# Access Control ## Cross-chain Access Control Overview The use of GMP (Generic Message Passing) protocols allows contracts residing on remote chains to interact with and execute functions in local contracts. This interaction is usually achieved without restrictions, meaning that multiple remote contracts on different chains have the ability to perform a wide range of operations or functions on local contracts. ![](/files/7GzhraIwIUQhHULQqFHG) In certain situations, unrestricted access offered by technologies like GMP protocols may not be ideal. Instead, controlled or restricted access is preferred. ![](/files/K7I08ahaQUpIWwbKVAs4) While some GMP protocols incorporate these type controls, not all do, and moreover, each one presents different mechanisms for their enforcement. ## Glacis Access Control > The Glacis Access Control feature allows destination contract owners to define a standardized list of authorized incoming routes that are able to access their local contracts through the different GMP protocols. An incoming route is defined by these parameters: * GMP Id: The Glacis GMP Id that have passed the message * Chain Id: The Glacis chain ID where the message comes from * Contract Address: The address of the source contract on remote chain (where the message was originated) The access control mechanism is based on consulting the destination contract to determine if the incoming route of a message is an authorized one before sending it to the requested address in the destination chain. This task is performed by the Glacis Infrastructure on the destination chain. If the route is recognized as authorized, the message is then successfully delivered. ![](/files/gAROZm7M8UFrJzHE2PuF) In case that the route is not recognized as authorized, the transaction is rejected. ![](/files/th1ZNqzLdi29bZekTWqC) ### Routing Wildcards At any time the contract owner can make use of zero values for each one of the authorized incoming route parameters, Glacis will understand these parameters as "any". * GMP Id = 0 -> The message can arrive from any GMP * Chain Id = 0 -> The message can arrive from any chain * Contract Address = "0x" -> The message can arrive from any source address Combinations of values and wildcards can be used, for example a contract with an authorized route of (0,1,"0x") implies that Glacis will only deliver messages to destination if they come from Ethereum chain regardless the GMP used for message passing or the source contract address. --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://docs.glacislabs.com/glacis-core/concepts/features/access-control.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.