---
title: "Access Rules & Auth Zones"
path: "/contents/tech/core-concepts/access-rules-and-auth-zones"
version: "1.3.0"
author: "Hydrate"
createdAt: "2026-02-18T22:38:09.499Z"
updatedAt: "2026-03-16T18:25:43.314Z"
---

# Access Rules & Auth Zones

<Infobox>
| **Layer** | [Radix Engine](/developers/legacy-docs/reference/radix-engine/radix-engine) (System-Level) |
| **Pattern** | Declarative role-based access control |
| **Primitives** | [AccessRule](https://docs.radixdlt.com/docs/authorization), [AuthZone](https://docs.radixdlt.com/docs/auth), Proofs, [Badges](https://docs.radixdlt.com/docs/user-badge-pattern) |
</Infobox>

## Overview

**[Access Rules](https://docs.radixdlt.com/docs/authorization)** are Radix's system-level authorization mechanism. Unlike EVM where access control is enforced by smart contract code (vulnerable to bugs), Radix enforces permissions at the [engine level](/contents/tech/core-protocols/radix-engine) — making authorization errors structurally impossible.

### Auth Zones

During transaction execution, the **Auth Zone** accumulates [proofs](https://docs.radixdlt.com/docs/auth) ([badges](https://docs.radixdlt.com/docs/user-badge-pattern), ownership evidence) that methods can check against. A method guarded by an access rule will only execute if the auth zone contains the required proof.

### Key Patterns

  - **Badge-gated access** — Hold a specific NFT badge to call admin methods

  - **Multi-sig** — Require N-of-M badge holders to authorize

  - **Role-based** — Different roles (owner, admin, user) with different permissions

  - **Composable** — [Access rules](https://docs.radixdlt.com/docs/authorization-approach) can be combined with AND/OR logic