# Messages

In this section we describe the processing of messages for the authz module.

# MsgGrant

An authorization grant is created using the MsgGrant message. If there is already a grant for the (granter, grantee, Authorization) triple, then the new grant overwrites the previous one. To update or extend an existing grant, a new grant with the same (granter, grantee, Authorization) triple should be created.

Copy message MsgGrant { string granter = 1; string grantee = 2; cosmos.authz.v1beta1.Grant grant = 3 [(gogoproto.nullable) = false]; }

The message handling should fail if:

  • both granter and grantee have the same address.
  • provided Expiration time is less than current unix timestamp.
  • provided Grant.Authorization is not implemented.
  • Authorization.MsgTypeURL() is not defined in the router (there is no defined handler in the app router to handle that Msg types).

# MsgRevoke

A grant can be removed with the MsgRevoke message.

Copy message MsgRevoke { string granter = 1; string grantee = 2; string msg_type_url = 3; }

The message handling should fail if:

  • both granter and grantee have the same address.
  • provided MsgTypeUrl is empty.

NOTE: The MsgExec message removes a grant if the grant has expired.

# MsgExec

When a grantee wants to execute a transaction on behalf of a granter, they must send MsgExec.

Copy message MsgExec { string grantee = 1; // Authorization Msg requests to execute. Each msg must implement Authorization interface // The x/authz will try to find a grant matching (msg.signers[0], grantee, MsgTypeURL(msg)) // triple and validate it. repeated google.protobuf.Any msgs = 2 [(cosmos_proto.accepts_interface) = "sdk.Msg, authz.Authorization"]; }

The message handling should fail if:

  • provided Authorization is not implemented.
  • grantee doesn't have permission to run the transaction.
  • if granted authorization is expired.