sudo_as

Call v101 → current #3

Dispatches a call with Signed origin from a specified account.

View calls on chain

Call Workflow

sudo_as

Sudo Call

Executes with root privileges

1. Validation

Signature, nonce, mortality, fees

Signature

Nonce

Mortality

Fee payment

2. Pre-dispatch

Permission & state checks

Permission checks

State validation

3. Dispatch

Execute logic, modify state

SudoAsDone

4. Post-dispatch

Final result & fee settlement

ExtrinsicSuccess

Fees settled

Svelte Flow

Click items to navigate. Pan and zoom to explore.

Used by: validatorsdevelopers

The Big Picture

sudo_as is a powerful impersonation tool - it lets the sudo key execute calls as if they were signed by any account. Unlike regular sudo (Root origin), this uses Signed origin, meaning the call appears to come from the specified user. This is useful for support operations but is extremely sensitive as it can act on any user's behalf.

Why This Matters

Sometimes administrators need to fix user issues that require their signature - like clearing stuck state or fixing misconfigurations. sudo_as allows this without needing the user's actual private key.

Example Scenario

A user's account has stuck funds due to a bug. Fixing it requires a signed call from that user. The sudo key holder calls sudo_as(who=user_account, call=fix_stuck_state()). The fix executes as if the user signed it. SudoAsDone reports success.

Common Questions

Can sudo_as do anything the user could do?: Yes, with Signed origin. It's as if that user signed the transaction. This is very powerful and should be used sparingly and transparently.
Does the target user know this happened?: The SudoAsDone event is recorded on-chain, providing an audit trail. Users can see these events if they monitor their account activity.

Use Cases

Execute calls on behalf of users for support/recovery
Testing user flows without needing user signatures
Emergency interventions on user accounts
Migration operations requiring user-signed calls

From Chain Metadata

Authenticates the sudo key and dispatches a function call with `Signed` origin from a given account. The dispatch origin for this call must be _Signed_. ## Complexity O(1).

Input Parameters

#	Name	Type	Description
0	who	MultiAddress	who (MultiAddress)
1	call	RuntimeCall	call (RuntimeCall)

Permissions

Origin

Root

Required Role

Root

Requirements

Signer must be the current sudo key
Target account must be valid
Call must be a valid runtime call

Effects

Events Emitted

SudoAsDone

Postconditions

The inner call is dispatched as if signed by the target account
SudoAsDone event emitted with call result

Side Effects

Target account may be affected as if they signed the call
Does not require target account's signature

Code Examples

import { ApiPromise, WsProvider } from "@polkadot/api";
import { stringCamelCase } from "@polkadot/util";

const provider = new WsProvider("wss://entrypoint-finney.opentensor.ai:443");
const api = await ApiPromise.create({ provider });

// Build sudo_as call
const who = 0 as any /* MultiAddress */;
const call = 0 as any /* RuntimeCall */;

const call = api.tx[stringCamelCase("Sudo")][stringCamelCase("sudo_as")](
  who,
  call
);

Runtime Info

Pallet Index: 12
Call Index: 3
First Version: v101
Current Version: v393

Back to Sudo Calls