How general access works
Learn how access and security is handled in Minka Ledger
So far in this tutorial we did not concern ourselves with access rules in order to ease the learning process.
But now it's time we introduce a couple of new concepts.
Restrict vs enable access
Restricting access is always tricky. All you need is forget one single rule and your system is vulnerable.
On the other hand, Minka Ledger has "enable access" architecture which is much more robust:
- everything is forbidden by design
- no one has access to anything
- and permissions can only be granted (never revoked)
This is officially called "The Principle of Least Privilege" (Wiki).
By starting with a completely closed system and only opening access where strictly necessary, the system ensures that users have just enough permissions to perform their roles.
There is never any extra (unused) permissions that could make the system vulnerable.
With this architecture, the worst thing that can happen is someone who should have access doesn't have it.
Fortunately, this is easily fixable by giving users an additional access.
On the other hand, accidentally forgetting to restrict access can lead to catastrophic outcomes, data breach, and unauthorized transactions.
This is why Minka Ledger went with "enable access" architecture.
Tutorial ledger access
When setting up the tutorial-ledger, we set up access rules in a way that gave everyone permissions to do anything. (we did this to simplify the tutorial)
After that, there was no reason to set additional rules or give additional access when everyone already had full access.
You may have not realized this because we didn't try to do anything that would be considered "forbidden".
For example, we didn't try to send funds from someone else's wallet.
But in the lessons that follow, we're going to do just that.