๐ฏ Role Assignment: Who Grants Permissions?
Learn how roles are assigned through governance or multisig
Design access control for DAO operations
Your Progress
0 / 5 completed๐ค Role Assignment Workflow
Granting roles is governance, not administration. Unlike Web2 (HR clicks button, user gets access), DAO role assignments go through on-chain governance processes: proposal creation, community debate, voting, and execution. For high-privilege roles (admin/moderator), this ensures transparency and accountability. Every role change is permanent on-chainโno HR database to edit, no "forgot to revoke access" incidents. Blockchain is the source of truth.
๐ฎ Interactive: Assignment Process Simulator
Step through the role assignment process for a DAO. See how different role types require different approval workflows.
Proposal Creation
IN PROGRESSAdmin creates role assignment proposal on-chain or via governance forum.
Community Discussion
SKIPPEDDAO members review the proposal, ask questions, and debate suitability.
Governance Vote
SKIPPEDToken holders vote on the proposal (required for admin/moderator roles).
Execution
If vote passes, admin executes role assignment transaction on-chain.
Verification
Role is recorded on-chain, emits event, and updates access control list.
๐ Role Assignment Best Practices
New contributors start as Member, not Moderator/Admin. Prove competence and alignment before elevation. Reduces insider attack surface. Can always upgrade later via governance.
Consider expiring roles after 6-12 months. Forces periodic re-evaluation. Moderators can become inactive or misalignedโautomatic expiry ensures fresh review. Gnosis Safe supports time-locked permissions.
Have fast-track process for revoking compromised roles. If admin wallet is hacked, you can't wait for 7-day governance vote. Multi-sig can execute emergency revocation, then justify to community after.
Maintain transparent list of all role holders with rationale. Forum post or GitHub doc listing who has what role and why. Builds trust and enables community oversight. Update whenever roles change.
For high-privilege roles, consider requiring doxxed identity or multi-party authentication. Anonymous admin can disappear with no recourse. Trade-off: privacy vs accountability. DAOs choose based on values.
๐๏ธ Real-World Examples
Protocol admins (can upgrade contracts) elected via MKR governance vote. Requires >50% quorum. Smart contract enforces 48h delay between vote passage and execution. Community can detect malicious upgrades and mobilize counter-vote.
All UNI governance participants visible on Tally.xyz. Shows who delegates to whom, voting history, and proposal creation. Enables community to track power concentration and hold delegates accountable.
ENS working group stewards elected for 1-year terms. Must re-apply with report of accomplishments. Prevents entrenched power, ensures active contributors. Lost election? Graceful transition, no hard feelings.
๐ก Key Insight
Role assignment is permanent by default in smart contracts (unlike Web2 databases where access can be edited). This immutability is both strength and weakness: Strength: Transparent audit trail, no silent privilege escalation. Weakness: Mistakes are expensive to fix (need governance vote to revoke). Solution? Build flexibility into the system: time-locked roles (auto-expire), revocation powers (multi-sig can emergency-revoke), and upgrade paths (can modify role logic if design flawed). Balance immutability with operational needs.