# Authorization and Grant
x/authz module defines interfaces and messages grant authorizations to perform actions
on behalf of one account to other accounts. The design is defined in the ADR 030.
A grant is an allowance to execute a Msg by the grantee on behalf of the granter.
Authorization is an interface that must be implemented by a concrete authorization logic to validate and execute grants. Authorizations are extensible and can be defined for any Msg service method even outside of the module where the Msg method is defined. See the
SendAuthorization example in the next section for more details.
Note: The authz module is different from the auth (authentication) module that is responsible for specifying the base transaction and account types.
# Built-in Authorizations
The Cosmos SDK
x/authz module comes with following authorization types:
SendAuthorization implements the
Authorization interface for the
cosmos.bank.v1beta1.MsgSend Msg. It takes a
SpendLimit that specifies the maximum amount of tokens the grantee can spend. The
SpendLimit is updated as the tokens are spent.
spend_limitkeeps track of how many coins are left in the authorization.
GenericAuthorization implements the
Authorization interface that gives unrestricted permission to execute the provided Msg on behalf of granter's account.
msgstores Msg type URL.
In order to prevent DoS attacks, granting
x/authz incurs gas.
StakeAuthorization allows you to authorize another account to delegate, undelegate, or redelegate to validators. The authorizer can define a list of validators they allow or deny delegations to. The Cosmos SDK iterates over these lists and charge 10 gas for each validator in both of the lists.