Skip to main content

Permissions

Chain Wallet adopts a Role Separation permission model that strictly separates execution authority from governance authority, preventing single points of failure or any single role from having uncontrolled influence over wallet assets or governance structures.

The system defines only two roles:

  • Executor
  • Manager

I. Executor

Executors are responsible only for initiating transaction execution and hold no wallet governance or consensus-related permissions.

1. Permission Definition

Allowed

  • Initiate standard transaction requests
    • Including on-chain actions such as transfers and smart contract interactions

Prohibited

  • Modify any wallet governance-related state

    • Add, remove, or replace Executors or Managers
    • Modify wallet security status
    • Change any risk control configuration

  • Participate in any multisignature-related operations

    • Create multisig transactions
    • Approve multisig transactions
    • Execute multisig transactions

All transaction requests initiated by Executors are subject to the system’s security validation and permission checks and cannot bypass them.

In the next chapter, we will focus on security validation, namely risk control.

2. Permission Examples

  • Executor attempts to add a new Executor

    ❌ Insufficient permissions — operation rejected

  • Executor attempts to remove a Manager

    ❌ Insufficient permissions — operation rejected

II. Manager

Managers are responsible for wallet governance, security configuration, and collective decision-making for high-risk operations.

1. Permission Definition

Allowed

  • Wallet governance operations

    • Add, remove, or replace Executors and Managers
    • Manage wallet security status

  • Multisignature operations

    • Create multisig transactions
    • Approve multisig transactions
    • Execute multisig transactions

Constraints

  • Any high-risk operation involving asset transfers or wallet governance
    • Cannot be completed by a single Manager
    • Must reach consensus through a multisignature mechanism

2. Permission Examples

  • Manager removes an Executor identified as risky

    ✅ Allowed, but must be completed via multisignature

  • Manager attempts to independently transfer assets

    ❌ Not allowed — must be completed through multisignature

III. Permission Boundary Summary

  • Executor

    • Can never influence wallet governance structures
    • Can never participate in multisignature decisions

  • Manager

    • Can never unilaterally control assets or governance outcomes

  • Any critical operation

    • Cannot be completed by a single role or a single key

IV. Design Principles Summary

  • Principle of Least Privilege
  • No Privilege Escalation
  • Multi-Party Consensus for High-Risk Operations

This permission model provides a clear, auditable, and non-bypassable security boundary for the subsequent risk control system and multisignature mechanism.