Delegated accounts start with no permissions and must be explicitly granted access. Permissions are granular, allowing vault owners to build precise guardrails by adding specific capabilities to each delegate. This approach enhances security by ensuring that delegates can only perform intended actions within the defined boundaries, reducing the risk of unauthorized operations and mistakes.

Permissions

The tables below list the core permissions available for delegated accounts across the GLAM protocol, grouped by Vault and Mint operations.

For integration-specific permissions (e.g. Drift, Jupiter, Meteora), refer to the corresponding integration documentation.

Vault

Permission EnumDescription
TransferToAllowlistedTransfer vault assets to allowlisted accounts
WSolWrap or unwrap SOL
EmergencyUpdatePause a tokenized vault during emergency

Mint

Some Mint permissions apply only to standalone Mints, such as those used for tokenized offchain assets. These permissions require the corresponding Token Extensions to be enabled in order to function as intended. For tokenized vaults, only the MintSetTokenAccountState permission is meaningful; other Mint permissions do not apply.

Permission EnumDescription
MintBurnTokensBurn tokens from any account
MintForceTransferTokensForce-transfer tokens between accounts
MintMintTokensMint new tokens
MintSetTokenAccountStateFreeze or unfreeze token accounts