activity.resource
portion determines which activities can be performed. The activity.action
determines what types of actions can be taken upon those resources.
ACTIVITY_TYPE_CREATE_READ_WRITE_SESSION_V3
(upgraded from ACTIVITY_TYPE_CREATE_READ_WRITE_SESSION_V2
)
and a request is made with the newer V3
version, this policy with not allow that user to perform ACTIVITY_TYPE_CREATE_READ_WRITE_SESSION_V3
activities.
ApproveAgent
operationsTransfer
, TransferChecked
and TransferCheckedWithFee
instructions across both the Solana Token Program and the Solana Token 2022 Program.
Some important context for using SPL token policies with Turnkey:
Token Account Addresses For context, Solana implements SPL token balances for a particular wallet address by creating a whole new account called a “token account” which has a pointer in its data field labeled “owner” that points back to the wallet address in question. So to hold a particular token in your Solana wallet, you have to have to create a new token account meant to hold that token, owned by your Solana wallet. For policies related to the receiving token address of an SPL transfer, the token address receiving the tokens will have to be used, NOT the wallet address that is the owner for the receiving token address. This is because, while both the owning wallet address and the receiving token address are specified in the transfer instruction, the owning wallet address of the recipient token address is not specified. For this we highly recommend using the convention of “associated token addresses” to set policies that, for example, allow SPL token transfers to a particular wallet address.
For further context on associated token addresses check out Solana’s documentation on it: https://spl.solana.com/associated-token-account
TransferChecked
and TransferCheckedWithFee
. For transactions constructed using the simple Transfer
method, the mint account will be considered empty.
Here are some example policies for SPL transfers: