Certain privileged actions (transaction messages) are only allowed to be performed by authorized entities. Some messages require the sender to be an observer validator, while others require the sender to be a specific policy account.

A policy account is similar to an on-chain multisig account with members voting for message execution.

Each group has an admin, a set of members, and a set of policy accounts. Each policy account has an admin, an address and a decision policy (threshold of votes, voting period, etc.).

The group mechanism on ZetaChain is powered by the group Cosmos SDK module (opens in a new tab).

ZetaChain can have any number of groups. Anyone can create a group. In this document we only consider policy accounts that give authorization to perform privileged actions.

These policy accounts are set during genesis and as any module parameter they can be changed through governance. This is important, because even though the protocol has a notion of admins and privileged policy accounts, they are chosen by the community of the chain through governance. If a group/policy admin or members of a group become malicious, the community can create a new group with new admin and members and use the parameter change governance proposal to point the parameter of the observer module to the new policy accounts.

The table below shows all privileged messages grouped by their required policy account and module. Each message is organized under its respective module (crosschain, fungible, observer, etc.) and requires authorization from the specified policy account.