PCL Policy Admin
The privileged account responsible for managing global PCL settings and policies.
The Policy Admin is a single address with special permissions to configure the x/pcl module. This role is critical for the security and governance of the compliance layer, as it controls the rules that apply to the entire network. The address of the Policy Admin is stored as a parameter within the module and is typically controlled by the Maroo network's governance mechanism.
Responsibilities
The Policy Admin has the authority to perform several key actions:
- Update Module Parameters: The admin can change its own address by submitting a
MsgUpdateParamstransaction. This allows for the transfer of administrative control. - Manage Policy Templates: The admin is responsible for registering new
PolicyTemplates and removing ones that are no longer needed (provided they are not in use). - Set Global Policies: The admin defines and updates the
GlobalPolicyConfig, which dictates the compliance rules enforced on all transactions network-wide.
Configuration and Control
The Policy Admin address is defined in the
Params of the x/pcl module. Initially, this can be an empty string. It is set or updated via the MsgUpdateParams message. The authority for this message is, by default, the x/gov module account. This means that changing the Policy Admin requires a successful on-chain governance proposal, ensuring decentralized control over this powerful role.Security Considerations
The security of the Policy Admin account is paramount. A compromised Policy Admin could potentially halt the network by setting a restrictive global policy (e.g., a denylist with a wildcard) or weaken compliance by removing necessary checks. The governance-based control mechanism is designed to mitigate this risk by requiring community consensus for any changes to the admin address.
Distinction from Contract Admin
It's important to distinguish the global
PolicyAdmin from a Contract Admin. While the PolicyAdmin sets network-wide rules, a Contract Admin (defined within a ContractPolicyConfig) only has permission to manage the policies for their specific smart contract. This allows for a separation of concerns between global network governance and individual application-level compliance.