Sudo Policy
The sudo policy grants unlimited permissions for specified contract addresses and function selectors. This is the most permissive policy and should be used with caution. It can be used when you need to grant complete access to specific contract functions, similar to admin privileges.
⚠️ Security Consideration: This provides the highest level of access and should only be used when necessary and there is a good deal of trust in the session key grantee.
sudo.ts
import { usersNexusClient } from "./client.ts";
const createSessionsResponse = await usersNexusClient.grantPermission({
sessionRequestedInfo: [
{
sessionPublicKey,
// sessionValidUntil: number
// sessionValidAfter: number
// chainIds: bigint[]
actionPoliciesInfo: [
{
abi: CounterAbi, // Providing the full contract ABI will parse it to individual function selectors under the hood
contractAddress: "0x...",
sudo: true
}
]
}
]
})Common Use Cases
- Emergency Response: Grant full access to trusted parties during incidents
- Contract Administration: Allow comprehensive management of protocol settings
- System Maintenance: Enable complete access for upgrades and maintenance
- Development Testing: Provide unrestricted access in test environments
- Protocol Governance: Enable execution of governance decisions
- Multi-sig Operations: Grant full access to trusted multi-sig participants
Best Practices
- Time-Bound Access: Always combine with time range policies to limit exposure
- Strict Monitoring: Implement comprehensive logging for all sudo operations
- Limited Scope: Restrict sudo access to specific contracts rather than global access
- Regular Audits: Frequently review and rotate sudo permissions
- Emergency Revocation: Maintain ability to quickly revoke sudo access if compromised
- Documentation: Keep detailed records of why sudo access was granted
- Test Environment: Validate sudo operations in test environment first