A Substrate pallet implementing role-based access control and permissions for Substrate extrinsic calls.
The filtering of incoming extrinsics and their sender accounts is done at the transaction queue validation layer, using the SignedExtension
trait.
- Add the module's dependency in the
Cargo.toml
of yourruntime
directory. Make sure to enter the correct path or git url of the pallet as per your setup.
[dependencies.substrate_rbac]
package = 'substrate-rbac'
git = 'https://github.com/gautamdhameja/substrate-rbac.git'
default-features = false
- Declare the pallet in your
runtime/src/lib.rs
.
pub use substrate_rbac;
impl substrate_rbac::Config for Runtime {
type Event = Event;
type RbacAdminOrigin = EnsureRoot<AccountId>;
}
construct_runtime!(
pub enum Runtime where
Block = Block,
NodeBlock = opaque::Block,
UncheckedExtrinsic = UncheckedExtrinsic
{
...
...
...
RBAC: substrate_rbac::{Pallet, Call, Storage, Event<T>, Config<T>},
}
);
- Add the module's
Authorize
type in theSignedExtra
checklist.
pub type SignedExtra = (
...
...
balances::TakeFees<Runtime>,
substrate_rbac::Authorize<Runtime>
- Add a genesis configuration for the module in the
src/chain_spec.rs
file.
rbac: Some(RBACConfig {
super_admins: vec![get_account_id_from_seed::<sr25519::Public>("Alice")]
})
cargo build --release
and thencargo run --release -- --dev
The usage of this pallet are demonstrated in the Substrate permissioning sample.
This code not audited and reviewed for production use cases. You can expect bugs and security vulnerabilities. Do not use it as-is in real applications.