Manage Permissions

Create and manage permissions on your Prividium chain.

Permissions define what each role can do within your Prividium network. They control which smart contract functions users can read, write, or call through the Proxy. Administrators configure permissions in the Admin Dashboard under Contract Permissions.

1. Open the Permissions page

  1. Go to the Admin Dashboard at http://localhost:3000.
  2. Select Contract Permissions from the sidebar.
  3. You will see a list of all registered contracts and their function-level access rules.

2. Register a contract

Before you can assign permissions, register the smart contract that needs access control.

  1. Click Add Contract.
  2. Enter:
    • Contract Address
    • Contract Name
    • Description (optional)
    • ABI JSON (paste the full ABI or upload the file)
  3. Click Save.

Once registered, the contract’s functions will be available for permission mapping.

3. Add a permission rule

  1. In the Contract Permissions view, find the desired contract.
  2. Click Add Rule.
  3. Select:
    • Function name (from ABI)
    • Access type: read or write
    • Rule type (see table below)
    • Roles allowed to call this function
  4. Click Save.

Each function can have its own rule. If a function has no rule, access is denied by default.

4. Permission rule types

Rule TypeDescriptionExample Use Case
PublicAllows anyone to call this functionRead-only views like totalSupply()
Check RoleRequires the caller to hold one of the listed rolesOnly users with Trader role can call transfer()
Restrict ArgumentEnsures a function argument matches the caller’s wallet addressUser can only withdraw(address) to their own wallet
Check Role And Restrict ArgumentRequires both a role and an argument matchTrader role can transferFrom() only for their own address
Check Role Or Restrict ArgumentRequires either a role or an argument matchEither admins or self-calls permitted

5. Edit or remove a permission rule

  • To update: select the rule, modify its parameters, and click Save.
  • To delete: click the Delete icon next to the rule and confirm.

Tip: Keep function rules minimal and precise. Unused or redundant rules increase maintenance overhead.

6. Default access policy

By design, Prividium uses a deny-by-default model: if a contract or function has no rule, the Proxy blocks all access to it.

This ensures that only explicitly authorized functions can be called, reducing risk of accidental exposure.

7. Testing permissions

After updating permissions:

  1. Open the User Dashboard.
  2. Log in as a user with a specific role.
  3. Interact with the connected dApp or contract through the Proxy.
  4. Verify that allowed functions succeed and restricted ones fail.

If the Proxy returns 403 Forbidden, the user lacks permission for that function.

8. Example configuration

ContractFunctionAccessRule TypeAllowed Roles
Tokentransfer(address,uint256)WriteCheck RoleTrader
Tokenapprove(address,uint256)WriteRestrict ArgumentTrader
TokenbalanceOf(address)ReadRestrict ArgumentTrader, Auditor
Registryregister(address,string)WriteCheck RoleAdmin

9. Best practices

  • Keep public rules to a minimum.
  • Use Restrict Argument for address-sensitive functions.
  • Review permissions regularly, especially after contract upgrades.
  • Document your role-to-permission mapping for audits.

Next Step

Continue to Manage Users to add user accounts, link wallets, and assign roles to users.

Manage Roles

Create and manage roles on your Prividium chain.

Manage Users

Create and manage users on your Prividium chain.

Made with ❤️ by the ZKsync Community