The Sylo Data Permissions allows data authors to grant, update, and revoke data
permissions. It integrates with the Sylo Data Verification pallet to allow authors
to manage fine-grained access control over their data.
Data permissions are stored as records in the Sylo Data Permissions pallet. There are
three differing forms of records to satisfy various use cases:
Data Permission Record: This is the simplest form of record and applies to
a single data item.
Tagged Permission Record: A tagged record will hold a set of data tags. The
permission applies to any data items that share at least of the tags in the record.
This allows an author to easily grant a permission to a group of related data items.
Permission Reference Record: This record type indicates that there exists another
permission record that is stored offchain on a storage sylo. The offchain permission
record itself requires that a on-chain validation record for it exists and stores the
actual permissions. This type of record is suitable when an author whishes to grant
permissions over many data items that may not share any tags.
Grants another account access permissions for a set of data items.The caller must be the author or have been granted the DISTRIBUTE permission
by the author.Namespace
Copy
Ask AI
api.tx.syloDataPermissions.grantDataPermissions
Type
Copy
Ask AI
function grantDataPermissions( /// The account that owns the data. When this differs from the caller, the caller /// must be a distributor. data_author: AccountId, /// The account to grant permissions to grantee: AccountId, /// List of data ids data_ids: Vec<Vec<Bytes>>, /// The permission level permission: DataPermission, /// An optional blocknumber for the expiry expiry: Option<BlockNumber>, /// Whether the permission is irrevocable irrevocable: bool,)
Data permission records are stored as a list of record under the key of
(grantor, grantee). A u32 value will be assigned to each record to
identify it.
Revokes a previously granted data permission.The caller must be the author or the original grantor of the permission.Namespace
Copy
Ask AI
api.tx.syloDataPermissions.revokeDataPermission
Type
Copy
Ask AI
function revokeDataPermission( /// The account that owns the data. When this differs from the caller, the caller /// must be a distributor. data_author: AccountId, /// The id of the permission record. permission_id: u32, /// The account that was granted the permission grantee: AccountId, /// The data id of the item to revoke the permission for data_id: Vec<Vec<Bytes>>,)
Grants a tagged permission record.The caller must be the original data author. Distributors are not allowed to
grant tagged permissions.Namespace
Copy
Ask AI
api.tx.syloDataPermissions.grantTaggedPermissions
Type
Copy
Ask AI
function grantTaggedPermissions( /// The account that was granted the permission grantee: AccountId, /// The permission level permission: DataPermission, /// List of data tags tags: Vec<Vec<Bytes>>, /// An optional blocknumber for the expiry expiry: Option<BlockNumber>, /// Whether the permission is irrevocable irrevocable: bool,)
Revokes a previously granted tagged permission.The caller must be the author or the original grantor of the permission.Namespace
Copy
Ask AI
api.tx.syloDataPermissions.revokeTaggedPermission
Type
Copy
Ask AI
function revokeTaggedPermission( /// The id of the permission record. permission_id: u32, /// The account that was granted the permission grantee: AccountId,)
function grantPermissionReference( /// The account to grant permissions to grantee: AccountId, /// The data id of the offchain permission record. This data item // must have an accompanying on-chain validation record. permission_record_id: Vec<Bytes>,)