Skip to main content

Best Practices for Secure and Scalable Policies

Principle of Least Privilege

Start with the most restrictive permissions and only grant additional access as needed
This minimizes potential security risks

Use Dynamic Segments Wisely

Leverage dynamic segments ($variableName) to generalize policies for similar data structures
Ensure that conditions within rules properly handle these dynamic segments

Explicitly Define Fields for On-Chain Data

Always specify fields and their data types when using on-chain storage
Mark optional fields with a ? suffix
This ensures that your smart contract accurately reflects your data schema

Validate Data Integrity

Use @data and @newData to enforce data integrity rules
For example, prevent fields from being modified after creation or ensure certain fields are not null

Consider On-Chain Costs

Be mindful of the costs associated with on-chain storage and operations
Only store essential data on-chain and keep hooks efficient

Use Batch Operations Wisely

Leverage getAfter() for referencing pending changes in batch operations
Ensure your rules properly validate the entire batch of changes

Principle of Least Privilege
Use Dynamic Segments Wisely
Explicitly Define Fields for On-Chain Data
Validate Data Integrity
Consider On-Chain Costs
Use Batch Operations Wisely