Permission Delegation
Account permission delegation functionality is part of the proposed XLS-75d extension to the XRP Ledger protocol. You can use these functions on test networks for now. Until there is an amendment in a stable release, the details documented on these pages are subject to change.
XRPL accounts can delegate both transaction permissions and granular permissions to other accounts, enhancing flexibility and enabling use cases such as implementing role-based access control. This delegation is managed using the DelegateSet transaction.
Assigning Permissions
You can assign permissions to another account by submitting a DelegateSet transaction.
tx_json = {
"TransactionType": "DelegateSet",
"Account": "rDelegatingAccount",
"Authorize": "rDelegatedAccount",
"Permissions": [
{
"Permission": {
"PermissionValue": "Payment"
}
}
]
} | Field | Description |
|---|---|
Account | The address of the account that is delegating the permission(s). |
Authorize | The address of the account that is being granted the permission(s). |
Permissions | An array of permission objects, specifying the permissions to delegate. Each permission is defined within a Permission object, using the PermissionValue field. See [XLS-74d, Account Permissions] for a complete list of valid PermissionValues. |
Updating Permissions
Sending a new DelegateSet with the same Account and Authorize fields updates and replaces the permission list.
Revoking Permissions
Permissions can be revoked using the DelegateSet transaction. There are two ways to revoke permissions:
Revoke All Permissions
To revoke all permissions previously granted to a delegated account, send a DelegateSet transaction with an empty Permissions array:
tx_json = {
"TransactionType": "DelegateSet",
"Account": "rDelegatingAccount",
"Authorize": "rDelegatedAccount",
"Permissions": []
}Revoke Specific Permissions
To revoke specific permissions, send a DelegateSet transaction that includes only the permissions that should remain active. Any permissions previously granted to the Authorize account that aren't included in the Permissions array are revoked.
Sending Transactions with Delegated Permissions
When an account has been granted permissions, it can send transactions on behalf of the delegating account using the Delegate field.
For example, if rDelegatingAccount has delegated the TrustSet permission to rDelegatedAccount, then rDelegatedAccount can submit a TrustSet transaction on behalf of rDelegatingAccount as follows:
transaction_json = {
"TransactionType": "TrustSet",
"Account": "rDelegatingAccount",
"Delegate": "rDelegatedAccount",
"LimitAmount": {
"currency": "USD",
"issuer": "rIssuerAccount",
"value": "1000"
}
} | Field | Description |
|---|---|
Account | The address of the account that granted permission for the transaction (the delegating account). |
Delegate | The address of the account submitting and signing the transaction. This must be the account that was granted permission (the delegated account). |
The account that sends this transaction is rDelegatedAccount, although the Account field is the rDelegatingAccount. The secret for this transaction is the rDelegatedAccount secret, which means rDelegatedAccount signs the transaction.
Error Cases
If the
PermissionDelegationfeature is not enabled, returntemDISABLED.If the rDelegatedAccount is not authorized by the rDelegatingAccount for the transaction type or satisfying the granular permissions given by rDelegatingAccount, the transaction returns
tecNO_DELEGATE_PERMISSION.If the rDelegatedAccount does not have enough balance to pay the transaction fee, the transaction returns
terINSUF_FEE_B. (rDelegatedAccount pays the fee, which is the sender inDelegatefield, not theAccountfield).If the transaction creates a ledger object, but rDelegatingAccount does not have enough balance to cover the reserve, the transaction returns
tecINSUFFICIENT_RESERVE.If the key used to sign this account does not match with rDelegatedAccount, the transaction returns
rpcBAD_SECRET.
Any other errors are the same as when the rDelegatingAccount sends transaction for itself.
- Delegating permissions grants significant control. Ensure you trust the delegated account.
- The account specified in the
Delegatefield is responsible for paying the transaction fee. - A delegated account can only perform actions that have been explicitly permitted.