Revoke a Permission

Revocation invalidates an existing permission. According to the spec, this method can be called by one of three actors:

An ancestor validator in the permission branch (up to the root ECOSYSTEM permission).
The grantee (self‑revocation), regardless of schema mode (OPEN, GRANTOR, ECOSYSTEM).
The Trust Registry controller (owner of the credential schema).

Preconditions

id (uint64) is provided.
Load Permission entry applicant_perm from id; it must exist.
applicant_perm is a valid permission (not terminated or otherwise invalid).

Option #1 — Ancestor validator

If applicant_perm.validator_perm_id is defined:

Set validator_perm = applicant_perm.
While validator_perm.validator_perm_id is defined:
- Load validator_perm from validator_perm.validator_perm_id.
- If validator_perm is a valid permission and validator_perm.grantee equals the account executing the method → allowed.
If none matched → not allowed.

Option #2 — Trust Registry controller

Option #3 — Grantee

When preconditions pass, the transaction performs:

Define now (current timestamp).
Load applicant_perm from id.
Set:
- applicant_perm.revoked = now
- applicant_perm.modified = now
- applicant_perm.revoked_by = <caller account>

Note: Per the current spec, revocation does not adjust deposits in this method.

veranad tx perm revoke-perm <perm-id> \
  --from <user> --chain-id <chain-id> --keyring-backend test \
  --fees <amount> --gas auto --node $NODE_RPC

PERM_ID=10
veranad tx perm revoke-perm $PERM_ID --from $USER_ACC --chain-id $CHAIN_ID \
  --keyring-backend test --fees 600000uvna --node $NODE_RPC

veranad q perm list-permissions --node $NODE_RPC --output json \
| jq '.permissions[] | select(.id == "'$PERM_ID'")'

Check that revoked is set and revoked_by matches the caller.

plantuml