Policies
Security and control policies
Smart Accounts provide flexible security and control through various policy mechanisms. This guide explains the key policies and how to use them effectively.
Policies
Policies are defined when creating a new smart account using the /smart-accounts endpoint. The policies object contains the following key components:
Authorities
Authorities are the entities that can perform actions on the smart account. Each authority has a set of permissions that define what actions they can take.
Permission Types
The following permissions can be assigned to authorities:
CAN_INITIATE: Required to propose new intentsCAN_VOTE: Required to approve intentsCAN_EXECUTE: Required to execute approved intents
Example Configuration
Threshold
The threshold defines how many authorities must approve an intent. This creates a flexible M-of-N multisig setup.
Rules
- Must be greater than 0
- Cannot exceed the number of signers with CAN_VOTE permission
- Maximum value is 10
Example Configuration
Admin Control
Admin control is an optional security feature that restricts who can modify Smart Account settings. When an admin address is set, only that address can modify the account’s configuration.
Example Configuration
Creating a Smart Account with Policies
To create a smart account with policies, use the /smart-accounts endpoint:
Retrieving Smart Account Policies
To retrieve the policies for a smart account, use the /smart-accounts/{smart_account_address} endpoint with the policies query parameter:
Best Practices
-
Authorities
- Separate duties between authorities
- Limit CAN_INITIATE to trusted parties
- Have multiple CAN_EXECUTE authorities for redundancy
-
Threshold
- Choose threshold based on security needs
- Consider operational efficiency
- Plan for key rotation
-
Admin Control
- Use admin control for managed accounts
- Keep admin keys secure and offline
- Consider using a multisig as admin