Allow a specific user to create wallets
Allow users with a specific tag to create users
Require two users with a specific tag to add policies
Deny all delete actions for users with a specific tag
Allow a specific user (e.g. API-only user) to create a sub-org
Allow a specific user to perform auth type activities (full list here)
Note: Theactivity.resource
portion determines which activities can be performed. The activity.action
determines what types of actions can be taken upon those resources.
Allow a specific user to perform generic OTP activities
Allow a specific user to perform a specific activity type (full list here)
Note: Activities may be upgraded over time, and thus new versions may be introduced. These policies will NOT be valid if an activity type is upgraded and requests are made on the new activity type. For example, if Turnkey introducesACTIVITY_TYPE_CREATE_READ_WRITE_SESSION_V3
(upgraded from ACTIVITY_TYPE_CREATE_READ_WRITE_SESSION_V2
)
and a request is made with the newer V3
version, this policy with not allow that user to perform ACTIVITY_TYPE_CREATE_READ_WRITE_SESSION_V3
activities.
JSON
Allow a specific credential type to perform a specific action (full list of credential types here)
This policy can be used to say, only passkeys are allowed to sign transactions and not authentication through SMS (or any other authentication method).JSON
Allow a specific credential with a specific public key type to perform a specific action
JSON