Creating Permission Structures

As mentioned in other parts of this documentation, sometimes you will want to set up multisig permission structures on your account. This can be accomplished using multiple different tools, but this page will show you how to do it using the waxblock.io UI.

First, you'll need to log into your account on WaxBlock. Once you do that, you can navigate to the Manage Keys And Permissions section.

Next, click on the "Advanced" tab.

There are multiple different options you can choose to go with, such as creating new permissions that don't exist yet, etc. In this tutorial, we are going to change the permission structure of the "Active" key - which means that any time we need to sign a transaction with the Active permission, we will need a multisig.

Select "active" from the drop down menu under "Change Permission".

WaxBlock will now display a list of the current configuration of the active permission.

There are a couple of things to take note of in the image above. First, the active permsission has a threshold of 1. This means that the combined weights of any approved signatures must equal at least 1, in order for the transaction to be valid.

Notice how the key in the 2nd row has a "Weight" of 1? This means that if this key signs a transaction, it will meet the threshold of 1, and the transaction will be able to execute.

Let's change this to a proper multisig by adding 2 more accounts to the active permission, and changing the threshold to 2. We will do this by clicking the "Add New" button.

I clicked the button twice, so now I have 2 empty rows to fill out.

I am going to change the "Type" from "Key" to "Account" for the 2 new accounts that I'll be adding.

Next, I need to enter the details of the accounts who I want to be included in this multisig. For this example, let's assume that we want admin.waxand oigto be the other parties in the multisig. We will require them to sign with their activepermissions, as follows:

There is still one problem left, we still have the threshold set to 1. That's okay if that's how you want your permission to be set up - but keep in mind that this would mean any of the 3 parties on the multisig could sign a transaction by themselves. Not really much of a multisig, when it only requires one signature. Let's change the threshold to 2.

Since each of the 3 parties has a "Weight" of only 1, at least 2 parties would need to sign a transaction in order for their combined weights to meet the threshold of 2.

We can also consider another option here. Maybe we want admin.waxto be able to sign without anyone else's approval, since it's the WAX Team, and maybe we want to give them some extra authority. In this case, they would be able to sign a transaction by themselves, but if they don't approve, then both of the other 2 parties would need to sign, in order to override their authority.

To accomplish this, we could simply set the weight of admin.waxto 2.

Once you are happy with the structure, you can click the "Update Permission" button to finalize it.

A transaction modal will pop up, and you'll need to sign a transaction. Once this is done, you will have your key under a proper multisig. Please note that in this example, the ownerkey would still not be under a multisig, which would make putting the active key under one pretty useless (in terms of building trust).

Ideally, you'd want the owner and active key to both be under multisig. In this case, you can just repeat this process for the owner key - however, it is highly recommended to test with the active key first, and once you confirm everything is working, then you can change the owner key as well.

If you screw up your active key, you can always fix it - as long as you still have access to the owner key. If you lose access to both, you are out of luck.

In the next lesson, I will explain how to propose, and sign multisig transactions - so you can use your new permission structure to actually sign things.