# updatePermissions

The ‎`updatePermissions()` operation lets you change what an account or identifier is allowed to do on the Keeta Network. Use it to grant, restrict, or remove access to specific token-related actions for a given account.

```typescript
userClient.updatePermissions(
  targetAccount,
  new Client.lib.Permissions([
    "ACCESS",
    "ADMIN",
    // ...add or remove permissions as needed
  ]),
  tokenAccount,
  Client.lib.Block.AdjustMethod.SET,      // Optional: SET (default), ADD, or SUBTRACT
  { account: tokenAccount }               // Optional: options
)
```

*targetAccount*: The account to update permissions for.

*permissions*: The new permissions to assign, as a ‎\`Permissions\` object.

*tokenAccount*: The token (public address) these permissions relate to.

*method* (optional): How to update permissions (‎\`SET\`, ‎\`ADD\`, or ‎\`SUBTRACT\`).

*options* (optional): Additional settings (e.g. which account is performing the update).

## When to Use

* Grant new permissions to an account for a specific token.
* Remove or revoke existing permissions from an account.
* Change roles or access after onboarding, role changes, or security reviews.
* Respond to organizational changes or update access control policies.
* Maintain secure and flexible token operations on the network.

## Permission Types

Specify any combination of permission strings as defined in the SDK. For the complete list and descriptions, refer to the [static documentation](https://static.test.keeta.com/docs/enums/KeetaNetSDK.Referenced.BaseFlag.html#permission_delegate_add).

## Requirements

To update permissions, the calling account must have the ‎`ACCESS` right on the token. Additionally, the account must either be an ‎`ADMIN` or have the ‎`PERMISSION_DELEGATE_ADD` permission.

## Code Example: How to Remove ACCESS Permission from an Account

{% stepper %}
{% step %}

### Identify the Target Account and Token

Decide which account should lose access (‎`accountToDenyAccess`) and the token (‎`tokenAccount`) this affects.

```typescript
// Example dummy public keys (replace with real ones in production)
const accountToDenyAccess = "kta_1dummyaccountpublickeyxxxxxxxxxxxxxxxxxxxxxxxxxxxx";
const tokenAccount = "kta_1dummytokenpublickeyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyy";
```

{% endstep %}

{% step %}

### Prepare the Permissions Object

Create a ‎`Permissions` object with the permission you want to remove.

```typescript
const permissionsToRemove = new Client.lib.Permissions(["ACCESS"]);
```

{% endstep %}

{% step %}

### Call updatePermissions with the SUBSTRACT method

Use the ‎`SUBTRACT` method to remove the permission.&#x20;

```typescript
userClient.updatePermissions(
  accountToDenyAccess,
  permissionsToRemove,
  tokenAccount,
  Client.lib.Block.AdjustMethod.SUBTRACT,
  { account: tokenAccount }
);
```

{% hint style="info" %}
If you wanted to add a permission instead, use the ‎`Client.lib.Block.AdjustMethod.ADD` and to set it `Client.lib.Block.AdjustMethod.SET`.
{% endhint %}
{% endstep %}

{% step %}

### Confirm the Update

Wait for confirmation on the network to ensure the permission has been removed.

{% hint style="warning" %}
The account performing this operation must have ‎`ACCESS` and either ‎`ADMIN` or ‎`PERMISSION_DELEGATE_ADD` rights on the token.
{% endhint %}
{% endstep %}
{% endstepper %}