BE Custody permissions define which actions an authorised user can perform.
Permissions are assigned according to your organisation’s configuration, operating model, and governance requirements. They work together with user roles, approval workflows, quorum requirements, and internal controls.
This article provides a high-level permissions matrix. Exact permissions may vary depending on your organisation’s BE Custody setup, enabled services, and agreed custody model.
Roles and permissions
Roles describe a user’s general responsibility in the custody operating model.
Permissions define the specific actions that user can perform, such as viewing accounts, creating transactions, exporting data, managing address book entries, or accessing infrastructure-related functions.
For a broader explanation of role responsibilities, see What are user roles in Bitpanda Enterprise Custody?
Detailed permissions matrix
| Section / Action | Admin | Signer | Cluster Manager | Cluster Ops |
|---|---|---|---|---|
| Accounts — view | ✔ | ✔ | ||
| Create sub-wallet | ✔ | ✔ | ||
| Export data | ✔ | |||
| Portfolio — all | ✔ | ✔ | ||
| Transactions — list | ✔ | ✔ | ||
| Create transaction | ✔ | |||
| Cancel transaction | ✔ | |||
| Addresses — list | ✔ | ✔ | ||
| Create address book entries | ✔ | |||
| Delete address book entries | ✔ | |||
| User roles and governance | ✔ | |||
| API key management | ✔ | |||
| Wallet management | ✔ | |||
| InfraOPS clusters | ✔ | |||
| InfraOPS downloads | ✔ | |||
| InfraOPS payloads | ✔ | |||
| Tokenization — full access | ✔ | ✔ | ||
| MetaMask — full access | ✔ | ✔ |
Admin permissions
Admins are responsible for governance and administration-related activity.
Depending on configuration, Admin permissions may include:
- Viewing accounts
- Creating sub-wallets
- Exporting data
- Viewing portfolio information
- Listing transactions
- Creating or deleting address book entries
- Managing user roles and governance
- Managing wallets
- Accessing tokenization features, where enabled
- Accessing MetaMask-related features, where enabled
Admins should only be assigned where the user has a clear governance or administration responsibility.
Signer permissions
Signers are responsible for transaction-related activity.
Depending on configuration, Signer permissions may include:
- Viewing accounts
- Creating sub-wallets
- Listing transactions
- Creating transactions
- Cancelling transactions
- Listing addresses
- Managing API keys
- Accessing tokenization features, where enabled
- Accessing MetaMask-related features, where enabled
Signers should only create, cancel, or approve transactions that are expected, authorised, and consistent with the organisation’s internal process.
Cluster Manager permissions
Cluster Manager permissions relate to technical custody infrastructure and operational readiness.
Depending on configuration, Cluster Manager permissions may include:
- Viewing portfolio information
- Accessing InfraOPS clusters
- Accessing InfraOPS downloads
This is a technical role rather than a day-to-day transaction approval role.
Cluster Ops permissions
Cluster Ops permissions relate to specific technical operational functions.
Depending on configuration, Cluster Ops permissions may include:
- Listing addresses
- Accessing InfraOPS payloads
This role should be assigned only where the user has a defined technical operational responsibility.
How should permissions be assigned?
Permissions should follow the principle of least privilege.
Users should only be assigned the permissions needed for their responsibilities. Organisations should also consider segregation of duties, especially where users can create transactions, manage governance settings, access API keys, or perform technical custody operations.
When should permissions be reviewed?
Permissions should be reviewed regularly and whenever responsibilities change.
A review may be required when:
- A user joins or leaves the organisation
- A user changes role or team
- A user no longer requires custody access
- New wallets, assets, or workflows are introduced
- Approval or quorum requirements change
- API access or integration ownership changes
- An operational or security incident occurs
- An audit or control review is performed
Any permissions that are no longer required should be removed or updated through the organisation’s approved process.
What should I do if my permissions look incorrect?
If your permissions do not match your responsibilities, contact your organisation’s administrator.
If your organisation needs support reviewing or updating permissions in BE Custody, contact Bitpanda Enterprise Custody Support through the approved support channel.
Do not include passwords, PINs, private keys, seed phrases, API keys, API secrets, access tokens, or other sensitive authentication information in a support request.