Skip to main content

Manage Access Control

This guide covers the full capability lifecycle: creating and updating roles, issuing capabilities with constraints, revoking and destroying capabilities, and removing roles. For conceptual background, see Role-Based Access Control.

Prerequisites

Steps

1. Set Up Multiple Wallets

Create an admin wallet and an operations-user wallet that will receive a custom role.

Used Utility Functions
examples/audit-trail/05_manage_access.rs
loading...

2. Create a Custom Role

Define a new role with a specific set of permissions. Here we create an "Operations" role with record admin permissions.

examples/audit-trail/05_manage_access.rs
loading...

3. Update Role Permissions

Modify the permission set of an existing role. This replaces the previous permissions entirely.

examples/audit-trail/05_manage_access.rs
loading...

4. Issue a Constrained Capability

Issue a capability that is bound to a specific wallet address and has an expiration timestamp. The capability can only be used by the specified address and only until the expiry time.

examples/audit-trail/05_manage_access.rs
loading...

5. Revoke a Capability

Revocation is immediate — the holder can no longer use the capability. The revoked capability ID is recorded in the trail's revoked-capability registry.

examples/audit-trail/05_manage_access.rs
loading...

6. Destroy a Capability

Unlike revocation, destroying a capability permanently removes it without adding it to the revoked registry.

examples/audit-trail/05_manage_access.rs
loading...

7. Clean Up Revoked Capabilities

Remove stale entries from the revoked-capability registry. This is required before a role can be deleted.

examples/audit-trail/05_manage_access.rs
loading...

8. Delete a Role

Remove the role from the trail entirely. All capabilities for the role must be revoked/destroyed and cleaned up first.

examples/audit-trail/05_manage_access.rs
loading...

Expected Behavior

  • Roles can be created, updated, and deleted using the Admin capability.
  • Capabilities can be constrained by address (issued_to), start time (valid_from_ms), and expiry time (valid_until_ms).
  • Revocation is immediate and blocks all further use of the capability.
  • A role cannot be deleted until all its capabilities are destroyed and the revoked registry is cleaned up.

Running Examples Locally

In order to run the examples, you will need to run an IOTA network locally. See the local network setup guide.

Full Example Code

examples/audit-trail/05_manage_access.rs
loading...