Last update: December 1, 2021

# Configure basic permissions¶

Basic network permissioning is a feature that controls which nodes can connect to a given node, and which nodes the given node can dial out to. Configure basic permissions by providing the –permissioned command line option when starting the node.

If --permissioned is set, the node looks for a file named <data-dir>/permissioned-nodes.json. This file contains the allowlist of enodes that this node can connect to and accept connections from. Only the nodes that are listed in the permissioned-nodes.json file become part of the network.

If --permissioned is specified but no nodes are added to the permissioned-nodes.json file, this node can neither connect to any nodes nor accept any incoming connections.

The permissioned-nodes.json file is structured as follows, which is similar to the <data-dir>/static-nodes.json file that is used to specify the list of static nodes a given node always connects to:

permissioned-nodes.json

[
"enode://[email protected]:port1",
"enode://[email protected]:port2",
"enode://[email protected]:port3",
]

[
"enode://6598638ac5b15ee386210156a43f565fa8c48592489d3e66ac774eac759db9eb5[email protected]127.0.0.1:30300"
]


Note

You can use DNS names instead of IP addresses to specify nodes in permissioned-nodes.json and static-nodes.json. Only bootnodes need to be specified with IP addresses.

Warning

Every node has its own copy of the permissioned-nodes.json file. If different nodes have different lists of remote keys, then each node may have a different list of permissioned nodes which may have an adverse effect on the network.