The manager is the central authority for a collection, controlling all administrative operations. The manager executes actions according to permission rules defined in collectionPermissions.
constcollection:TokenCollection<bigint>={manager:'bb1kj9kt5y64n5a8677fhjqnmcc24ht2vy9atmdls',collectionPermissions:{ // Permissions define what the manager can do}, // ... other collection fields};
Setting Initial Manager
During collection creation:
constcollection:TokenCollection<bigint>={creator:'bb1alice...',manager:'bb1alice...',collectionPermissions:{canUpdateManager: [{permanentlyPermittedTimes: [{start:1n,end:18446744073709551615n}, ],permanentlyForbiddenTimes: [],}, ], // ... other permission fields}, // ... other collection fields};
No Manager
If you don't want a manager, set the manager to an empty string. Permission values don't matter when there's no manager:
Manager Capabilities
The manager can execute administrative actions according to permissions:
Updating collection metadata
Updating token metadata
Updating transferability (collection approvals)
Updating valid token IDs
Archiving the collection
Deleting the collection
Updating manager
And more...
All permissions are defined on-chain with time-based configuration, allowing permissions to change over time.
You may also implement off-chain permissions for the manager, but this is up to you and your use case.
User Permissions
User permissions control what individual users can do with their own badges and transfer approvals. Unlike manager permissions which control collection-wide administrative actions, user permissions control user-specific actions like updating auto-approve settings and managing their own incoming/outgoing transfer approvals.
These are almost always never needed unless in advanced situations. Typically, you just leave these soft-enabled (empty arrays) for all. These are only really needed in advanced situations where you want to lock down a user's ability to update their own approvals, such as escrow accounts.
Permissions
Permissions control which actions can be performed and when those actions can be executed. The manager executes administrative actions according to these permission rules.
Permission States
Permissions have three states:
State
Description
Behavior
Permanently Permitted
Action ALWAYS allowed (frozen)
Can be executed
Permanently Forbidden
Action ALWAYS blocked (frozen)
Cannot be executed
Neutral
Not specified
Allowed by default now, but can change state in future
Important: Once set to permanently permitted or forbidden, it can never changed. This is by design to act as a check and balance enforced on-chain.
First Match Policy
Permissions are evaluated as a linear array where each element has criteria and time controls. Only the first matching element is applied - all subsequent matches are ignored.
Key Rules:
First Match Only: Only the first element that matches all criteria is used
Deterministic State: Each criteria combination has exactly one permission state
No Overlap: Times cannot be in both permanentlyPermittedTimes and permanentlyForbiddenTimes
Order Matters: Array order affects which permissions are applied
canUpdateAutoApproveAllIncomingTransfers - Auto-approve all incoming transfers
Logic:
Examples:
Token ID Action Permissions
Control when token ID-based fields can be updated. These permissions match on tokenIds to determine which token IDs can be updated.
Token ID Action Permissions:
canUpdateValidTokenIds - Update valid token IDs
canUpdateTokenMetadata - Update token metadata
Logic:
Examples:
Token ID Action Permissions
Control which token-specific actions can be performed based on token IDs.
Available Actions:
canUpdateValidTokenIds - Update valid token ID ranges
Logic:
Examples:
Approval Permissions
Control when transfer approvals can be updated, allowing you to freeze specific transfer rules. These permissions match on transfer criteria (from, to, initiatedBy, transferTimes, tokenIds, ownershipTimes) and approval ID.
Available Actions:
canUpdateCollectionApprovals - Control collection-level approvals
canUpdateIncomingApprovals - Control incoming transfer approvals (user)
canUpdateOutgoingApprovals - Control outgoing transfer approvals (user)
Note: For user approvals, fromListId and toListId are automatically set:
Incoming: toListId is hardcoded to the user's address
Outgoing: fromListId is hardcoded to the user's address
Logic:
Approval Tuple: An approval tuple consists of: (from, to, initiatedBy, tokenIds, transferTimes, ownershipTimes, approvalId)
Examples:
Protection Strategies:
Specific Approval Lock: Lock a specific approval by its unique ID
Range Lock with Overlap Protection: Lock a token range AND all overlapping approvals
Complete Freeze: Lock all approvals for a collection
For each action request:
Check if current time is in permanentlyPermittedTimes
β If yes: ALLOW
β If no: Check if current time is in permanentlyForbiddenTimes
β If yes: DENY
β If no: ALLOW (neutral state)
For each token ID update request:
Check if token ID matches any tokenIds criteria
β If no match: ALLOW (neutral state)
β If match: Check if current time is in permanentlyPermittedTimes
β If yes: ALLOW
β If no: Check if current time is in permanentlyForbiddenTimes
β If yes: DENY
β If no: ALLOW (neutral state)
For each token action request:
Check if token ID matches any tokenIds criteria
β If no match: ALLOW (neutral state)
β If match: Check if current time is in permanentlyPermittedTimes
β If yes: ALLOW
β If no: Check if current time is in permanentlyForbiddenTimes
β If yes: DENY
β If no: ALLOW (neutral state)
For each approval update request:
Check if approval criteria match (from, to, initiatedBy, transferTimes, tokenIds, ownershipTimes, approvalId)
β If no match: ALLOW (neutral state)
β If match: Check if current time is in permanentlyPermittedTimes
β If yes: ALLOW
β If no: Check if current time is in permanentlyForbiddenTimes
β If yes: DENY
β If no: ALLOW (neutral state)
