Permissions¶
This page explains how permissions work on the Energy Substantiation platform.
How Permissions Work¶
Permissions control what users can do on the platform. They can be assigned at two levels:
- Organization level - Applies to all accounts in the organization
- Account level - Applies to a specific account only
Account overrides organization: If a user has permissions at both levels, the account-level permission takes precedence.
Permission Levels¶
| Permission | Description |
|---|---|
| Viewer | Read-only access |
| Trader Buyer | Viewer + mint and burn orders |
| Trader Supplier | Viewer + offer and buy-back orders |
| Trader | All order types |
| Admin Supplier | Trader + manage supplier settings |
| Admin | Full access including user management |
What Each Permission Can Do¶
Viewer¶
- View accounts, orders, fills, and balances
- View auction results
- Cannot create or modify anything
Trader Buyer¶
Everything in Viewer, plus:
- Create mint orders (purchase tokens)
- Create burn orders (redeem tokens for cash)
Trader Supplier¶
Everything in Viewer, plus:
- Create offer orders (sell receipts)
- Create buy-back orders (token and USD)
- Manage account locations
Trader¶
Everything in Viewer, plus:
- Create all order types: mint, burn, offer, buy-back
- Cancel orders
- Manage account locations
Admin Supplier¶
Everything in Trader, plus:
- Create and update suppliers
- Create and update account locations
Admin¶
Everything in Admin Supplier, plus:
- Create, update, and delete user access
- Manage permissions for other users
Scope: Organization vs Account¶
Organization-Level Permission¶
When assigned at the organization level, the permission applies to all accounts in that organization.
Example: User with trader permission on "Acme Corp" organization can trade on all accounts under Acme Corp.
Account-Level Permission¶
When assigned at the account level, the permission applies to only that account.
Example: User with viewer permission on "Acme Trading Account" can only view that specific account.
Override Behavior¶
If a user has both organization and account permissions, account wins.
| Org Permission | Account Permission | Result |
|---|---|---|
| Admin | (none) | Admin on all accounts |
| Admin | Viewer on Account A | Viewer on Account A, Admin on others |
| Viewer | Trader on Account A | Trader on Account A, Viewer on others |
| (none) | Trader on Account A | Trader on Account A only |
Examples¶
Organization-wide admin:
A user assigned admin at the organization level can manage users and settings for all accounts in that organization.
Account-specific trader:
A user assigned trader_buyer on a specific account can only place mint and burn orders on that account. They cannot see other accounts in the organization.
Mixed permissions:
A user with viewer on the organization but trader on one specific account can view all accounts but only trade on that one account.
Next Steps¶
- Organizations - Managing organizations and accounts
- API Keys - Programmatic access