Minka Ledger Docs
Tutorials/Basic Access Tutorial

Explaining wallet access

Why initial wallet access setup is not enough

Overview

When setting tutorial-ledger we gave everyone permission to access anyone's record.

For example, banks could transfer balance from wallets that don't belong to them.

In reality, this will never be the desired behavior.

And this was done only for tutorial purposes (to ease the learning process of basic concepts).

But now it's time to address wallet security.

REMINDER: By default, no one has access to anything. The Ledger is completely closed and completely secure.

Instead of restricting access, Minka Ledger works in reverse -> all access is denied and with access rules you can modify this default state and explicitly enable/add access.

How we started

Initially, in the lesson that covered creating a ledger, we gave everyone a maximum level of permissions.

This means anyone (any signer) was able to do anything inside the tutorial-ledger.

We allowed this during the ledger creation process:

$ minka ledger create
? Handle: tutorial-ledger
? Enter access content: Press <enter> to launch your preferred editor.
...

And we confirmed these JSON permissions:

[
  {
    "record": "any",
    "action": "any"
  }
]

The effect

Let's say we have 2 signers and each of them has their own wallet:

  • bank-1-signer has bank-1-wallet and
  • bank-2-signer has bank-2-wallet

We would expect that each bank only has access to their own wallet.

However, with current access rules it is possible for bank-1-signer to create transfer intent from bank-2-wallet to any other wallet.

Basically, bank-1 can control the funds from bank-2.

To stop this from happening we need to add some access rules (which we will do in our next lesson).

Previous

How general access works

Next

Unrestricted wallet access

On this page