Illustrate the evolution of ownership over objects during bootstrapping

[6r1d]

There's a repeating (1, 2) question from Matias regarding the assets and the access rights:

I've set up a new network with 4 nodes using docker-compose.stable.yml as template. Everything seems to work fine, but I noticed that I'm not able to mint assets with a user that didnt created the asset definition for that asset.

When I checked who was the owner of the asset definitions, I noticed that it was the genesis user. These are assets that I defined in the genesis.json file.

Is that how it is supposed to work? Or can I have those assests definitions setup by a different user when I setup the network?

The previous question was about minting and the answer is pretty similar:

The asset definition owner, i.e. the account registering the asset definition, can burn assets in possession of any user with the default permissions.

You can write a custom executor to alter that behaviour, too.

I wonder if we can have some doc section about rights for the assets and what to add here?

[6r1d]

As pointed out by @Mingela,

Yes, it's expected behavior. You should either grant permissions for actions in relation to those assets or transfer ownership of the domain of an asset in the genesis block.

[6r1d]

@outoftardis should we create a documentation section regarding the asset ownership and access rights?

UPD: as discussed in the chat,

• This information should be added
• The existing asset topic needs an extension
• We need to start a topic on the executors, as "you can write a custom executor to alter that behaviour"

[nxsaken]

There was a related question from @matisalimbene in the chat:

I'm thinking about genesis@genesis (or whatever user pub/private key pair was used to setup the network) does it retain permissions over all subjects?

For example:

• genesis@genesis registers domain wonderland and user alice@wonderland
• alice@wonderland register asset rose#wonderland

In this scenario alice@wonderland has permissions over rose#wonderland, but it doen't have permissions over domain wonderland. And genesis@genesis has permissions over domain wonderland and user alice@wonderland, but it DOES NOT have permission over asset rose#wonderland.

I thought genesis had permissions over everything, but now I think that's not the case, only over those subjects created by it. Am I getting it right?

If my understanding is correct, after the genesis round is complete, the genesis account loses its "root" privileges and acts like a regular one. And the genesis round happens exactly once in the lifetime of a blockchain, to bootstrap the initial structure.

To me it's a bit unclear when the genesis round is considered to be done. We should clarify this in the documentation, probably by describing step-by-step who has which permissions and when. Maybe through some sort of diagram?

[mversic]

If my understanding is correct, after the genesis round is complete, the genesis account loses its "root" privileges and acts like a regular one. And the genesis round happens exactly once in the lifetime of a blockchain, to bootstrap the initial structure.

yes

To me it's a bit unclear when the genesis round is considered to be done. We should clarify this in the documentation, probably by describing step-by-step who has which permissions and when. Maybe through some sort of diagram?

what is unclear, it's done after applying the 1st block, aka genesis block

[s8sato]

acts like a regular one

I think the genesis account cannot take any action after the genesis:
https://github.com/hyperledger/iroha/blob/f055638c1e2cfd810effef8701ee33af79bac08e/core/src/tx.rs#L40-L41
so the genesis account should exit the chain in the genesis round.

Please also note that #4411 fixed the default genesis transaction so that not only the domain "wonderland" but also the asset definition "rose" is transferred from "genesis" to "alice":
https://github.com/hyperledger/iroha/blob/f055638c1e2cfd810effef8701ee33af79bac08e/configs/swarm/genesis.json#L96-L104

[mversic]

I think the genesis account cannot take any action after the genesis:

yes

Please also note that hyperledger-iroha/iroha#4411 fixed the default genesis transaction so that not only the domain "wonderland" but also the asset definition "rose" is transferred from "genesis" to "alice":

I don't think that was strictly necessary, domain owner will have privileges to manipulate asset definitions that are defined in it

[s8sato]

Yeah, but it seemed at least surprising to me that the genesis account was holding ownership of rose

[salimbene]

@s8sato @mversic Thanks. So, that’s perfect. I get that after genesis round, genesis account loses privileges and it is just a regular account. On a slightly different topic, it remains true that for every new node that I wish to register into the network, that new node will need to provide its key along the genesis public key, correct?

[mversic]

@s8sato @mversic Thanks. So, that’s perfect. I get that after genesis round, genesis account loses privileges and it is just a regular account. On a slightly different topic, it remains true that for every new node that I wish to register into the network, that new node will need to provide its key along the genesis public key, correct?

Yes, every node that participates in consensus needs to have a unique private key to sign blocks. It's public key is broadcasted to all other peers when executing Register<Peer>