Authorization Model

- Permission Groups: Define groups with arbitrary membership and IDs via CPI. A group aggregates users and the accounts governed by its permissions.
- Permissions: Add permissions to groups. Today a permission implies read access for the delegated account; read/write splits may be added in the future.
- Access: Client access to permissioned ER state requires authenticating ownership of a specified public key. Successful authentication yields a token used to query the ER.
TEE Ephemeral Rollup DevNet endpoint: https://tee.magicblock.app/