<span><svgxmlns="http://www.w3.org/2000/svg"aria-hidden="true"focusable="false"x="0px"y="0px"viewBox="0 0 100 100"width="15"height="15"class="icon outbound"><pathfill="currentColor"d="M18.8,85.1h56l0,0c2.2,0,4-1.8,4-4v-32h-8v28h-48v-48h28v-8h-32l0,0c-2.2,0-4,1.8-4,4v56C14.8,83.3,16.6,85.1,18.8,85.1z"></path><polygonfill="currentColor"points="45.7,48.7 51.3,54.3 77.2,28.5 77.2,37.2 85.2,37.2 85.2,14.9 62.8,14.9 62.8,22.9 71.5,22.9"></polygon></svg><spanclass="sr-only">(opens new window)</span></span></a></div><!----></nav><ulclass="sidebar-links"><li><sectionclass="sidebar-group depth-0"><pclass="sidebar-heading"><span>Getting Started</span><!----></p><ulclass="sidebar-links sidebar-group-items"><li><ahref="/anchor/getting-started/introduction.html"class="sidebar-link">Introduction</a></li><li><ahref="/anchor/getting-started/installation.html"class="sidebar-link">Installing Dependencies</a></li></ul></section></li><li><sectionclass="sidebar-group depth-0"><pclass="sidebar-heading"><span>Teams</span><!----></p><ulclass="sidebar-links sidebar-group-items"><li><ahref="/anchor/getting-started/projects.html"class="sidebar-link">Projects</a></li></ul></section></li><li><sectionclass="sidebar-group depth-0"><pclass="sidebar-heading open"><span>Tutorials</span><!----></p><ulclass="sidebar-links sidebar-group-items"><li><ahref="/anchor/tutorials/tutorial-0.html"class="sidebar-link">A Minimal Example</a></li><li><ahref="/anchor/tutorials/tutorial-1.html"class="sidebar-link">Arguments and Accounts</a></li><li><ahref="/anchor/tutorials/tutorial-2.html"aria-current="page"class="active sidebar-link">Account Constraints and Access Control</a><ulclass="sidebar-sub-headers"><liclass="sidebar-sub-header"><ahref="/anchor/tutorials/tutorial-2.html#clone-the-repo"class="sidebar-link">Clone the Repo</a></li><liclass="sidebar-sub-header"><ahref="/anchor/tutorials/tutorial-2.html#defining-a-program"class="sidebar-link">Defining a Program</a></li><liclass="sidebar-sub-header"><ahref="/anchor/tutorials/tutorial-2.html#next-steps"class="sidebar-link">Next Steps</a></li></ul></li><li><ahref="/anchor/tutorials/tutorial-3.html"class="sidebar-link">Cross Program Invocations (CPI)</a></li><li><ahref="/anchor/tutorials/tutorial-4.html"class="sidebar-link">Errors</a></li></ul></section></li><li><sectionclass="sidebar-group depth-0"><pclass="sidebar-heading"><span>CLI</span><!----></p><ulclass="sidebar-links sidebar-group-items"><li><ahref="/anchor/cli/commands.html"class="sidebar-link">Commands</a></li></ul></section></li><li><sectionclass="sidebar-group depth-0"><pclass="sidebar-heading"><span>Source Verification</span><!----></p><ulclass="sidebar-links sidebar-group-items"><li><ahref="/anchor/getting-started/verification.html"class="sidebar-link">Verifiable Builds</a></li><li><ahref="/anchor/getting-started/publishing.html"class="sidebar-link">Publishing Source</a></li></ul></section></li></ul></aside><mainclass="page"><divclass="theme-default-content content__default"><h1id="account-constraints-and-access-control"><ahref="#account-constraints-and-access-control"class="header-anchor">#</a> Account Constraints and Access Control</h1><p>This tutorial covers how to specify constraints and access control on accounts, a problem
somewhat unique to the parallel nature of Solana.</p><p>On Solana, a transaction must specify all accounts required for execution. And because an untrusted client specifies those accounts, a program must responsibly validate all such accounts are what the client claims they are--in addition to any instruction specific access control the program needs to do.</p><p>For example, you could imagine easily writing a faulty token program that forgets to check if the <strong>signer</strong> of a transaction claiming to be the <strong>owner</strong> of a Token <code>Account</code> actually matches the <strong>owner</strong> on that account. Furthermore, imagine what might happen if the program expects a <code>Mint</code> account but a malicious user gives a token <code>Account</code>.</p><p>To address these problems, Anchor provides several types, traits, and macros. It's easiest to understand by seeing how they're used in an example, but a couple include</p><ul><li><ahref="https://docs.rs/anchor-lang/latest/anchor_lang/derive.Accounts.html"target="_blank"rel="noopener noreferrer">Accounts<span><svgxmlns="http://www.w3.org/2000/svg"aria-hidden="true"focusable="false"x="0px"y="0px"viewBox="0 0 100 100"width="15"height="15"class="icon outbound"><pathfill="currentColor"d="M18.8,85.1h56l0,0c2.2,0,4-1.8,4-4v-32h-8v28h-48v-48h28v-8h-32l0,0c-2.2,0-4,1.8-4,4v56C14.8,83.3,16.6,85.1,18.8,85.1z"></path><polygonfill="currentColor"points="45.7,48.7 51.3,54.3 77.2,28.5 77.2,37.2 85.2,37.2 85.2,14.9 62.8,14.9 62.8,22.9 71.5,22.9"></polygon></svg><spanclass="sr-only">(opens new window)</span></span></a>: derive macro implementing the <code>Accounts</code><ahref="https://docs.rs/anchor-lang/latest/anchor_lang/trait.Accounts.html"target="_blank"rel="noopener noreferrer">trait<span><svgxmlns="http://www.w3.org/2000/svg"aria-hidden="true"focusable="false"x="0px"y="0px"viewBox="0 0 100 100"width="15"height="15"class="icon outbound"><pathfill="currentColor"d="M18.8,85.1h56l0,0c2.2,0,4-1.8,4-4v-32h-8v28h-48v-48h28v-8h-32l0,0c-2.2,0-4,1.8-4,4v56C14.8,83.3,16.6,85.1,18.8,85.1z"></path><polygonfill="currentColor"points="45.7,48.7 51.3,54.3 77.2,28.5 77.2,37.2 85.2,37.2 85.2,14.9 62.8,14.9 62.8,22.9 71.5,22.9"></polygon></svg><spanclass="sr-only">(opens new window)</span></span></a>, allowing a struct to transform
from the untrusted <code>&[AccountInfo]</code> slice given to a Solana program into a validated struct
of deserialized account types.</li><li><ahref="https://docs.rs/anchor-lang/latest/anchor_lang/attr.account.html"target="_blank"rel="noopener noreferrer">#[account]<span><svgxmlns="http://www.w3.org/2000/svg"aria-hidden="true"focusable="false"x="0px"y="0px"viewBox="0 0 100 100"width="15"height="15"class="icon outbound"><pathfill="currentColor"d="M18.8,85.1h56l0,0c2.2,0,4-1.8,4-4v-32h-8v28h-48v-48h28v-8h-32l0,0c-2.2,0-4,1.8-4,4v56C14.8,83.3,16.6,85.1,18.8,85.1z"></path><polygonfill="currentColor"points="45.7,48.7 51.3,54.3 77.2,28.5 77.2,37.2 85.2,37.2 85.2,14.9 62.8,14.9 62.8,22.9 71.5,22.9"></polygon></svg><spanclass="sr-only">(opens new window)</span></span></a>: attribute macro implementing <ahref="https://docs.rs/anchor-lang/latest/anchor_lang/trait.AccountSerialize.html"target="_blank"rel="noopener noreferrer">AccountSerialize<span><svgxmlns="http://www.w3.org/2000/svg"aria-hidden="true"focusable="false"x="0px"y="0px"viewBox="0 0 100 100"width="15"height="15"class="icon outbound"><pathfill="currentColor"d="M18.8,85.1h56l0,0c2.2,0,4-1.8,4-4v-32h-8v28h-48v-48h28v-8h-32l0,0c-2.2,0-4,1.8-4,4v56C14.8,83.3,16.6,85.1,18.8,85.1z"></path><polygonfill="currentColor"points="45.7,48.7 51.3,54.3 77.2,28.5 77.2,37.2 85.2,37.2 85.2,14.9 62.8,14.9 62.8,22.9 71.5,22.9"></polygon></svg><spanclass="sr-only">(opens new window)</span></span></a> and <ahref="https://docs.rs/anchor-lang/latest/anchor_lang/trait.AnchorDeserialize.html"target="_blank"rel="noopener noreferrer">AccountDeserialize<span><svgxmlns="http://www.w3.org/2000/svg"aria-hidden="true"focusable="false"x="0px"y="0px"viewBox="0 0 100 100"width="15"height="15"class="icon outbound"><pathfill="currentColor"d="M18.8,85.1h56l0,0c2.2,0,4-1.8,4-4v-32h-8v28h-48v-48h28v-8h-32l0,0c-2.2,0-4,1.8-4,4v56C14.8,83.3,16.6,85.1,18.8,85.1z"></path><polygonfill="currentColor"points="45.7,48.7 51.3,54.3 77.2,28.5 77.2,37.2 85.2,37.2 85.2,14.9 62.8,14.9 62.8,22.9 71.5,22.9"></polygon></svg><spanclass="sr-only">(opens new window)</span></span></a>, automatically prepending a unique 8 byte discriminator to the account array. The discriminator is defined by the first 8 bytes of the <code>Sha256</code> hash of the account's Rust identifier--i.e., the struct type name--and ensures no account can be substituted for another.</li><li><ahref="https://docs.rs/anchor-lang/latest/anchor_lang/accounts/account/struct.Account.html"target="_blank"rel="noopener noreferrer">Account<span><svgxmlns="http://www.w3.org/2000/svg"aria-hidden="true"focusable="false"x="0px"y="0px"viewBox="0 0 100 100"width="15"height="15"class="icon outbound"><pathfill="currentColor"d="M18.8,85.1h56l0,0c2.2,0,4-1.8,4-4v-32h-8v28h-48v-48h28v-8h-32l0,0c-2.2,0-4,1.8-4,4v56C14.8,83.3,16.6,85.1,18.8,85.1z"></path><polygonfill="currentColor"points="45.7,48.7 51.3,54.3 77.2,28.5 77.2,37.2 85.2,37.2 85.2,14.9 62.8,14.9 62.8,22.9 71.5,22.9"></polygon></svg><spanclass="sr-only">(opens new window)</span></span></a>: a wrapper type for a deserialized account implementing <code>AccountDeserialize</code>. Using this type within an <code>Accounts</code> struct will ensure the account is <strong>owned</strong> by the address defined by <code>declare_id!</code> where the inner account was defined.</li></ul><p>With the above, we can define preconditions for any instruction handler expecting a certain set of
accounts, allowing us to more easily reason about the security of our programs.</p><h2id="clone-the-repo"><ahref="#clone-the-repo"class="header-anchor">#</a> Clone the Repo</h2><p>To get started, clone the repo.</p><divclass="language-bash extra-class"><preclass="language-bash"><code><spanclass="token function">git</span> clone https://github.com/project-serum/anchor
</code></pre></div><p>Change directories to the <ahref="https://github.com/project-serum/anchor/tree/master/examples/tutorial/basic-2"target="_blank"rel="noopener noreferrer">example<span><svgxmlns="http://www.w3.org/2000/svg"aria-hidden="true"focusable="false"x="0px"y="0px"viewBox="0 0 100 100"width="15"height="15"class="icon outbound"><pathfill="currentColor"d="M18.8,85.1h56l0,0c2.2,0,4-1.8,4-4v-32h-8v28h-48v-48h28v-8h-32l0,0c-2.2,0-4,1.8-4,4v56C14.8,83.3,16.6,85.1,18.8,85.1z"></path><polygonfill="currentColor"points="45.7,48.7 51.3,54.3 77.2,28.5 77.2,37.2 85.2,37.2 85.2,14.9 62.8,14.9 62.8,22.9 71.5,22.9"></polygon></svg><spanclass="sr-only">(opens new window)</span></span></a>.</p><divclass="language-bash extra-class"><preclass="language-bash"><code><spanclass="token builtin class-name">cd</span> anchor/examples/tutorial/basic-2
</code></pre></div><p>And install any additional JavaScript dependencies:</p><divclass="language-bash extra-class"><preclass="language-bash"><code><spanclass="token function">yarn</span><spanclass="token function">install</span>
</code></pre></div><h2id="defining-a-program"><ahref="#defining-a-program"class="header-anchor">#</a> Defining a Program</h2><p>Here we have a simple <strong>Counter</strong> program, where anyone can create a counter, but only the assigned
</code></pre></div><p>Here, a couple <code>#[account(..)]</code> attributes are used.</p><ul><li><code>mut</code>: tells the program to persist all changes to the account.</li><li><code>has_one</code>: enforces the constraint that <code>Increment.counter.authority == Increment.authority.key</code>.</li></ul><p>Another new concept here is the <code>Signer</code> type. This enforces the constraint that the <code>authority</code>
account <strong>signed</strong> the transaction. However, anchor doesn't fetch the data on that account.</p><p>If any of these constraints do not hold, then the <code>increment</code> instruction will never be executed.
This allows us to completely separate account validation from our program's business logic, allowing us
to reason about each concern more easily. For more, see the full <ahref="https://docs.rs/anchor-lang/latest/anchor_lang/derive.Accounts.html"target="_blank"rel="noopener noreferrer">list<span><svgxmlns="http://www.w3.org/2000/svg"aria-hidden="true"focusable="false"x="0px"y="0px"viewBox="0 0 100 100"width="15"height="15"class="icon outbound"><pathfill="currentColor"d="M18.8,85.1h56l0,0c2.2,0,4-1.8,4-4v-32h-8v28h-48v-48h28v-8h-32l0,0c-2.2,0-4,1.8-4,4v56C14.8,83.3,16.6,85.1,18.8,85.1z"></path><polygonfill="currentColor"points="45.7,48.7 51.3,54.3 77.2,28.5 77.2,37.2 85.2,37.2 85.2,14.9 62.8,14.9 62.8,22.9 71.5,22.9"></polygon></svg><spanclass="sr-only">(opens new window)</span></span></a> of account constraints.</p><h2id="next-steps"><ahref="#next-steps"class="header-anchor">#</a> Next Steps</h2><p>We've covered the basics for writing a single program using Anchor on Solana. But the power of
blockchains come not from a single program, but from combining multiple <em>composable</em> programs
(buzzword...check). Next, we'll see how to call one program from another.</p></div><footerclass="page-edit"><!----><!----></footer><divclass="page-nav"><pclass="inner"><spanclass="prev">