Access Control

Tokenization support includes an access control feature that supports both role-based and ownership-based control mechanisms.

With role-based control, users can call specific methods with an associated role such as Token Admin or Token Minter. With ownership-based control, you can restrict users from accessing assets that they do not own. With ownership-based access control, specific methods can be called by the users who own the assets, such as the Token Owner or

Account
                Owner

. For specific information on access control for methods, see the individual entries for the methods documented in the following topics:

Role-based access control supports the following personas:

Token Admin: Token Admin users can be assigned when a token chaincode is deployed. The Token Admin user information is saved in the state database. A Token Admin user can grant and remove Token Admin privileges for other users. A Token Admin user cannot remove their own Token Admin privileges. A Token Admin user can assign the Org Admin, minter, burner, or notary role to any user.
Org Admin: The extended Token Taxonomy Framework methods support the Org Admin role. A Token Admin user can assign the Org Admin role to any user. Org Admin users have administrative privileges, but only within their organization. They can create accounts or see account balances, but only for users in their organization. Org Admin users who have a minter, burner, or notary role can assign that role to other users in their organization.
Token Minter: A user who is assigned the minter role is a Token Minter, and can mint tokens.
Token Burner: A user who is assigned the burner role is a Token Burner, and can burn tokens.
Token Notary: A user who is assigned the notary role is a Token Notary. A Token Notary acts as a third party in transactions between payers and payees. A Token Notary can either trigger the completion of a token transfer from a payer to a payee, or can instead return the tokens to the payer's account.
Vault Manager: A user who is assigned the vault role is the Vault Manager. The Vault Manager can unlock a locked NFT. The vault role is applicable only for the extended ERC-721 and ERC-1155 standards. Assigning the vault role to a user is a prerequisite for locking NFTs. Only one user per chaincode can be assigned the vault role.

Ownership-based access control supports the following personas:

Account Owner: Any user that has an account is an Account Owner.
Token Owner: Any user that currently owns a non-fungible token is the Token Owner of that token.

Role-based access control and ownership-based access control are also combined in some methods. For example, role-based access control lets a user with the minter role create tokens. With ownership-based access control, a non-fungible token owner can modify the custom properties of a token, but cannot modify the token metadata. When a user with the minter role creates a non-fungible token (NFT), they become the owner of the NFT. As the owner of that NFT, they can modify the custom properties (for an art collection token, the token price is a custom property). After the token creator transfers the NFT to another user, the second user becomes the owner, and the user who created the token is no longer the owner of the token. Because of ownership-based access control, the new owner can now update a custom property value, but the previous owner no longer can. Because of role-based access control, the previous owner can still mint an NFT, but the new user cannot.

You can also write your own access control functions, or disable access control. The automatically generated code that controls access is shown in the following examples.

TypeScript:

await this.Ctx.<Token Standard>Auth.checkAuthorization(...)

Go:

auth, err := t.Ctx.<Token Standard>Auth.CheckAuthorization(...)

Note:

To remove the automatically generated access control function, remove the previous line of code from your TypeScript or Go project.