How to set up ledger access rules

Date	Responsible	Changes
January 24, 2023	@Luis Fidelis	Initial version
February 10, 2023	@Omar Monterrey	SDK Options refactoring (`url` to `server` and `key` to `signer`)
February 27, 2023	@Luis Fidelis	Rename `bearer.$key` access constraints to `bearer.$signer`
February 27, 2023	@Omar Monterrey	Refactored `signer.schema` → `signer.format`
March 7, 2023	@Filip Herceg	Changed `bearer` action to `read`
March 9, 2023	@Tomislav Herman	Changed `ledger` → `sdk` and `instance` → `ledger` in order to match new SDK interface.

Each ledger instance record supports attaching access rules through the access property. This property holds a list of permissions to signers and/or JWT tokens to access ledger records i.e wallets, symbols, etc, or the ledger instance itself. When making api requests using the SDK those access rules can be added when building the record.

import { LedgerSdk } from '@minka/ledger-sdk'
 
const sdk = new LedgerSdk({
  server: '<your ledger URL>',
  signer: {
		format: 'ed25519-raw',
		public: '<your ledger public key>'
	}
})
 
const { ledger } = await sdk.ledger.init()
  .data({
    handle: 'test-ledger',
    signer: 'ledger-signer',
    access: [{
      action: 'read',
      record: 'wallet',
      bearer: {
        $signer: {
          handle: 'bearer-key-value'
        }
      }
    }]
  })
  .hash()
  .sign([{ keyPair: yourKeyPair }])
  .send()

Access data can be also added interactively through CLI:

$ minka ledger create
 
? Handle: test-ledger
? Enter access content: Press <enter> to launch your preferred editor.

Then the default editor will open with an empty list [] as default value. This list must be fulfilled with the desired access rules

Screen Shot 2023-02-27 at 12.07.48.png

After confirming those permissions, a summary of the ledger instance as well as a confirmation question will be prompt in order to finish the operation without any mistake

$ minka ledger create
 
? Handle: test-ledger
? Enter access content: Received
? Add custom data? No
? Signer: signerlocal
 
Ledger summary:
------------------------------------------------------------------------
Handle: test-ledger
 
Access rules:
#0
  - Action: read
  - Record: wallet
  - Bearer:
    - $signer: 
      - handle: owner
 
⚠️ To allow a new ledger instance to sign specific operations
when needed, a new signer will be created and attached to it.
This new signer will be owned and managed by the server.
Its public key and key format are going to be available
for verification of the signature.
       
 
? Sign this ledger instance using signer signerlocal? Yes
 
✅ Ledger instance created successfully:
Handle: test-ledger
Public: orr9rbdN4gtFLOqxk2rZsEZl4qj6IdOZ+R6PPaHTN0U=
Signer: 5y3Dv13lLQ4Ewd1WG0Pmi9gV/wc8Lh1UnidXMdMG0+w= (signerlocal)

See About Authorization for more details about this concept.