Authorization Model

Private Ephemeral Rollups use a Permission Program to manage fine-grained privacy controls for accounts and account groups. This runs on Solana L1 and can be updated on the fly.
  • Permission Groups: Define groups with arbitrary membership and IDs via CPI. A group aggregates users and the accounts governed by its permissions.
  • Permissions: Add permissions to groups. Today a permission implies read access for the delegated account; read/write splits may be added in the future.
  • Access: Client access to permissioned ER state requires authenticating ownership of a specified public key. Successful authentication yields a token used to query the ER.
TEE Ephemeral Rollup DevNet endpoint: https://tee.magicblock.app/
This abstraction into groups lets you modify the permissions for many users/accounts atomically in a single transaction.

Program Implementation

Add permissions via CPI

Client Implementation

Attestation, challenge, and access

Privacy Use Case

Build private, verifiable applications