This is a work in progress to explain Steem Account Authorities in more detail. More examples will be added soon...
Basics
The Steem blockchain offers three different Authority Roles (Posting, Active and Owner), which each can be individually configured as described in this document. Authorities can be based on Public Keys (Key Auths) and Steem account names (Account Auths).
Depending on the type of operation that an account wants to broadcast to the Steem blockchain, the required Authority Role (permission level) changes. For example, for creating or voting a post the Posting Role will be used. For transferring funds from one account to another the Active Role will be used. For administrative account operations the Owner Role will be used.
The so called 'Weight Threshold' of each Authority Role defines how much total weight is required to successfully sign and broadcast (complete) a related transaction. Each authorized Public Key / Steem account must be assigned a weight, which specifies how much influence that key / account has on making use of the related Authority Role.
Memo Key
Additionally to the three regular Authority Roles every Steem account can have one Memo Key, which, as the name suggests, can be used to encrypt and decrypt memos in transfer operations. Transfer memos are being encrypted in such a way that both the sender and the receiver can decrypt it by combining the own Private and the other side's Public Memo Key.
So, it's impossible to read an encrypted message without having access to the sender's or the receiver's Private Memo Key.
Examples
Example 1
( most common, just one Public Key )
| User | Alice |
| Operation | Vote post |
| Required Role | Posting |
| Weight Threshold | 1 |
| Key Auths | |
| Account Auths | None |
In this example Alice wants to vote a post, therefore a Posting Authority is required to complete the transaction with the contained vote operation.
As she specified a Public Key (STM7a...) with Weight (1), the for her account's Posting Role defined Weight Threshold (1) can be fulfilled just by providing her Private Posting Key, which will be used to sign the transaction.
The blockchain will then check the signed transaction against the specified Public Key (STM7a...). As the Public Key is derived from her Private Key (which the system does not know), the blockchain can detect, if the given signature is correct and agree to confirm the transaction.
Example 2
( one Public Key and two DApps authorized to use Posting Role )
| User | Bob |
| Operation | Vote posts using an Autovote service |
| Required Role | Posting |
| Weight Threshold | 1 |
| Key Auths | |
| Account Auths |
|
In this example Bob wants to have voted a few posts of his favorite authors automatically, so he uses an Autovote service (dapp1). Despite the account dapp1 not having access to Bob's Private Posting Key, it can still broadcast votes from his account, because he authorized the service to use his Posting Role by adding an Account Authority for dapp1 in the Posting Role settings of his account.
Example 3
( Multisig account, used for advanced security )
| User | Company1 |
| Operation | Transfer funds |
| Required Role | Active |
| Weight Threshold | 100 |
| Key Auths | None |
| Account Auths |
|
This is an example of a company that uses a Multisignature Authority Role. Company1 wants to initiate a transfer of a huge amount of STEEM to one of their partners. For security and consensus reasons their main funding account does not have a Public Active Key assigned but instead they specified three Account Authorities (one for each owner of the company).
As the Weight Threshold was set to 100 and each owner's signature has a weight of 50, the signatures of at least two owners are required to successfully broadcast a transfer operation from that account.
Managing Account Authorities
SteemWorld offers a tool for editing Steem Account Authorities here:
https://steemworld.org/account-authorities
Information on how to use the tool can be found here:
New Tool for Managing Account Authorities
