Creating Policies

Edit online

Policies are a programmable set of safeguards which can be configured to validate actions taken in your organization.

About this task

You must sett up three initial Policies in order to lock down your organization:
Permission Assignment
Requires quorum approval before assigning permissions to any user. This way a rogue admin cannot create fake users with elevated permissions by himself.
Permission Modification
Ensure permission sets cannot be modified without quorum approval, to prevent a rogue actor to elevate existing roles by whitelisting extra actions.
Policy Modification
A policy preventing to change policies. That’s to make sure your established policies stay in place and a quorum approval is required for modifications. Those are actually the first 3 options available when you follow the policy creation flow on the dashboard.
In the following procedure, you will control transactions by whitelisting specific recipient addresses and raise approval requests for others.

Procedure

  1. On the dashboard, navigate to Org > Policies and then click New Policy
    Figure 1. Policies
    A page displaying an option to create New Policy
  2. Select the targeted activity and then click Continue.
    For example, select Wallet usage (transfer, transaction, signature)
  3. Select the rule to evaluate.
    The policy is triggered when the rules conditions are met. For example, select Transaction recipient whitelist, click Configuration and, then paste the whitelisted destination wallet address. All transactions to this wallet address will go through, while all others will trigger the policy.
  4. Select an action and then click Continue.
    When a transaction triggers the policy filters, then there are different actions you can take. In this example, we will request approval from another user.

    Select Request Approval, and add an Approver group, with a quorum of 1, then click Any Employee and select the employee who should approve the transaction.

    Note: The user triggering the action can never approve it the request. Make sure that the approvers are not the same users who issues the request.
  5. Finish the configuration
    Review the summary. Click Save and sign it using the passkey.
    Figure 2. Save policy
    Summary page to review the defined policy and save it.