Access Control
Delegated Accounts
Delegated accounts start with no permissions and must be explicitly granted access. Permissions are granular, allowing vault owners to build precise guardrails by adding specific capabilities to each delegate. This approach enhances security by ensuring that delegates can only perform intended actions within the defined boundaries, reducing the risk of unauthorized operations and mistakes.
Permissions
The tables below list the core permissions available for delegated accounts across the GLAM protocol, grouped by Vault and Mint operations. For integration-specific permissions (e.g. Drift, Jupiter, Meteora), refer to the corresponding integration documentation.Vault
| Permission Enum | Description |
|---|---|
| TransferToAllowlisted | Transfer vault assets to allowlisted accounts |
| WSol | Wrap or unwrap SOL |
| EmergencyUpdate | Pause a tokenized vault during emergency |
Mint
Some Mint permissions apply only to standalone Mints, such as those used for tokenized offchain assets. These permissions require the corresponding Token Extensions to be enabled in order to function as intended. For tokenized vaults, only theMintSetTokenAccountState permission is meaningful; other Mint permissions do not apply.
| Permission Enum | Description |
|---|---|
| MintBurnTokens | Burn tokens from any account |
| MintForceTransferTokens | Force-transfer tokens between accounts |
| MintMintTokens | Mint new tokens |
| MintSetTokenAccountState | Freeze or unfreeze token accounts |