If I have the code
submitMulti [alice, bob, charlie] [] $ _
Should this ever fail with
Scenario execution failed to commit ... failed due to missing authorization from bob
?
I’m seeing this behaviour and happy to share a more complex example.
Unfortunately I can’t find much documentation beyond the API reference for submitMulti to try and debug further.
submitMulti does not change the authorization rules in Daml at all. Within a choice you still only have authorization of the signatories of the contract and the controllers of the choice. This is crucial to allow local reasoning about authorization. So a minimal example of something similar to your example is the following:
module Main where
import Daml.Script
template T
with
p : Party
q : Party
where
signatory p
nonconsuming choice CreateT : ContractId T
controller p
do create T with p = q, q
test = do
p <- allocateParty "p"
q <- allocateParty "q"
cid <- submit p $ createCmd (T p q)
-- fails due to missing authorization from q
submitMulti [p, q] [] $ exerciseCmd cid CreateT
What submitMulti allows (and the exact same thing applies to using multiple actAs parties on the ledger API) is to have more than one authorizer for the root commands of your transaction. So you could do a bare create that requires signatures from p and q or call a choice that has both p and q as controllers.
But within the body of a choice you only have authorization of signatories & controllers and there is no way to change that.
Your minimal example was indeed exactly what was happening in my code; that was very helpful, thank you.