@127.0.0.1:21006?discport=0&raftport=50407",3, {from: eth.accounts[1]}) 757 "Action completed successfully" 758 ``` 759 760 Once a node is blacklisted it can only be recovered by network admins. Refer to [quorumPermission_recoverBlackListedNode](#quorumpermission_recoverblacklistednode) and [quorumPermission_approveBlackListedNodeRecovery](#quorumpermission_approveblacklistednoderecovery) for further details. 761 762 ### `quorumPermission_recoverBlackListedNode` 763 This api can be executed by the network admin account to initiate the recovery of a blacklisted node. Post majority approval from network admin accounts, the blacklisted node will be marked as active. 764 765 #### Parameters 766 * `orgId`: org or sub org id to which the node belongs 767 * `enodeId`: complete enode id 768 769 #### Returns 770 * `msg`: response message 771 * `status`: `bool` indicating if the operation was success or failure 772 773 #### Examples 774 775 ```jshelllanguage tab="JSON RPC" 776 // Request 777 curl -X POST http://127.0.0.1:22000 --data '{"jsonrpc":"2.0","method":"quorumPermission_recoverBlackListedNode","params":["ABC.SUB1.SUB2.SUB3", "enode://239c1f044a2b03b6c4713109af036b775c5418fe4ca63b04b1ce00124af00ddab7cc088fc46020cdc783b6207efe624551be4c06a994993d8d70f684688fb7cf@127.0.0.1:21006?discport=0&raftport=50407", {"from":"0xed9d02e382b34818e88b88a309c7fe71e65f419d"}],"id":10}' --header "Content-Type: application/json" 778 779 // Response 780 {"jsonrpc":"2.0","id":10,"result":"Action completed successfully"} 781 ``` 782 783 ```javascript tab="geth console" 784 > quorumPermission.recoverBlackListedNode("ABC.SUB1.SUB2.SUB3", "enode://239c1f044a2b03b6c4713109af036b775c5418fe4ca63b04b1ce00124af00ddab7cc088fc46020cdc783b6207efe624551be4c06a994993d8d70f684688fb7cf@127.0.0.1:21006?discport=0&raftport=50407", {from: eth.accounts[1]}) 785 "Action completed successfully" 786 ``` 787 788 ### `quorumPermission_approveBlackListedNodeRecovery` 789 This api can be executed by the network admin approve the recovery of a blacklisted node. Once majority approvals from network admin accounts is received, the node is marked as active. 790 791 #### Parameters 792 * `orgId`: org or sub org id to which the node belongs 793 * `enodeId`: complete enode id 794 795 #### Returns 796 * `msg`: response message 797 * `status`: `bool` indicating if the operation was success or failure 798 799 #### Examples 800 801 ```jshelllanguage tab="JSON RPC" 802 // Request 803 curl -X POST http://127.0.0.1:22000 --data '{"jsonrpc":"2.0","method":"quorumPermission_approveBlackListedNodeRecovery","params":["ABC.SUB1.SUB2.SUB3", "enode://239c1f044a2b03b6c4713109af036b775c5418fe4ca63b04b1ce00124af00ddab7cc088fc46020cdc783b6207efe624551be4c06a994993d8d70f684688fb7cf@127.0.0.1:21006?discport=0&raftport=50407", {"from":"0xed9d02e382b34818e88b88a309c7fe71e65f419d"}],"id":10}' --header "Content-Type: application/json" 804 805 // Response 806 {"jsonrpc":"2.0","id":10,"result":"Action completed successfully"} 807 ``` 808 809 ```javascript tab="geth console" 810 > quorumPermission.approveBlackListedNodeRecovery("ABC.SUB1.SUB2.SUB3", "enode://239c1f044a2b03b6c4713109af036b775c5418fe4ca63b04b1ce00124af00ddab7cc088fc46020cdc783b6207efe624551be4c06a994993d8d70f684688fb7cf@127.0.0.1:21006?discport=0&raftport=50407", {from: eth.accounts[1]}) 811 "Action completed successfully" 812 ``` 813 814 ## Roles 815 The table below indicates the numeric value for each account access type. 816 817 | AccessType | Value | 818 |:--------------:|:-----:| 819 | ReadOnly | 0 | 820 | Transact | 1 | 821 | ContractDeploy | 2 | 822 | FullAccess | 3 | 823 824 When setting the account access, the system checks if the account setting the access has sufficient privileges to perform the activity. 825 826 * Accounts with `FullAccess` can grant any access type (`FullAccess`, `Transact`, `ContractDeploy` or `ReadOnly`) to any other account 827 * Accounts with `ContractDeploy` can grant only `Transact`, `ContractDeploy` or `ReadOnly` access to other accounts 828 * Accounts with `Transact` access can grant only `Transact` or `ReadOnly` access to other accounts 829 * Accounts with `ReadOnly` access cannot grant any access 830 831 ## Status Mapping 832 ### Organization status types 833 The table below indicates the numeric value for various organization status. 834 835 | OrgStatus | Value | 836 | :-----------------------: | :-------------: | 837 | NotInList | 0 | 838 | Proposed | 1 | 839 | Approved | 2 | 840 | PendingSuspension | 3 | 841 | Suspended | 4 | 842 | AwaitingSuspensionRevoke | 5 | 843 844 ### Account status types 845 The table below indicates the numeric value for various account status. 846 847 | AccountStatus | Value | 848 | :-------------: | :-------------: | 849 | Not In List | 0 | 850 | Pending Approval | 1 | 851 | Active | 2 | 852 | Inactive | 3 | 853 | Suspended | 4 | 854 | Blacklisted | 5 | 855 | Revoked | 6 | 856 | Recovery initiated for Blacklisted accounts | 7 | 857 858 ### Node Status types 859 The table below indicates the numeric value for various node status. 860 861 | NodeStatus | Value | 862 | :-----------------------: | :-------------: | 863 | NotInList | 0 | 864 | PendingApproval | 1 | 865 | Approved | 2 | 866 | Deactivated | 3 | 867 | Blacklisted | 4 | 868 | Recovery initiated for Blacklisted Node | 5 |