GuidesAPI ReferenceCommunityDiscordBlogFAQBug BountyAnnouncements
HomeGuidesAPI ReferenceChangelog
GuidesAPI ReferenceCommunityDiscordBlogFAQBug BountyAnnouncementsChange Log
Guides
Change Log

Advanced Configuration

Suggest Edits

SR account permissions can be managed in groups through account permission management. A common use case is to delegate the block production permission to another account while retaining other control permissions. This allows for flexibility and potentially greater security.

This guide will introduce how to modify account permissions and how to configure node when block production permission of SR is changed.

1. Modify the account permission of SR

Super Representatives can manage and modify their account permissions via tronscan or the wallet/accountpermissionupdate API.

2. Query SR Account Permission

Use the wallet/getaccount API to query SR's permission information:

curl --location --request POST 'https://api.nileex.io/wallet/getaccount' \
--header 'Content-Type: text/plain' \
--data-raw '{
     "address": "TUZKijZ9Esy8JEkrqMpaVgtbDKKNA5p5CZ",
     "visible": true
}'

Returns:

{
    "address": "TUZKijZ9Esy8JEkrqMpaVgtbDKKNA5p5CZ",
    ......
    "owner_permission": {
        "permission_name": "owner",
        "threshold": 1,
        "keys": [
            {
                "address": "TUZKijZ9Esy8JEkrqMpaVgtbDKKNA5p5CZ",
                "weight": 1
            }
        ]
    },
    "witness_permission": {
        "type": "Witness",
        "id": 1,
        "permission_name": "witness",
        "threshold": 1,
        "keys": [
            {
                "address": "TWDTKh7d3LzZhvBCrnWpJwGtsY2yw1NxFo",
                "weight": 1
            }
        ]
    },
    "active_permission": [
        ......
    ],
    ......
}

From the returned result, we can see that the SR TUZKijZ9Esy8JEkrqMpaVgtbDKKNA5p5CZ authorizes his block producing permission to Account TWDTKh7d3LzZhvBCrnWpJwGtsY2yw1NxFo.

3. Configure the SR's node

After the SR's witness permission was changed, configure the SR's block production node as follows:

// Optional.The default is empty.
// It is used when the witness account has set the witnessPermission.
// When it is not empty, the localWitnessAccountAddress represents the address of the witness account,
// and the localwitness is configured with the private key of the witnessPermissionAddress in the witness account.
// When it is empty,the localwitness is configured with the private key of the witness account.

localWitnessAccountAddress = TUZKijZ9Esy8JEkrqMpaVgtbDKKNA5p5CZ

// the private key of TWDTKh7d3LzZhvBCrnWpJwGtsY2yw1NxFo
localwitness = [ 9191d6d99056da4e3cfc2bb755924f0ca761d8fef8c5a8585026b66bb313f818
]

#localwitnesskeystore = [
#  "localwitnesskeystore.json"
#]
  1. localWitnessAccountAddress : set it with the SR's address: TUZKijZ9Esy8JEkrqMpaVgtbDKKNA5p5CZ.
  2. localwitness : set it to the private key of the account that has the block production permission of the super representative, that is the private key of TWDTKh7d3LzZhvBCrnWpJwGtsY2yw1NxFo.

Please note that if the witness permission of the SR is not changed, that is the witness permission of the SR is hisself, localWitnessAccountAddress does not need to configure, only localwitness is necessary.

4. Start the node

To enable block production on a fullnode, include the --witness parameter in the startup command.

$ java -Xmx24g -XX:+UseConcMarkSweepGC -jar FullNode.jar --witness -c main_net_config.conf

Note: For detailed deploying a node, please refer to here.

After the node runs and syncs normally, if the node should produce a block, it will use the value of localwitness to sign the block data, and the signature data will be stored at the block_header.witness_signature field of the block. Then this block will be verifed by others. If the signed address has the permission of the SR's block producing (block_header.raw_data.witness_address this field records the SR address), the block will be pass the verification.

Updated 4 months ago