I noticed on the Gnosis Safe Enterprise page that they mention a number of features that are beyond the default capabilities of the Gnosis Safe base contract. For example "Roles: define user hierarchies for role-based access control"
My googling seems to lead back to OpenZepplin Defender being used to create and manage a proxy for the Gnosis Safe contract. There are a few guides using Gnosis Multisig as an admin in Defender (example).
However, what I want is something slightly different and I am not sure what combination of Gnosis Safe modules, and safe apps and OpenZepplin products can be used to create what I need. My team wants to hold funds in a secure manner with our leadership having the multi-sig admin accounts, but also be able to delegate repetitive tasks to less secure signers (e.g. have a non-leadership employee go on SuperRare and do the data entry to mint and sign each of our NFTs)
- An upgradable and pausible Gnosis Safe contract
- A "superuser" or "admin" role which can:
- Have N total signers with this permission level
- Sign (n-1)/N threshold proposals for important things (transfer unbounded funds, upgrade contract, add/remove signers, pause the contract)
- A "default" role which can:
- Have any number of users with this permission level
- Unilaterally Mint ERC-721 tokens
- Has a time-limited allowance of gas coverage provided for them, allowing them to work but not drain the wallet adversarially with gas fees.
Any advice? Useful reads? Thank you.