cosmos-sdk/x/authz/spec/01_concepts.md

<!--
order: 1
-->

# Concepts

## Authorization
Any concrete type of authorization defined in the `x/authz` module must fulfill the `Authorization` interface outlined below. Authorizations determine exactly what privileges are granted. They are extensible and can be defined for any Msg service method even outside of the module where the Msg method is defined. Authorizations use the new `ServiceMsg` type from [ADR 031](../../../architecture/adr-031-msg-service.md).


+++ https://github.com/cosmos/cosmos-sdk/blob/c95de9c4177442dee4c69d96917efc955b5d19d9/x/authz/types/authorizations.go#L15-L24


## Built-in Authorizations

Cosmos-SDK `x/authz` module comes with following authorization types

### SendAuthorization

`SendAuthorization` implements `Authorization` interface for the `cosmos.bank.v1beta1.Msg/Send` ServiceMsg, that takes a `SpendLimit` and updates it down to zero.

+++ https://github.com/cosmos/cosmos-sdk/blob/c95de9c4177442dee4c69d96917efc955b5d19d9/proto/cosmos/authz/v1beta1/authz.proto#L12-L19

+++ https://github.com/cosmos/cosmos-sdk/blob/c95de9c4177442dee4c69d96917efc955b5d19d9/x/authz/types/send_authorization.go#L23-L45

- `spent_limit` keeps track of how many coins left in the authorization.


### GenericAuthorization

`GenericAuthorization` implements the `Authorization` interface, that gives unrestricted permission to execute the provided ServiceMsg on behalf of granter's account.

+++ https://github.com/cosmos/cosmos-sdk/blob/c95de9c4177442dee4c69d96917efc955b5d19d9/proto/cosmos/authz/v1beta1/authz.proto#L21-L30

+++ https://github.com/cosmos/cosmos-sdk/blob/c95de9c4177442dee4c69d96917efc955b5d19d9/x/authz/types/generic_authorization.go#L20-L28

- `method_name` holds ServiceMsg type.

## Gas
In order to prevent DoS attacks, granting `StakeAuthorizaiton`s with `x/authz` incur gas. `StakeAuthorizaiton` allows you to authorize another account to delegate, undelegate, or redelegate to validators. The authorizer can define a list of validators they will allow and/or deny delegations to. The SDK will iterate over these lists and charge 10 gas for each validator in both of the lists.
x/authz specs (#8499) * init * init * add events * add state & messages * WIP * update Readme * WIP * Update x/README.md Co-authored-by: Alessio Treglia <alessio@tendermint.com> * Update x/authz/spec/README.md Co-authored-by: Amaury <amaury.martiny@protonmail.com> * Update x/authz/spec/02_state.md Co-authored-by: Amaury <amaury.martiny@protonmail.com> * Update x/authz/spec/01_concepts.md Co-authored-by: Amaury <amaury.martiny@protonmail.com> * review changes * Update x/authz/spec/01_concepts.md Co-authored-by: Amaury <amaury.martiny@protonmail.com> * Update x/authz/spec/02_state.md Co-authored-by: Amaury <amaury.martiny@protonmail.com> * Update x/authz/spec/01_concepts.md Co-authored-by: Cory <cjlevinson@gmail.com> * Update x/authz/spec/04_events.md Co-authored-by: Cory <cjlevinson@gmail.com> * Update x/authz/spec/04_events.md Co-authored-by: Cory <cjlevinson@gmail.com> * Update x/authz/spec/README.md Co-authored-by: Cory <cjlevinson@gmail.com> Co-authored-by: Alessio Treglia <alessio@tendermint.com> Co-authored-by: Amaury <amaury.martiny@protonmail.com> Co-authored-by: Cory <cjlevinson@gmail.com> 2021-02-11 08:56:37 -08:00			`<!--`
			`order: 1`
			`-->`

			`# Concepts`

			`## Authorization`
			Any concrete type of authorization defined in the `x/authz` module must fulfill the `Authorization` interface outlined below. Authorizations determine exactly what privileges are granted. They are extensible and can be defined for any Msg service method even outside of the module where the Msg method is defined. Authorizations use the new `ServiceMsg` type from [ADR 031](../../../architecture/adr-031-msg-service.md).


			`+++ https://github.com/cosmos/cosmos-sdk/blob/c95de9c4177442dee4c69d96917efc955b5d19d9/x/authz/types/authorizations.go#L15-L24`


			`## Built-in Authorizations`

			Cosmos-SDK `x/authz` module comes with following authorization types

			`### SendAuthorization`

			`SendAuthorization` implements `Authorization` interface for the `cosmos.bank.v1beta1.Msg/Send` ServiceMsg, that takes a `SpendLimit` and updates it down to zero.

			`+++ https://github.com/cosmos/cosmos-sdk/blob/c95de9c4177442dee4c69d96917efc955b5d19d9/proto/cosmos/authz/v1beta1/authz.proto#L12-L19`

			`+++ https://github.com/cosmos/cosmos-sdk/blob/c95de9c4177442dee4c69d96917efc955b5d19d9/x/authz/types/send_authorization.go#L23-L45`

			- `spent_limit` keeps track of how many coins left in the authorization.


			`### GenericAuthorization`

			`GenericAuthorization` implements the `Authorization` interface, that gives unrestricted permission to execute the provided ServiceMsg on behalf of granter's account.

			`+++ https://github.com/cosmos/cosmos-sdk/blob/c95de9c4177442dee4c69d96917efc955b5d19d9/proto/cosmos/authz/v1beta1/authz.proto#L21-L30`

			`+++ https://github.com/cosmos/cosmos-sdk/blob/c95de9c4177442dee4c69d96917efc955b5d19d9/x/authz/types/generic_authorization.go#L20-L28`

			- `method_name` holds ServiceMsg type.
add docs for gas consumption (#9118) Co-authored-by: technicallyty <48813565+tytech3@users.noreply.github.com> Co-authored-by: mergify[bot] <37929162+mergify[bot]@users.noreply.github.com> 2021-04-15 02:09:01 -07:00
			`## Gas`
			In order to prevent DoS attacks, granting `StakeAuthorizaiton`s with `x/authz` incur gas. `StakeAuthorizaiton` allows you to authorize another account to delegate, undelegate, or redelegate to validators. The authorizer can define a list of validators they will allow and/or deny delegations to. The SDK will iterate over these lists and charge 10 gas for each validator in both of the lists.