Control models
Permissions
Privy wallets support granular permissions that allow you to:
- Enable custom ownership configurations, with single-party, multi-party, or quorum approvals
- Delegate permissions to third-parties or act on behalf of third-parties given their consent
- Enforce policies defining the actions a wallet can perform
Owners
The owner of a wallet has full control over the wallet, and has the ability to take actions with the wallet, enforce policies on the wallet, delegate permissions to third-parties (signers), and export the wallet’s private key. Owners can be set up as an authorization key (similar to an API secret) controlled by your server, a user ID in your authentication system, or a quorum of the two. Generally, your business should configure the owner of the wallet to be its primary controller.Signers
Owners of wallets can delegate certain transaction capabilities to third-parties known as signers, or additional signers. Signers enable your business to set up wallets such that third-parties can take action on behalf of your business or your business to take action on behalf of third-parties. For instance, your business may need to execute recurring transactions on behalf of a customer on a recurring basis, and can be granted the capability of a signer while the wallet is owned by the third-party. You can also enforce custom policies for signers to restrict the actions that a specific signer can take.Permissions
Owners and signers have different permissions over wallets, as outlined below.| Owners | Signers | |
|---|---|---|
| Sign messages | ✅ | ✅ |
| Send transactions | ✅ | ✅ |
| Update policies | ✅ | ❌ |
| Update owners | ✅ | ❌ |
| Update signers | ✅ | ❌ |
| Export wallet | ✅ | ❌ |
| Can be configured with policies | ✅ | ✅ |