Step-by-step implementation
Step 1: Create a sub-organization with two root users
- Create your sub-organization with the two root users being:
- The end-user
- A user you control (we’ll call it the ‘Delegated Account’)
Step 2: Limit the permissions of the Delegated Account user via policies
- Create a custom policy granting the Delegated Account specific permissions. You might grant that user permissions to:
- Sign any transaction
- Sign only transactions to a specific address
- Create new users in the sub-org
- Or any other activity you want to be able to take using your Delegated Account