本文介绍了如何使用 OpenZeppelin Defender 管理智能合约中的角色权限,包括添加合约、查看和修改角色。通过一个基于角色的访问控制(RBAC)智能合约示例,演示了如何创建合约、分配和撤销角色,以及如何使用 Defender 的地址簿和交易提案功能进行操作。主要目的是帮助用户了解如何使用 Defender 有效地管理和控制智能合约的访问权限。
Defender 允许你无缝地监督和管理大规模的合约权限,并且能够以精细的粒度查看和控制访问权限。本教程展示了如何添加智能合约以查看和管理其角色,包括分配和移除角色。
OpenZeppelin Defender 账户。你可以在这里注册 Defender。
任何外部钱包(如 Metamask),其中包含在 Sepolia 中持有资金的 EOA。
在本教程中,你将创建一个合约,该合约使用部署到 Sepolia 的这个工厂实现基于角色的访问控制库。 你创建的合约将自动为你分配管理其角色的管理员角色。 |
在 Web 浏览器中打开 Defender 地址簿。
使用以下值填写表单,然后单击“创建”:
名称:Access Control Factory
网络:Sepolia
地址:0xF909B3dBB525fDe7C3e8cd59FbECF3D42c217454
导航到交易提案。
使用以下值填写 常规信息 部分:
名称:Create Access Control contract
目标合约:Access Control Factory
对于 函数 部分,选择 create
函数。
打开 审批流程 部分,单击输入字段,然后选择 Create Approval Process
。
使用以下值填写审批流程表单,然后单击 Save Changes
:
名称:Access Control Admin
类型:EOA
地址:你的钱包 EOA 地址
Submit Transaction Proposal
。单击 Create Access Control contract
交易提案。
单击右上角的 Approve and Execute
按钮,并在你的钱包上确认交易。
导航到 Defender https://defender.openzeppelin.com/v2/#/address-book/new地址簿,window=_blank],以添加你新创建的合约。
使用以下值填写表单,然后单击 Create
:
名称:Access Control Contract
网络:Sepolia
地址:从上一步复制的合约地址
ABI:复制并粘贴以下内容
[{"inputs": [],"stateMutability": "nonpayable","type": "constructor"},{"inputs": [],"name": "AccessControlBadConfirmation","type": "error"},{"inputs": [{"internalType": "address","name": "account","type": "address"},{"internalType": "bytes32","name": "neededRole","type": "bytes32"}],"name": "AccessControlUnauthorizedAccount","type": "error"},{"anonymous": false,"inputs": [{"indexed": true,"internalType": "bytes32","name": "role","type": "bytes32"},{"indexed": true,"internalType": "bytes32","name": "previousAdminRole","type": "bytes32"},{"indexed": true,"internalType": "bytes32","name": "newAdminRole","type": "bytes32"}],"name": "RoleAdminChanged","type": "event"},{"anonymous": false,"inputs": [{"indexed": true,"internalType": "bytes32","name": "role","type": "bytes32"},{"indexed": true,"internalType": "address","name": "account","type": "address"},{"indexed": true,"internalType": "address","name": "sender","type": "address"}],"name": "RoleGranted","type": "event"},{"anonymous": false,"inputs": [{"indexed": true,"internalType": "bytes32","name": "role","type": "bytes32"},{"indexed": true,"internalType": "address","name": "account","type": "address"},{"indexed": true,"internalType": "address","name": "sender","type": "address"}],"name": "RoleRevoked","type": "event"},{"inputs": [],"name": "DEFAULT_ADMIN_ROLE","outputs": [{"internalType": "bytes32","name": "","type": "bytes32"}],"stateMutability": "view","type": "function"},{"inputs": [],"name": "RANDOM_ROLE","outputs": [{"internalType": "bytes32","name": "","type": "bytes32"}],"stateMutability": "view","type": "function"},{"inputs": [{"internalType": "bytes32","name": "role","type": "bytes32"}],"name": "getRoleAdmin","outputs": [{"internalType": "bytes32","name": "","type": "bytes32"}],"stateMutability": "view","type": "function"},{"inputs": [{"internalType": "bytes32","name": "role","type": "bytes32"},{"internalType": "address","name": "account","type": "address"}],"name": "grantRole","outputs": [],"stateMutability": "nonpayable","type": "function"},{"inputs": [{"internalType": "bytes32","name": "role","type": "bytes32"},{"internalType": "address","name": "account","type": "address"}],"name": "hasRole","outputs": [{"internalType": "bool","name": "","type": "bool"}],"stateMutability": "view","type": "function"},{"inputs": [{"internalType": "bytes32","name": "role","type": "bytes32"},{"internalType": "address","name": "callerConfirmation","type": "address"}],"name": "renounceRole","outputs": [],"stateMutability": "nonpayable","type": "function"},{"inputs": [{"internalType": "bytes32","name": "role","type": "bytes32"},{"internalType": "address","name": "account","type": "address"}],"name": "revokeRole","outputs": [],"stateMutability": "nonpayable","type": "function"},{"inputs": [{"internalType": "bytes4","name": "interfaceId","type": "bytes4"}],"name": "supportsInterface","outputs": [{"internalType": "bool","name": "","type": "bool"}],"stateMutability": "view","type": "function"}]
导航到访问控制页面。
观察你新添加的合约,其中包含持有管理员角色的地址数量。
在你的合约特定页面中,你可以看到持有 DEFAULT_ADMIN_ROLE
角色的地址,该角色是你用来部署合约的审批流程中的 EOA 地址。 要进行更改,请单击该角色并输入新地址(或者,如果要从该角色中删除地址,则删除一个地址)。 按照以下步骤将新地址添加到 DEFAULT_ADMIN_ROLE
:
单击 DEFAULT_ADMIN_ROLE
角色。
从下拉菜单中选择任何地址或添加一个新地址。
向下滚动并单击 Select an Approval Process
。
选择你的 Access Control Admin
审批流程。
检查你的钱包是否与正确的 EOA 地址连接。 如果没有,请单击该字段下方的按钮以连接你的钱包。
单击 Save Changes
并在你的钱包上确认交易。
等待交易执行完毕,并检查新地址是否持有 DEFAULT_ADMIN_ROLE
角色。
对于可拥有的合约,你只能使用与当前所有者的地址匹配的审批流程来更改 Owner
角色。 当使用多重签名作为审批流程时,你将在页面右侧看到待处理的提案。
该页面每分钟同步一次,并在修改角色时更新。
恭喜你! 你可以导入其他合约并修改其角色。
配置访问控制后,我们建议设置工作流。 通过此教程了解如何使用工作流。 |
- 原文链接: docs.openzeppelin.com/de...
- 登链社区 AI 助手,为大家转译优秀英文文章,如有翻译不通的地方,还请包涵~
如果觉得我的文章对您有用,请随意打赏。你的支持将鼓励我继续创作!