tkhq · grahamritter · May 20, 2026
diff --git a/concepts/policies/examples/access-control.mdx b/concepts/policies/examples/access-control.mdx
@@ -15,6 +15,17 @@ sidebarTitle: "Access control"
 }
 ```
 
+#### Restrict which wallets a user can add accounts to
+
+```json
+{
+  "policyName": "Allow user <USER_ID> to create accounts only on <WALLET_ID>",
+  "effect": "EFFECT_ALLOW",
+  "consensus": "approvers.any(user, user.id == '<USER_ID>')",
+  "condition": "activity.type == 'ACTIVITY_TYPE_CREATE_WALLET_ACCOUNTS' && wallet.id == '<WALLET_ID>'"
+}
+```
+
 #### Allow users with a specific tag to create users
 
 ```json

diff --git a/concepts/policies/language.mdx b/concepts/policies/language.mdx
@@ -48,7 +48,7 @@ Keywords are reserved words that are dynamically interchanged for real values at
 | **tron.tx**                    | TronTransaction      | The parsed Tron transaction payload (see Appendix below)                    |
 | **bitcoin.tx**                 | BitcoinTransaction   | The parsed Bitcoin transaction payload (see Appendix below)                 |
 | **tempo.tx**                   | TempoTransaction     | The parsed Tempo transaction payload (see Appendix below)                   |
-| **wallet**                     | Wallet               | The target wallet used in sign + export requests                            |
+| **wallet**                     | Wallet               | The target wallet used in sign, export, and create wallet accounts requests |
 | **wallets**                    | list\<Wallet\>       | The target wallets associated with requests involving with multiple wallets |
 | **private_key**                | PrivateKey           | The target private key used in sign + export requests                       |
 | **wallet_account**             | WalletAccount        | The target wallet account used in sign + export requests                    |