> ## Documentation Index
> Fetch the complete documentation index at: https://docs.digitalasset.com/llms.txt
> Use this file to discover all available pages before exploring further.

# Allowlist

> Implement flexible, credential-based access controls to securely authorize asset participants throughout their lifecycle.

Many digital assets require issuers to stringently control who can participate throughout the asset lifecycle. Whether onboarding investors to a tokenized fund, restricting ownership of regulated securities, or authorizing specific counterparties to mint and redeem stablecoins, issuers need adaptive, policy-driven access controls.

The **DA Registry** provides configurable, credential-based allowlists that enable issuers to define precisely who is authorized to hold, receive, transfer, mint, or redeem an asset. Rules are configured independently for each instrument, allowing you to seamlessly tailor unique compliance policies across diverse asset classes.

<Info>
  **The On-Chain Difference:** Instead of relying on brittle application-layer logic or manual back-office checks, the DA Registry embeds authorization directly into the asset model. The protocol automatically verifies that the acting party possesses the required credentials *before* a transaction executes, guaranteeing deterministic policy enforcement.
</Info>

## Key Capabilities

By embedding configurable authorization policies directly within the asset lifecycle, the DA Registry achieves "Compliance by Design" without sacrificing operational efficiency.

<CardGroup cols={2}>
  <Card title="Granular Access Control" icon="sliders">
    Configure independent authorization requirements for separate phases of the lifecycle, including holding, minting, and redeeming assets.
  </Card>

  <Card title="Credential-Based Authorization" icon="id-card">
    Dynamically verify permissions using highly configurable credential requirements tailored to each specific instrument.
  </Card>

  <Card title="Flexible Administration" icon="user-gear">
    Manage allowlists directly or delegate administrative privileges to trusted compliance, KYC, and identity providers.
  </Card>

  <Card title="Privacy-Preserving Compliance" icon="eye-slash">
    Integrate identity verification while fully leveraging Canton's selective disclosure and privacy model to keep sensitive data protected.
  </Card>
</CardGroup>

## Lifecycle Authorization

Allowlists ensure that every critical interaction with an asset is bound by the instrument's specific compliance requirements:

| Operation               | Enforcement Behavior                                                                                                                                   |
| :---------------------- | :----------------------------------------------------------------------------------------------------------------------------------------------------- |
| **Holding & Receiving** | Restricts asset ownership exclusively to pre-vetted, authorized accounts or wallets.                                                                   |
| **Transfers**           | Intercepts movements to ensure both the sender and the receiver maintain valid, unexpired credentials at the exact moment of transfer.                 |
| **Minting & Redeeming** | Limits token creation and destruction capabilities to authorized institutional counterparties, protecting stablecoin supply chains or fund structures. |

### Delegated Administration

To alleviate the operational burden on issuers, allowlist management can be securely delegated to trusted third-party compliance providers. This enables organizations to natively integrate existing KYC/AML frameworks and investor onboarding workflows while maintaining an unalterable, on-ledger record of all authorization decisions.
