Two-Tiered Permission System
Stackup uses a two-tiered permission system with separate roles at both the organization level and the wallet level.
Organization Roles
Role | Permissions | Best For |
|---|---|---|
Admin |
|
|
Member |
|
|
Important
Organization roles are independent from wallet roles. For example, a Member at the organization level can be an Admin of a specific wallet.
Wallet Roles
Role | Permissions | Best For |
|---|---|---|
Owner |
|
|
Admin |
|
|
View Only |
|
|
Custom Roles with Policies
In addition to the default wallet roles, you can also create custom roles with specific permissions using policies that define:
Spending limits: Maximum amount that can be spent
Token types: Which tokens this role can use
Time period: How often the limit resets (daily, weekly, monthly)
Networks: Which blockchains the policy applies to
For example, you may create a “Developer” role that allows team members to spend up to $1,000 USDC per month.
Best Practice
We recommend matching the name of wallet roles to the structure of your organization.
Setting Up Organization Roles
From your dashboard, click Team in the left sidebar
To change a user's role:
Find the team member in the list
Click the three dots (⋮) menu next to their name
Select Change Role
Choose the appropriate role
Click Save
To add a new team member:
Click Invite Member
Enter their email address
Select their organization role
Click Send Invite
Adding a team member to a wallet:
Click Add Team Member
Select the team member from the dropdown
Choose an existing role or create a custom role
Click Add
Creating a custom wallet role:
In the Access Control tab, click Create Custom Role
Enter a name for the role (e.g., "Finance Team")
Configure the policy details:
Spending limits: Maximum amount that can be spent
Token types: Which tokens this role can use
Time period: How often the limit resets (daily, weekly, monthly)
Networks: Which blockchains this applies to
Click Create Role
How Policies Work
Policies are enforced through an offchain service that:
Simulates each transaction to verify it meets policy criteria
Cosigns transactions that comply with policy limits
Tracks the total amount spent within each time period
Automatically resets limits at the end of each interval
On the blockchain, your wallet distinguishes between two access levels:
Admins (including wallet owners) with full control
Limited users who require cosigning from the policy enforcement service
Best Practices for Role Setup
For Treasury Management
CFO: Owner role with full control
CEO: Admin role for oversight and approvals
Finance Team: Custom role with specific spending limits
Accounting: View-only access for reconciliation
For Development Teams
CTO: Owner role
Lead Developers: Admin role
Developers: Custom role with unlimited testnet access but limited mainnet capabilities
For Operations
Operations Lead: Owner or Admin role
Team Members: Custom roles with appropriate spending limits
Contractors: Highly specific limitations based on exact needs
Common Questions
What happens if a transaction exceeds the policy limit?
The transaction will not be processed. Users will need to wait until their limit resets or request a policy adjustment.
Can someone with a spending limit create new policies?
No, only users with Admin or Owner wallet roles can create or modify policies.
Do unused limits carry over to the next period?
No, spending limits reset completely at the end of each interval.
Can I set different limits for different networks?
Policy limits apply to all networks where the wallet and token are enabled. For more granular control, create separate policies for different team members.
Next Steps
After setting up your roles and permissions:
Test the system: Make small test transactions to ensure policies work as expected
Document your structure: Keep a record of which roles have what permissions
Review regularly: As your team and operations grow, revisit your role structure
Need help? Contact our support team at support@stackup.fi or click the chat icon in your dashboard.