Skip to main content

Roles & Permissions

Roles and Permissions are used in a colony to determine who has access to which features. When setting up a colony, it's important to make sure that the right users have the right roles.

Available roles in Colony

🪙 Root

Root allows you to take actions affecting the Colony as a whole, such as changing the colony details and minting tokens.

🏛 Administration

Administration allows you to create and manage expenditures, but not to fund them.

🏗 Architecture

Architecture allows you to set permissions in the active team, as well as changing the Team details. Architecture permission in Root allows you to create and edit teams.

💰 Funding

Funding allows you to fund expenditures, and transfer funds between Teams.

👩‍⚖️ Arbitration

Arbitration allows you to resolve disputes, make state changes, and punish bad behavior.

🚨 Recovery

Recovery mode allows you to disable the colony in an emergency, update storage, and approve reactivation. The Recovery role is only effective in Root.

Actions that require permissions

ActionRequired permission(s)Method on contractNotes
Move funds between teams (domains)FundingmoveFundsBetweenPotsRequires the Funding permission in a parent domain of both domains (e.g. Root)
Create a team (domain)ArchitectureaddDomain
(Un-)set Architecture role for userArchitecture1setArchitectureRoleApplies only to subdomains
(Un-)set Funding role for userArchitecture1setFundingRole
(Un-)set Administration role for userArchitecture1setAdministrationRole
(Un-)set Root role for userRoot2setRootRole
Add Recovery3 role to userRootsetRecoveryRole
Remove Recovery3 role from userRootremoveRecoveryRole
Mint tokensRootmintTokensOnly if colony has access to mint function on token
Upgrade colonyRootupgradeUpgrades the colony to a new version (non-reversible)
Install extensionRootinstallExtension
Upgrade extensionRootupgradeExtension
Deprecate extensionRootdeprecateExtension
Uninstall extensionRootuninstallExtension
Make arbitrary transactionRootmakeArbitraryTransaction
Make multiple arbitrary transactionsRootmakeArbitraryTransactions
Edit colonyRooteditColonyEdit a Colony's metadata
Burn tokensRootburnTokens
Unlock the colony's tokenRootunlockToken
Deprecate team/domainArchitecturedeprecateDomain
Unlock the colony's tokenRootunlockToken
Claim Colony funds-claimColonyFundsAnyone can claim funds for the Colony that were send to it

One Transaction Payment (OneTxPayment) extension permissions

info

The One Transaction Payment extension contract itself needs the Administration and Funding permissions in the Root domain to function.

ActionRequired permission(s)Method on contractNotes
Pay someone from a domainFunding, AdministrationmakePaymentFundedFromDomain

Motions & Disputes (VotingReputation) permissions

info

The Motions & Disputes extension contract itself needs the Root, Administration, Arbitration, Architecture and Funding permissions in the Root domain to function.

ActionRequired permission(s)Method on contractNotes
Create a motion-createMotionAnyone can create a motion as long as there is reputation within the motion's team
Stake a motion-stakeMotionAnyone can stake a motion as long as they have enough tokens and reputation to do so
Finalize a motion-finalizeMotionAnyone can finalize a motion

Some notes on permissions

This list of actions is not complete, but rather covers the most common actions that you come across within the UI.

  • The Root role can only be assigned in the Root team/domain.

  1. Be aware that when you have the Architecture role in one team, you can only apply these actions in teams that are nested within the one you have the Architecture role in. E.g. you can't assign yourself the Funding role in the same team you have the Architecture role in
  2. When a user has the Root role, they can set permissions for the Root domain (which doesn't have any parents), essentially meaning that the limitation in 1 is lifted.
  3. The Recovery role is a special role that enables a user to put the Colony into and out of Recovery Mode. Read more about Recovery Mode here