Permissions

How Permissions Work

Apps and creators need to stay in control of what other apps are able to use their assets. Here's how permissions work in Asset Layer to keep apps and creators in control.

Permissions Between Apps

Apps grant permissions to other apps. An app can request two levels of access to another app, read-only or read-and-transfer. An app with read-only access to another app can see assets from that other app. If a user logs into your app, then you can see that user's assets which belong to any app that you have at least read-only permission for. If you have read-and-transfer permission, you can also initiate an asset transfer between two users or access marketplace functions.

Permissions From Users to Apps

When a user authenticates with an app, they grant permission to that app to access their assets. The level of access is determined by the permissions the app has from other apps. An app will always have the ability to read, edit, and transfer assets which were created as a part of that app as long as the user which owns that asset is authenticated. An app will be able to read, edit, or transfer assets which originate from other apps and are owned by the authenticating user depending on the permission levels granted by those other apps.

For example, if App A has a read-only permission from App B, then when a user logs into App A, App A will be able to see the NFTs that user owns from both App A and App B. But, App A will only be able to transfer and edit the assets the user owns from App A.