Access Management

The AccessStore smart contract is used to manage access rights to documents and groups.

enum AccessLevel { NoAccess, Owner, Admin, Read }
enum AccessKind { NoKind, Doc, DocGroup, UserGroup }

mapping(bytes32 => Access[]) accessStore;  // accessID -> Access[]

struct Access {
        AccessKind   kind;
        bytes32      idHash;
        bytes        idEncr;    // id encrypted by access key
        bytes        keyEncr;   // access key encrypted by user private key
        AccessLevel  level;
}

The keys of the access table can be of arbitrary form. But currently the keys are calculated as follows:

accessID = Keccak256(subjectIdHash + accessKind)

Thus an array of objects of the specified type belonging to the given subject can be grouped under this key. For each object the access level is indicated. Basic levels are owner, admin, read.

When adding or changing access rights to a subject, the smart contract checks the access rights level of the person making the request. For the request to succeed, the requestor's access level must be admin or owner.