> ## Documentation Index > Fetch the complete documentation index at: https://docs.therootnetwork.com/llms.txt > Use this file to discover all available pages before exploring further. # SyloDataPermissions The Sylo Data Permissions allows data authors to grant, update, and revoke data permissions. It integrates with the Sylo Data Verification pallet to allow authors to manage fine-grained access control over their data. ## Permission Levels There are three types of permissions that can be associated with data items: * **VIEW**: Allows the grantee to view the data when fetching the item from a storage sylo. * **MODIFY**: Allows the grantee to modify the data. This includes the onchain validation record and also the data itself that is held by storage sylos. * **DISTRIBUTE**: Allows the grantee to distribute the data. The MODIFY and DISTRIBUTE permissions imply the VIEW permission. ``` enum DataPermission { VIEW, MODIFY, DISTRIBUTE, } ``` ## Record Types Data permissions are stored as records in the Sylo Data Permissions pallet. There are three differing forms of records to satisfy various use cases: * **Data Permission Record**: This is the simplest form of record and applies to a single data item. * **Tagged Permission Record**: A tagged record will hold a set of data tags. The permission applies to any data items that share at least of the tags in the record. This allows an author to easily grant a permission to a group of related data items. * **Permission Reference Record**: This record type indicates that there exists another permission record that is stored offchain on a storage sylo. The offchain permission record itself requires that a on-chain validation record for it exists and stores the actual permissions. This type of record is suitable when an author whishes to grant permissions over many data items that may not share any tags. ## Calls ### grantDataPermissions Grants another account access permissions for a set of data items. The caller must be the author or have been granted the DISTRIBUTE permission by the author. **Namespace** ``` api.tx.syloDataPermissions.grantDataPermissions ``` **Type** ``` function grantDataPermissions( /// The account that owns the data. When this differs from the caller, the caller /// must be a distributor. data_author: AccountId, /// The account to grant permissions to grantee: AccountId, /// List of data ids data_ids: Vec>, /// The permission level permission: DataPermission, /// An optional blocknumber for the expiry expiry: Option, /// Whether the permission is irrevocable irrevocable: bool, ) ``` Data permission records are stored as a list of record under the key of (grantor, grantee). A `u32` value will be assigned to each record to identify it. ### revokeDataPermission Revokes a previously granted data permission. The caller must be the author or the original grantor of the permission. **Namespace** ``` api.tx.syloDataPermissions.revokeDataPermission ``` **Type** ``` function revokeDataPermission( /// The account that owns the data. When this differs from the caller, the caller /// must be a distributor. data_author: AccountId, /// The id of the permission record. permission_id: u32, /// The account that was granted the permission grantee: AccountId, /// The data id of the item to revoke the permission for data_id: Vec>, ) ``` ### grantTaggedPermissions Grants a tagged permission record. The caller must be the original data author. Distributors are not allowed to grant tagged permissions. **Namespace** ``` api.tx.syloDataPermissions.grantTaggedPermissions ``` **Type** ``` function grantTaggedPermissions( /// The account that was granted the permission grantee: AccountId, /// The permission level permission: DataPermission, /// List of data tags tags: Vec>, /// An optional blocknumber for the expiry expiry: Option, /// Whether the permission is irrevocable irrevocable: bool, ) ``` ### revokeTaggedPermission Revokes a previously granted tagged permission. The caller must be the author or the original grantor of the permission. **Namespace** ``` api.tx.syloDataPermissions.revokeTaggedPermission ``` **Type** ``` function revokeTaggedPermission( /// The id of the permission record. permission_id: u32, /// The account that was granted the permission grantee: AccountId, ) ``` ### grantPermissionReference Creates a permission reference record. The caller must be the author. **Namespace** ``` api.tx.syloDataPermissions.grantPermissionReference ``` **Type** ``` function grantPermissionReference( /// The account to grant permissions to grantee: AccountId, /// The data id of the offchain permission record. This data item // must have an accompanying on-chain validation record. permission_record_id: Vec, ) ``` ### revokePermissionReference Revokes a previously granted permission reference. The caller must be the author. **Namespace** ``` api.tx.syloDataPermissions.revokePermissionReference ``` **Type** ``` function revokePermissionReference( /// The account that was granted the permission grantee: AccountId, ) ``` ## Storage ### PermissionRecords Maps from grantor and grantee to a permission record id and the permission record itself. **Namespace** ``` api.query.syloDataPermissions.PermissionRecords ``` **Type** ``` type PermissionRecord { grantor: AccountId, permission: DataPermission, block: BlockNumber, expiry: Option, irrevocable: bool, } function PermissionRecords( data_author: AccountId, grantee: AccountId, data_id: Bytes ): Vec<(u32, PermissionRecord)> ``` ### TaggedPermissionRecords Maps from grantor and grantee to a permission record id and the tagged permission record. **Namespace** ``` api.query.syloDataPermissions.TaggedPermissionRecords ``` **Type** ``` type TaggedPermissionRecord { permission: DataPermission, tags: Vec>, block: BlockNumber, expiry: Option, irrevocable: bool, } function TaggedPermissionRecords( data_author: AccountId, grantee: AccountId ): Vec<(u32, TaggedPermissionRecord)> ``` ### PermissionReferences Stores permission references for off-chain records. **Namespace** ``` api.query.syloDataPermissions.PermissionReferences ``` **Type** ``` type PermissionReference { permission_record_id: Vec, } function PermissionReferences( data_author: AccountId, grantee: AccountId ): Option ``` ## Events ### DataPermissionGranted An account has been granted permission for a specific data record. **Namespace** ``` api.events.syloDataPermissions.DataPermissionGranted ``` **Type** ``` type DataPermissionGranted = { data_author: AccountId, grantor: AccountId, grantee: AccountId, data_id: Bytes, permission: DataPermission, expiry: Option, irrevocable: bool, } ``` ### DataPermissionRevoked An account's permission has been revoked for a specific data record. **Namespace** ``` api.events.syloDataPermissions.DataPermissionRevoked ``` **Type** ``` type DataPermissionRevoked = { revoker: AccountId, grantee: AccountId, permission: DataPermission, data_id: Bytes, } ``` ### ExpiredDataPermissionRemoved An expired data permission has been automatically removed. **Namespace** ``` api.events.syloDataPermissions.ExpiredDataPermissionRemoved ``` **Type** ``` type ExpiredDataPermissionRemoved = { data_author: AccountId, grantee: AccountId, data_id: Bytes, permission_id: u32, } ``` ### TaggedDataPermissionsGranted An account has been granted tagged permissions. **Namespace** ``` api.events.syloDataPermissions.TaggedDataPermissionsGranted ``` **Type** ``` type TaggedDataPermissionsGranted = { grantor: AccountId, grantee: AccountId, permission: DataPermission, tags: Vec, expiry: Option, irrevocable: bool, } ``` ### TaggedDataPermissionsRevoked A tagged permission for an account has been revoked. **Namespace** ``` api.events.syloDataPermissions.TaggedDataPermissionsRevoked ``` **Type** ``` type TaggedDataPermissionsRevoked = { revoker: AccountId, grantee: AccountId, permission: DataPermission, tags: Vec, } ``` ### PermissionReferenceGranted An account has been granted a permission reference. **Namespace** ``` api.events.syloDataPermissions.PermissionReferenceGranted ``` **Type** ``` type PermissionReferenceGranted = { grantor: AccountId, grantee: AccountId, permission_record_id: Bytes, } ``` ### PermissionReferenceRevoked An account's permission reference has been revoked. **Namespace** ``` api.events.syloDataPermissions.PermissionReferenceRevoked ``` **Type** ``` type PermissionReferenceRevoked = { grantor: AccountId, grantee: AccountId, permission_record_id: Bytes, } ``` ## Errors ### DataRecordDoesNotExist Attempted to grant permissions for a data record that does not exist. **Namespace** ``` api.errors.syloDataPermissions.DataRecordDoesNotExist ``` ### IrrevocableCannotBeExpirable A permission that is set to irrevocable cannot also be set to have an expiry. **Namespace** ``` api.errors.syloDataPermissions.IrrevocableCannotBeExpirable ``` ### InvalidExpiry Expiry value for permission record is invalid. **Namespace** ``` api.errors.syloDataPermissions.InvalidExpiry ``` ### ExceededMaxPermissions Exceeded the maximum number of record permissions granted to a given account. **Namespace** ``` api.errors.syloDataPermissions.ExceededMaxPermissions ``` ### MissingDistributePermission Attempted to grant a permission as a delegate without the required DISTRIBUTE permission. **Namespace** ``` api.errors.syloDataPermissions.MissingDistributePermission ``` ### CannotGrantDistributePermission Distribute permissions can only be granted by the data author. **Namespace** ``` api.errors.syloDataPermissions.CannotGrantDistributePermission ``` ### PermissionIrrevocable An irrevocable permission cannot be revoked. **Namespace** ``` api.errors.syloDataPermissions.PermissionIrrevocable ``` ### NotPermissionGrantor Only the account that granted a permission or the data author can revoke a permission. **Namespace** ``` api.errors.syloDataPermissions.NotPermissionGrantor ``` ### PermissionNotFound Cannot revoke a permission that does not exist. **Namespace** ``` api.errors.syloDataPermissions.PermissionNotFound ``` ### MissingValidationRecord An accompanying verification record for the off-chain permission does not exist. **Namespace** ``` api.errors.syloDataPermissions.MissingValidationRecord ``` ### PermissionReferenceAlreadyExists An existing permission reference has already been granted. **Namespace** ``` api.errors.syloDataPermissions.PermissionReferenceAlreadyExists ``` ### ExceededMaxExpiringPermissions Exceeded the maximum number of permissions that can expire on the same block. **Namespace** ``` api.errors.syloDataPermissions.ExceededMaxExpiringPermissions ``` ### InvalidString String values in an RPC call, in either the inputs or outputs, are invalid. **Namespace** ``` api.errors.syloDataPermissions.InvalidString ```