grantAccess

Data encrypted through the Data Protector tool requires explicit authorization for runtime access. A newly created protectedData object has no inherent authorizations. This method grants permission to securely access the specified protectedData for processing using the processProtectedData method. Authorization to use the protectedData is given to a user in the context of an application (or a designated list of applications).

Usage

const grantedAccess
 = await dataProtectorCore
.grantAccess
({
  protectedData
: '0x123abc...',
  authorizedApp
: '0x456def...',
  authorizedUser
: '0x789cba...',
  pricePerAccess
: 3,
  numberOfAccess
: 10,
  onStatusUpdate
: ({ title
, isDone
 }) => {
    console
.log
(title
, isDone
);
  },
});

Parameters

import { type GrantAccessParams
 } from '@iexec/dataprotector';

protectedData Required *

Type: AddressOrENS

The ethereum address of the protected data supplied by the user.

const grantedAccess
 = await dataProtectorCore
.grantAccess
({
  protectedData
: '0x123abc...',
  authorizedApp
: '0x456def...',
  authorizedUser
: '0x789cba...',
});

authorizedApp Required *

Type: AddressOrENS

The address of the application you wish to authorize to process the protectedData within a secure execution environment. You may specify either a single application or an application whitelist. To specify a whitelist, you provide the ETH address of an iExec Whitelist Smart Contract. This smart contract aggregates multiple application versions. This allows you to introduce new versions of your application without needing to grant access for the protectedData each time you do so.

const grantedAccess
 = await dataProtectorCore
.grantAccess
({
  protectedData
: '0x123abc...',
  authorizedApp
: '0x456def...',
  authorizedUser
: '0x789cba...',
});

TIP

You may authorize a specific app or a whitelist of apps to use the protected data.

iExec uses the ENS web3mail.apps.iexec.eth for the latest version of the Web3Mail decentralized application.

iExec also maintains a whitelist for current and past versions of Web3Mail dApps. Granting access to this whitelist allows use of an email protectedData with all versions of the Web3Mail application, ensuring you only have to grant this access once. The ETH address for this whitelist is 0x781482C39CcE25546583EaC4957Fb7Bf04C277D2.

authorizedUser Required *

Type: AddressOrENS

The address of the user you wish to authorize to use the protectedData. Note that these users may not view or manipulate the data. This only grants permission for the user to submit the data to an iExec application.

const grantedAccess
 = await dataProtectorCore
.grantAccess
({
  protectedData
: '0x123abc...',
  authorizedApp
: '0x456def...',
  authorizedUser
: '0x789cba...',
});

TIP

You may authorize all users to use the protected data by setting this to 0x0000000000000000000000000000000000000000.

pricePerAccess Optional

Type: number
Default: 0

Specifies the usage fee in nano RLC (nRLC) associated with each access of the data. It represents the cost incurred for each individual interaction with application.

By invoking the grantAccess method with a specific pricePerAccess you define the fee that the specified user (authorizedUser parameter) must pay for each access to the data when used with the specified application (authorizedApp parameter).

The fee is paid to the owner of the protected data.

const grantedAccess
 = await dataProtectorCore
.grantAccess
({
  protectedData
: '0x123abc...',
  authorizedApp
: '0x456def...',
  authorizedUser
: '0x789cba...',
  pricePerAccess
: 3,
  numberOfAccess
: 10,
});

TIP

pricePerAccess is expressed in nano RLC (nRLC). nRLC is the smallest subdivision of the RLC token, 1 RLC equals to 10^9 nRLC.

When provided, pricePerAccess must be a non-negative integer value.

numberOfAccess Optional

Type: number
Default: 1

Allows restricting the number of times the protected data may be processed and used.

It is not technically possible to set an unlimited number of accesses, but you can set numberOfAccess to 10000 for example.

const grantedAccess
 = await dataProtectorCore
.grantAccess
({
  protectedData
: '0x123abc...',
  authorizedApp
: '0x456def...',
  authorizedUser
: '0x789cba...',
  pricePerAccess
: 3,
  numberOfAccess
: 10,
});

onStatusUpdate Optional

Type: OnStatusUpdateFn<GrantAccessStatuses>

Callback function to be notified at intermediate steps.

const grantedAccess
 = await dataProtectorCore
.grantAccess
({
  protectedData
: '0x123abc...',
  authorizedApp
: '0x456def...',
  authorizedUser
: '0x789cba...',
  onStatusUpdate
: ({ title
, isDone
 }) => { 
    console
.log
(title
, isDone
); 
  },
});

You can expect this callback function to be called with the following titles:

'CREATE_DATASET_ORDER';
'PUBLISH_DATASET_ORDER';

Once with isDone: false, and then with isDone: true

Return value

import { type GrantedAccess
 } from '@iexec/dataprotector';

The result of this method confirms the new access grant. It consists of a JSON grantedAccess object.

GrantedAccess

📽 Use Case Demo

DataProtector Core

DataProtector Sharing

Collection

Renting

Selling

Subscription

Consume

Read data

Apps whitelist

iDapp

DataProtector Deserializer

grantAccess

Usage

Parameters

protectedData Required *

authorizedApp Required *

authorizedUser Required *

pricePerAccess Optional

numberOfAccess Optional

onStatusUpdate Optional

Return value

Collection

Renting

Selling

Subscription

Apps whitelist

iDapp

DataProtector Deserializer

grantAccess ​

Usage ​

Parameters ​

protectedData Required * ​

authorizedApp Required * ​

authorizedUser Required * ​

pricePerAccess Optional ​

numberOfAccess Optional ​

onStatusUpdate Optional ​

Return value ​

grantAccess

Usage

Parameters

protectedData Required *

authorizedApp Required *

authorizedUser Required *

pricePerAccess Optional

numberOfAccess Optional

onStatusUpdate Optional

Return value