Skip to main content

Authorization Model

Private Ephemeral Rollups use a Permission Program to manage fine-grained privacy controls for accounts and account groups. This runs on Solana L1 and can be updated on the fly.
  • Permission Groups: Define groups with arbitrary membership and IDs via CPI. A group aggregates users and the accounts governed by its permissions.
  • Permissions: Add permissions to groups. Today a permission implies read access for the delegated account; read/write splits may be added in the future.
  • Access: Client access to permissioned ER state requires authenticating ownership of a specified public key. Successful authentication yields a token used to query the ER.
Private Ephemeral Rollup (devnet) endpoint: https://tee.magicblock.app?token= {authToken}. Replace {authToken} with your authorization token obtained from the TEE RPC to send requests.
This abstraction into groups lets you modify the permissions for many users/accounts atomically in a single transaction.

Access Control

Fine-grained Access Control

On-chain Privacy

Privacy Mechanisms and Concepts

Authorization

Authorization Framework

Compliance Framework

Compliance Standards and Guidelines