Keyboard shortcuts

Press or to navigate between chapters

Press S or / to search in the book

Press ? to show this help

Press Esc to hide this help

RBAC Interface

The RBAC interface manages privileged roles, suspension state, contract default state, and application control.

Only the Arranger may call RBAC methods, unless otherwise specified.

contract_update

{
  "name": "contract_update",
  "readonly": false,
  "args": [],
  "returns": { "type": "void" },
  "errors": ["UNAUTHORIZED"]
}

rbac_rotate_arranger

{
  "name": "rbac_rotate_arranger",
  "readonly": false,
  "args": [
    { "name": "new_arranger", "type": "address" }
  ],
  "returns": { "type": "uint64", "desc": "UNIX timestamp of the rotation" },
  "errors": ["UNAUTHORIZED", "INVALID_ROLE_ADDRESS"]
}

The new arranger must not be the Algorand global zero address.

rbac_set_op_daemon

{
  "name": "rbac_set_op_daemon",
  "readonly": false,
  "args": [
    { "name": "address", "type": "address" }
  ],
  "returns": { "type": "uint64", "desc": "UNIX timestamp of the assignment" },
  "errors": ["UNAUTHORIZED"]
}

This is a non-normative helper for payment automation.

rbac_assign_role

{
  "name": "rbac_assign_role",
  "readonly": false,
  "args": [
    { "name": "role_id", "type": "uint8" },
    { "name": "role_address", "type": "address" },
    { "name": "validity", "type": "RoleValidity" }
  ],
  "returns": { "type": "uint64", "desc": "UNIX timestamp of the assignment" },
  "errors": ["UNAUTHORIZED", "DEFAULTED", "INVALID_ROLE", "INVALID_ROLE_ADDRESS", "INVALID_SORTING"]
}

Only assign non-Arranger roles. The target address must not be the global zero address, and validity.role_validity_start must be strictly earlier than validity.role_validity_end.

rbac_revoke_role

{
  "name": "rbac_revoke_role",
  "readonly": false,
  "args": [
    { "name": "role_id", "type": "uint8" },
    { "name": "role_address", "type": "address" }
  ],
  "returns": { "type": "uint64", "desc": "UNIX timestamp of the revocation" },
  "errors": ["UNAUTHORIZED", "DEFAULTED", "INVALID_ROLE", "INVALID_ROLE_ADDRESS"]
}

rbac_contract_suspension

{
  "name": "rbac_contract_suspension",
  "readonly": false,
  "args": [
    { "name": "suspended", "type": "bool" }
  ],
  "returns": { "type": "uint64", "desc": "UNIX timestamp of the suspension update" },
  "errors": ["UNAUTHORIZED"]
}

Only an active Authority may call this method.

rbac_contract_default

{
  "name": "rbac_contract_default",
  "readonly": false,
  "args": [
    { "name": "defaulted", "type": "bool" }
  ],
  "returns": { "type": "uint64", "desc": "UNIX timestamp of the default update" },
  "errors": ["UNAUTHORIZED"]
}

Only an active Trustee may call this method.

It sets or clears the contract-level defaulted performance flag. This flag is distinct from the kernel lifecycle status.

rbac_get_arranger

{
  "name": "rbac_get_arranger",
  "readonly": true,
  "args": [],
  "returns": { "type": "address", "desc": "Current arranger address" },
  "errors": []
}

rbac_get_address_roles

{
  "name": "rbac_get_address_roles",
  "readonly": true,
  "args": [
    { "name": "address", "type": "address" }
  ],
  "returns": {
    "type": "(bool,bool,bool,bool,bool)",
    "desc": "Account manager, primary dealer, trustee, authority, observer"
  },
  "errors": []
}

rbac_get_role_validity

{
  "name": "rbac_get_role_validity",
  "readonly": true,
  "args": [
    { "name": "role_id", "type": "uint8" },
    { "name": "role_address", "type": "address" }
  ],
  "returns": { "type": "RoleValidity", "desc": "Stored validity interval" },
  "errors": ["INVALID_ROLE", "INVALID_ROLE_ADDRESS"]
}

Only applicable to non-Arranger roles.