Update sns-asset-canister.md

docs/developer-docs/integrations/sns/managing-sns/sns-asset-canister.md

@@ -6,14 +6,22 @@ The [asset canister](https://github.com/dfinity/sdk/tree/master/src/canisters/fr
 
 In the context of the SNS, a dapp's associated asset canister serves the frontend assets related to dapp and may also include a frontend to the SNS DAO, e.g., through which users can vote on governance proposals.  
 
-The contents of the asset canister must be configured prior to the launch of the SNS, and any changes afterwards must be made by a principal with the permission to do so. The SNS is the only one that can update the list of approved principals that have this permission, and any changes to this list must be approved on via an SNS proposal. This configuration assures that changes to the asset canister are only made by authorized principals that the SNS has agreed on through proposals. These changes are referred to as 'upgrades' to the asset canister in the remainder of this document. 
-
-When a dapp's control is handed over to an SNS, this is also true for the associated asset canister.
+The contents of the asset canister must be configured prior to the launch of the SNS, and any changes afterwards must be made by a submitting a proposal by a principal with the permission to do so. Once changes are proposed, they can be voted on by the SNS DAO. If approved, the SNS governance canister is the only one that can commit the approved changes.  This configuration assures that changes to the asset canister are only made by approved proposals. These changes are referred to as 'upgrades' to the asset canister in the remainder of this document. 
 
 This section is relevant if your project contains an asset canister and describes how you can test handing over control of an asset canister to an SNS.
 
 ## Deploying an asset canister
 
+An asset canister must first be deployed before control of it can be handed over to an SNS. When a dapp's control is handed over to an SNS, this is also true for the associated asset canister.
+
+The general overview of deploying an asset canister during an SNS launch is as follows:
+- First, the asset canister must be created with or upgraded to a Wasm file from [dfx 0.14.1+](https://github.com/dfinity/sdk/blob/release-0.14.1/src/distributed/assetstorage.wasm.gz).
+- Then, the dapp should hand control of the asset canister over to the SNS by setting the following permissions:
+    - The SNS governance canister is given `Commit` permissions. This is done by the previous developer using the `grant_permissions` command (see the granting permissions section below), otherwise the SNS must grant this permission once it is a controller.
+    - A whitelist of principals with `Prepare` permissions used to submit proposals is created.
+    - The user or developer creating the SNS should remove their own personal permissions. 
+- Lastly, the SNS's function should be registered to commit the configuration.
+
 To deploy an asset canister, first you will need an `assets.wasm.gz` file and a `candid/assets.did` file. Examples of these files can be downloaded with the commands:
 
 ```
@@ -56,15 +64,17 @@ Next, you will need to configure your `dfx.json` file to specify your asset cani
 }
 ```
 
-### Deploying locally
+Alternatively, any canister in the `dfx.json` file can be set as `"type": "assets"`, and dfx will automatically perform the above steps. 
+
+### Deploying locally for testing
 
 To deploy your asset canister locally for testing purposes, the following command can be used:
 
 ```
 dfx deploy assets --network "local" --no-wallet
 ```
 
-Once the asset canister has been deployed, the SNS can be launched. You can learn more about launching an SNS [here](../launch-sns/launch-sns.md).
+The asset canister should be deployed and have permissions configured before the dapp is handed over to an SNS. 
 
 ### Deploying on the mainnet
 
@@ -78,13 +88,69 @@ To deploy your asset canister to the mainnet, the following command can be used:
 dfx deploy assets --network "ic" --wallet <principal>
 ```
 
-Once the asset canister has been deployed, the SNS can be launched. You can learn more about launching an SNS [here](../launch-sns/launch-sns.md)
+The asset canister should be deployed and have permissions configured before the dapp is handed over to an SNS. 
+
+## Configuring an asset canister's permissions
+
+When configuring an asset canister, a set of permissions that contains a whitelist of principals must be created. This whitelist details who is allowed submit proposals that update assets in the asset canister. This whitelist must be configured prior to the SNS launch. Principals that are allowed to submit proposals are given the `Prepare` permission.
+
+Before the SNS can be launched, control of the asset canister must be handed over to the SNS. The SNS' governance canister should be added to the whitelist as a principal with `Commit` rights. Only principals with `Commit` rights may apply proposed changes. 
+
+Once the asset canister has been handed over to the SNS, only the governance canister should have `Commit` rights, and principals in the whitelist should have `Prepare` rights. The developer who configured and deployed the SNS should have their permissions removed prior to launching the SNS. 
+
+If the whitelist needs to be adapted or changed, the SNS can call `take_ownership` via a proposal, which must be added as a custom proposal type. This will clear all permissions, and give only the SNS governance canister `Commit` permissions. 
+
+### Granting permissions
+
+To grant a principal permission within an asset canister, the following command can be used:
+
+```
+dfx canister call --network ic <canister-id> grant_permission <principal>
+```
+
+### Revoking permissions
+
+To revoke a principal's permission within an asset canister, the following command can be used:
+
+```
+dfx canister call --network ic <canister-id>  revoke_permission <principal>
+```
+
+### Listing permissions
+
+To list permissions for an asset canister, the following command can be used:
+
+```
+dfx canister call --network ic <canister-id> list_permitted '(record {permission = variant {<Permission>}})'
+```
+
+For example, to list all principals with the `Commit` permission:
+
+```
+dfx canister call --network ic oa7fk-maaaa-aaaam-abgka-cai list_permitted '(record {permission = variant {Commit}})'
+```
+
+To list all principals with the `Prepare` permission:
+
+```
+dfx canister call --network ic oa7fk-maaaa-aaaam-abgka-cai list_permitted '(record {permission = variant {Commit}})'
+```
+
+Once the asset canister has been deployed and permissions have been configured, the SNS can be launched. You can learn more about launching an SNS [here](../launch-sns/launch-sns.md)
+
+## SNS GenericNervousSystemFunctions
+
+To submit a new `AddGenericNervousSystemFunction` SNS Proposal to support the `commit_proposed_batch` API, the target canister id should be the asset canister (that is upgraded in the upgrade steps below) and the target function is `commit_proposed_batch`. The validate function should be `validate_commit_proposed_batch`. 
+
+To submit an `ExecuteNervousSystemFunction` SNS Proposal with the output from `dfx deploy <frontend canister name> --network ic --by-proposal` see upgrade steps below.
 
 ## Submitting an SNS proposal and upgrading an asset canister
 
-- #### Step 1: First, upgrade the asset canister (by proposal, as with any other canister) to the asset canister wasm bundled with dfx 0.14.1, available [here](https://github.com/dfinity/sdk/blob/release-0.14.1/src/distributed/assetstorage.wasm.gz).
+Once an asset canister is under the control of the SNS, any changes must be done via an SNS proposal. 
+
+Before submitting an SNS proposal to upgrade an asset canister, assure that the asset canister has been upgraded (by proposal) to use the Wasm bundled with [dfx 0.14.1+](https://github.com/dfinity/sdk/blob/release-0.14.1/src/distributed/assetstorage.wasm.gz).
 
-- #### Step 2: After upgrading the asset canister by proposal, have someone with `Prepare` permission run:
+- #### Step 1: To submit an SNS proposal, first have a principal with `Prepare` permission run:
 
 ```
 dfx deploy <frontend canister name> --network ic --by-proposal
@@ -96,17 +162,17 @@ The output will contain something like this:
 Proposed commit of batch 2 with evidence e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855. Either commit it by proposal, or delete it.
 ```
 
-- #### Step 3: Save the batch number and the evidence value for use with the asset canister API.
+- #### Step 2: Save the batch number and the evidence value for use with the asset canister API.
 
-- #### Step 4: To ensure that others would be able to verify the evidence in the proposal, have someone else clone the dapp repo and run:
+- #### Step 3: To ensure that others would be able to verify the evidence in the proposal, have someone else clone the dapp repo and run:
 
 ```
 dfx deploy <frontend canister name> --network ic --compute-evidence
 ```
 
 The computed evidence should match the evidence from step 2.
 
-- #### Step 5: Submit a new proposal to commit the batch, using the APIs below:
+- #### Step 4: Submit a new proposal to commit the batch, using the APIs below:
 
 Use these asset canister APIs in the proposal:
 
@@ -135,12 +201,7 @@ If the proposal is rejected, the preparer should use this new asset canister API
 ```
 
 
-## Asset canister examples
+## Asset canister example
 
 An example of an SNS asset canister is canister `sqbzf-5aaaa-aaaam-aavya-cai`, which is an asset canister part of the [Dragginz Dapp SNS](https://dashboard.internetcomputer.org/canister/sqbzf-5aaaa-aaaam-aavya-cai).
 
-## SNS GenericNervousSystemFunctions
-
-To submit a new `AddGenericNervouSystemFunction` SNS Proposal to support the `commit_proposed_batch` API, the target canister id should be the asset canister (that is upgraded in upgrade steps) and the target function is `commit_proposed_batch`. The validate function should be `validate_commit_proposed_batch`. 
-
-To submit an `ExecuteNervousSystemFunction` SNS Proposal with the output from `dfx deploy <frontend canister name> --network ic --by-proposal` see upgrade steps above.