Role Based Access Control (RBAC)

spherex-protect is designed to comply with any governance structure, and its role-based access control allows delegating the maintenance of spherex-protect to anyone while maintaining full control of the protocol by the protocol owners.

SphereXProtected.sol and SphereXEngine.sol RBAC includes two roles:


The admin is the highest permissions entity, controlling both SphereXProtected and SphereXEngine. The admin sets/denounces the operator.

spherex recommends that the customer which is assigned the Admin role to be the owner of the dApp. It can also be assigned to the DAO, security council or any other entity.


The Operator is in charge of the maintenance of SphereXProtected and SphereXEngine. The operator has the permissions to perform the following actions:

  • SphereXProtected | Change the address of SphereXEngine (set protection on/off)

  • SphereXEngine | Enable / Disable protection

  • SphereXEngine | Add / Remove allowed fingerprints

  • SphereXEngine | Add / Remove protected contracts

Applying this RBAC allows delegating the operator role to any other entity to perform necessary maintenance while keeping the dApp owners in ultimate control . An Administrator can always renounce the operator and assume this role to control the protection, thus protecting the system from any hostile takeover or ransomware scenarios run by the operator.

Last updated