Collaborative Administration of Role-Based Access Control in Smart Contracts
The emergence of blockchain technologies, including smart contracts, enables the decentralization of applications that were previously controlled by a single entity. In many cases, however, smart contracts still need to distinguish between different user roles according to their assigned duties. To ensure security, smart contracts often apply a simple form of role-based access control (RBAC), where a dedicated administrator assigns users to roles that are authorized to invoke specific smart contract functions. As this solution contradicts the blockchain principles of decentralization and democratic decision making, smart contracts may also form decentralized autonomous organizations where governance decisions are based on voting by all participants. Many applications would benefit from a hybrid approach that involves roles with different permissions while still allowing for collaborative management. Therefore, we propose a novel mechanism for RBAC administration in smart contracts based on hierarchical roles and configurable administration rules for each role. Any change in the user-role relation requires joint approval by members of selected roles according to the associated rule. This enables decentralized organizational charts with flexible administration constraints, where each role corresponds to specific permissions in the decentralized application and any change is transparently and securely recorded on the blockchain. The practical feasibility of the approach is demonstrated by means of a prototypical implementation for the Ethereum blockchain. Several benchmarks are performed to analyze the potential overhead of different solution variants.