permission

What is Permission

DMC account has two types of permissions: owner and active. An account must be “associated” with both owner and active permissions.

Owner has super permissions and represents the owner of the account. It allows the owner to operate on other permission configurations. This permission is typically used in transactions (such as transfers, contract actions, etc.) but not commonly used.
Active permission is commonly used for regular operations such as transfers, voting, etc.

Relationship Between Account and Permissions

Creating a DMC Account

var DMC = require('dmc.js');
var dmc_client = DMC({
  chainId: 'c102a8115bef9e4a4e751559aac2cdc2859417e6476f8cb6054cd3f7dffe1ce4',
  keyProvider: 'creator_priKey',
  httpEndpoint: 'http://testnode.dmctech.io:8801',
  logger: {
    log: null,
    error: null
  }
});

let puklic_key = "DM74PaP2h4ikwB2zY6X4Da16vufHA1L5Cr4D2EMVeJ1WF57Xdo2Q";

dmc_client.transact_sync({
    actions: [
        {
            account: 'dmc',
            name: 'newaccount',
            authorization: [{
                actor: "Creator Name", //creator's account name
                permission: 'active',
            }],
            data: {
                creator: "Creator Name", //creator's account name
                name: "Account Name", //Account Name of the Recipient
                owner: {
                    threshold: 1,
                    keys: [{
                        key: puklic_key, //Owner Permission Public Key of the Recipient Account
                        weight: 1
                    }],
                    accounts: [],
                    waits: []
                },
                active: {
                    threshold: 1,
                    keys: [{
                        key: puklic_key, //Active Permission Public Key of the Recipient Account
                        weight: 1
                    }],
                    accounts: [],
                    waits: []
                },
            }
        }]
}, {
    blocksBehind: 3,
    expireSeconds: 30,
});

Querying DMC Account Information

var DMC = require('dmc.js');
var dmc_client = DMC({
  chainId: 'c102a8115bef9e4a4e751559aac2cdc2859417e6476f8cb6054cd3f7dffe1ce4',
  keyProvider: 'creator_priKey',
  httpEndpoint: 'http://testnode.dmctech.io:8801',
  logger: {
    log: null,
    error: null
  }
});
let account_info = dmc_client.rpc.get_account_sync(/*Account Name to be queried*/"Account Name"); 
console.log(account_info)

The output result is as follows:

{
  "account_name": "testatvmx4gr",
  "head_block_num": 675134,
  "head_block_time": "2023-04-08T05:08:01.500",
  "privileged": false,
  "last_code_update": "1970-01-01T00:00:00.000",
  "created": "2023-04-08T05:08:02.000",
  "ram_quota": 26464590,
  "net_weight": 100000,
  "cpu_weight": 100000,
  "net_limit": {
    "used": 0,
    "available": "8139889164420",
    "max": "8139889164420"
  },
  "cpu_limit": {
    "used": 0,
    "available": "1552560646900",
    "max": "1552560646900"
  },
  "ram_usage": 2996,
  "permissions": [
    {
      "perm_name": "active",
      "parent": "owner",
      "required_auth": {
        "threshold": 1,
        "keys": [
          {
            "key": "DM74PaP2h4ikwB2zY6X4Da16vufHA1L5Cr4D2EMVeJ1WF57Xdo2Q",
            "weight": 1
          }
        ],
        "accounts": [],
        "waits": []
      },
      "linked_actions": []
    },
    {
      "perm_name": "owner",
      "parent": "",
      "required_auth": {
        "threshold": 1,
        "keys": [
          {
            "key": "DM74PaP2h4ikwB2zY6X4Da16vufHA1L5Cr4D2EMVeJ1WF57Xdo2Q",
            "weight": 1
          }
        ],
        "accounts": [],
        "waits": []
      },
      "linked_actions": []
    }
  ],
  "total_resources": {
    "owner": "testatvmx4gr",
    "net_weight": "10.0000 DMC",
    "cpu_weight": "10.0000 DMC",
    "ram_bytes": 26463190
  },
  "self_delegated_bandwidth": null,
  "refund_request": null,
  "voter_info": null,
  "rex_info": null,
  "subjective_cpu_bill_limit": {
    "used": 0,
    "available": 0,
    "max": 0
  }
}

In the result, the permissions field confirms that the owner and active permissions are controlled by the owner of the public key DM74PaP2h4ikwB2zY6X4Da16vufHA1L5Cr4D2EMVeJ1WF57Xdo2Q.

Analyzing Account and Permissions

Extracted script execution:

// let puklic_key = "DM74PaP2h4ikwB2zY6X4Da16vufHA1L5Cr4D2EMVeJ1WF57Xdo2Q";
{
    owner: {
        threshold: 1,
        keys: [
            {
            key: puklic_key, 
            weight: 1
            }
        ],
        accounts: [],
        waits: []
    },
    active: {
        threshold: 1,
        keys: [
            {
            key: puklic_key, 
            weight: 1
            }
        ],
        accounts: [],
        waits: []
    },
}

The above code can be seen as assigning control permissions for the owner and active permissions to the public key DM74PaP2h4ikwB2zY6X4Da16vufHA1L5Cr4D2EMVeJ1WF57Xdo2Q. This means that the private key corresponding to this public key has owner and active permissions.

Extracted output result:

1
2
3

"ram_quota": 26464590,
"net_weight": 100000,
"cpu_weight": 100000,

Represents the RAM, NET, and CPU resource quotas for this account. The RAM quota is 26,464,590 bytes, the NET quota is 100,000, and the CPU quota is 100,000.

Configure Permissions

Changing the active permission of the account testatvmx4gr.

var DMC = require('dmc.js');
var dmc_client = DMC({
  chainId: 'c102a8115bef9e4a4e751559aac2cdc2859417e6476f8cb6054cd3f7dffe1ce4',
  keyProvider: 'creator_priKey',
  httpEndpoint: 'http://testnode.dmctech.io:8801',
  logger: {
    log: null,
    error: null
  }
});
let new_pub_key = "DM4x3FcgobQC3G54AApjgNQsd48BFpMWNNX1dPmUE2aPDdFjnnRD";
let account = "testatvmx4gr";

dmc_client.transact_sync({
    actions: [
        {
            account: 'dmc',
            name: 'updateauth',
            authorization: [{
                actor: account,
                permission: 'active',
            }],
            data: {
                account: account,
                permission: "active",
                parent: "owner",
                auth: {
                    threshold: 1,
                    keys: [{
                        key: new_pub_key,
                        weight: 1
                    }],
                    accounts: [],
                    waits: []
                },
            }
        }]
}, {
    blocksBehind: 3,
    expireSeconds: 30,
});
let account_info = dmc_client.rpc.get_account_sync(account);
console.notice(account_info);

The output result is as follows:

{
  "account_name": "testatvmx4gr",
  "head_block_num": 676548,
  "head_block_time": "2023-04-08T05:19:48.500",
  "privileged": false,
  "last_code_update": "1970-01-01T00:00:00.000",
  "created": "2023-04-08T05:08:02.000",
  "ram_quota": 26464590,
  "net_weight": 100000,
  "cpu_weight": 100000,
  "net_limit": {
    "used": 161,
    "available": "7789936921593",
    "max": "7789936921754"
  },
  "cpu_limit": {
    "used": 408,
    "available": "1485812553332",
    "max": "1485812553740"
  },
  "ram_usage": 2996,
  "permissions": [
    {
      "perm_name": "active",
      "parent": "owner",
      "required_auth": {
        "threshold": 1,
        "keys": [
          {
            "key": "DM4x3FcgobQC3G54AApjgNQsd48BFpMWNNX1dPmUE2aPDdFjnnRD",
            "weight": 1
          }
        ],
        "accounts": [],
        "waits": []
      },
      "linked_actions": []
    },
    {
      "perm_name": "owner",
      "parent": "",
      "required_auth": {
        "threshold": 1,
        "keys": [
          {
            "key": "DM74PaP2h4ikwB2zY6X4Da16vufHA1L5Cr4D2EMVeJ1WF57Xdo2Q",
            "weight": 1
          }
        ],
        "accounts": [],
        "waits": []
      },
      "linked_actions": []
    }
  ],
  "total_resources": {
    "owner": "testatvmx4gr",
    "net_weight": "10.0000 DMC",
    "cpu_weight": "10.0000 DMC",
    "ram_bytes": 26463190
  },
  "self_delegated_bandwidth": null,
  "refund_request": null,
  "voter_info": null,
  "rex_info": null,
  "subjective_cpu_bill_limit": {
    "used": 0,
    "available": 0,
    "max": 0
  },
  "eosio_any_linked_actions": []
}

The above code calls the updateauthSync method to perform permission changes. We transferred the active permission of testatvmx4gr to the public key DM4x3FcgobQC3G54AApjgNQsd48BFpMWNNX1dPmUE2aPDdFjnnRD, while the owner permission remains with DM74PaP2h4ikwB2zY6X4Da16vufHA1L5Cr4D2EMVeJ1WF57Xdo2Q.

Multi-Signature

What is Multi-Signature

Multi-signature, or multi-sig, refers to the use of multiple signatures when authorizing operations on the blockchain. Typically, we use private keys to sign transactions for authorization.

Threshold and Weight

The threshold represents the minimum permission required to control an account, while the weight represents the level of permission held by the private key.

Example

Single-Signature Account

Permission	Associated Public Key	weight	threshold
owner			1
	DM5dZut9MG9ZdqrT1WYdPkp1Txxi6JLRYEgYCtAUDWH6ymNqdJpR	1	-
active			1
	DM5dZut9MG9ZdqrT1WYdPkp1Txxi6JLRYEgYCtAUDWH6ymNqdJpR	1	-

As shown in the table, to obtain owner permission, the weight of the owner must be greater than or equal to the threshold for owner. In the example above, the threshold for owner is 1, and the weight for the associated public key DM6MRyAjQq8ud7hVNYcfnVPJqcVpscN5So8BhtHuGYqET5GDW5CV is 1. Therefore, this associated public key can directly obtain owner permission for operations.

The explanation for the active permission is the same as above. We consider an account with only one associated public key as a single-signature account.

Multi-Signature Account

Authorization must meet the threshold to be correctly signed.

Permission	Associated Public Key	weight	threshold
owner			2
	DM5dZut9MG9ZdqrT1WYdPkp1Txxi6JLRYEgYCtAUDWH6ymNqdJpR	1	-
	DM5UFAzxUsbjQCijL5LtS6TaTtkJgPJACZ8qwDpXyLaW3sE9Ed2D	1	-
active			1
	DM5dZut9MG9ZdqrT1WYdPkp1Txxi6JLRYEgYCtAUDWH6ymNqdJpR	1	-

To obtain owner permission, authorization from both associated public keys is required simultaneously, as shown in the table.

Guidelines