Manage Access
Control who can decrypt your registered datasets using Seal allowlists.
Access Control Overview
SealTrust uses Seal threshold encryption with allowlist-based access control:
- Each dataset has an associated allowlist
- Only addresses on the allowlist can decrypt
- The dataset owner has admin capabilities
Adding Users
Navigate to Dataset
Go to your dataset’s management page at sealtrust.app/dataset/[id].
Open Access Management
Click the “Access Management” tab.
Add Address
- Click “Add User”
- Enter the Sui wallet address
- Click “Add to Allowlist”
- Sign the transaction
Removing Users
Navigate to Access Management
Go to your dataset’s Access Management tab.
Remove Address
- Find the user in the list
- Click the remove button
- Confirm and sign the transaction
Checking Authorization
To check if an address is authorized:
import { allowlistService } from '@/lib/allowlist-service';
const isAuthorized = await allowlistService.isAuthorized(
allowlistId,
userAddress,
suiClient
);Viewing All Members
const members = await allowlistService.getAllowlistMembers(
allowlistId,
suiClient
);
console.log('Authorized addresses:', members);Best Practices
[!TIP] Security Recommendations:
- Regularly audit your allowlist
- Remove access when no longer needed
- Use specific addresses, not wildcards
- Keep your admin capability secure
Technical Details
The allowlist is a shared Sui object:
public struct Allowlist has key {
id: UID,
name: String,
list: vector<address>,
}
public struct Cap has key {
id: UID,
allowlist_id: ID,
}Allowlist- Shared object containing authorized addressesCap- Admin capability for managing the allowlist
Last updated on