# Account Delegation ## What is account delegation Account delegation provides access and/or control over your private encrypted data to another user. The intended purpose for this feature is to allow people you trust full access. In almost all cases we recommend using Shares and On-Shares to give access to other users as it gives much more granular control over the data shared to another user. An example where you might use a feature like this is where a user is helping a family member (be that a child or an elderly parent) who requires assistance. ## Setting up delegation ### Setting up the Scenario First lets create two new users to set up a delegation between. ```bash meeco users:create -p password > .riker.yaml meeco users:create -p password > .homer.yaml ``` Next lets create an item in Riker's account so we can later test to make sure Homer has access to it. ```bash # List out available templates meeco templates:list -a .riker.yaml # Create an item config file from one of the chosen templates meeco items:create-config vehicle -a .riker.yaml > .riker-vehicle-config.yaml # Extra step, open up the above item config yaml file and modify it in your chosen text editor # Create the item using the above item config yaml meeco items:create -i .riker-vehicle-config.yaml -a .riker.yaml > .riker-vehicle.yaml ``` ### Creating the Delegation Connection Next lets get Riker to create a delegation connection invitation with the delegation role `reader`. (delegation-role options are `owner`, `admin`, and `reader`) ```bash meeco delegations:create-invitation -a .riker.yaml Homer reader > .delegation-invitation.yaml ``` Homer can now accept that delegation connection invitation from Riker and the delegation connection will have been created. ```bash meeco delegations:accept-invitation -a .homer.yaml -c .delegation-invitation.yaml Riker > .delegation-connection.yaml ``` ### Sharing the Key Encryption Key While the connection has been created There are still a couple more steps to go before the delegation has been fully set up. These steps are for sharing Riker's Key Encryption Key (KEK) to Homer. First Riker must Encrypt his KEK with Homer's public key and send it. ```bash # meeco delegations:share-kek -a .riker.yaml meeco delegations:share-kek 53cbd900-6657-40a0-9fae-ad8ac20078f4 -a .riker.yaml ``` Next Homer accepts Riker's KEK, decrypting it with his private key, then storing it for access later under his own KEK. ```bash # meeco delegations:accept-kek -a .homer.yaml meeco delegations:accept-kek 099ebb9b-b49f-4c20-8606-b92b7dcc8ea6 -a .homer.yaml ``` ### Reading User data as a delegate user First Homer can pre-load Riker's KEK and Private DEK should for decrypting the data. ```bash # meeco delegations:load-auth-config --delegationId -a .homer.yaml > .homer-with-riker-delegation.yaml meeco delegations:load-auth-config --delegationId c0181886-20de-45de-b4b5-b614f92f2440 -a .homer.yaml > .homer-with-riker-delegation.yaml ``` Next Homer can list out the Riker's items. ```bash # meeco items:list --delegationId -a .homer.yaml meeco items:list --delegationId c0181886-20de-45de-b4b5-b614f92f2440 -a .homer-with-riker-delegation.yaml ``` Then, taking note of the item id from the items:list command, finally Homer can view the item Riker created earlier. ```bash # meeco items:get --delegationId -a .homer-with-riker-delegation.yaml meeco items:get --delegationId c0181886-20de-45de-b4b5-b614f92f2440 0f0dc0d3-d7f4-42e6-8b46-e41bf3a51d2a -a .homer-with-riker-delegation.yaml ``` --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://docs.meeco.me/latest/guides/vault/account-delegation.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.