NEAR uses account identifiers that are readable by humans in the format name.near. For example, maria.near or jane.near.
The NEAR account system is similar to the website domain system in the sense that an account can create as many sub accounts as needed. For example, an account with the name maria.near can create an account like sub.maria.near, and it in turn can create the accounts first.sub.masha.near, second.sub.maria.near and so on.
Besides visible accounts (name.near type), the NEAR ecosystem also supports the creation of invisible accounts with the help of near-cli (they look similar to Bitcoin and Ethereum addresses). You can find a detailed English guide here
Every account in the system can have only 1 smart-contract. For apps that require the user to use multiple smart contracts child accounts can be used. For example contract_1.maria.near, contract_2.maria.near, etc.
NEAR like most other blockchains is based on cryptography with an open key. It relies on pairs of keys each of which consists of an open key (public key) matched with a closed key (private key).
NEAR uses the open key for identification and the closed key for signing transactions (confirmation of account ownership during transaction creation).
In NEAR there are 3 types of keys. Access keys are for signing transactions from the account, validator keys allow for operations relating to network validation, node keys (network node) allow for low-level communication between nodes on the network.
Keys can be stored in 3 different storages. InMemoryKeyStore – memory storage, used for temporary scenarios. BrowserLocalStorageKeyStore – unencrypted local browser storage, used to work with applications in the browser. UnencryptedFileSystemKeyStore – unencrypted storage in the file system, used when working with near-cli.
An account can have multiple access keys or none.
Keys can have different access levels – FullAccess (full access) or FunctionCall (only the ability to call contract methods).
All keys are unique within one account, but the public key can be assigned to different accounts with different access levels. The access level determines what actions in the account can be performed with this key.
For the FullAccess access level, all 8 types of actions are available: CreateAccountAction (create an account), DeployContractAction (deploy a contract), FunctionCallAction (call contract methods), TransferAction (send tokens to another account), StakeAction (staking tokens), AddKeyAction (add a key to an account), DeleteKeyAction (delete an account key), DeleteAccountAction (delete an account).
For the FunctionCall access level, only the FunctionCallAction is available (calling contract methods). Also, for such a key, you can specify which contract methods it can call.