Permissions define what a subaccount is allowed to do. They are set at the subaccount level (unlike Roles, which are set at the member or API key level) and apply to all members and API keys operating within that subaccount.
Permissions always take precedence. If an action is disabled by permissions, no role can override it.
Accessing and Editing Permissions
Permissions are managed from the ‘Permissions’ tab of a subaccount.
To get there:
Permissions can be edited by the Owner and Admin roles. Changes affect the entire subaccount and apply to all members and API keys operating within it.
Permission Categories
Permissions are grouped by function. Each category controls a specific aspect of subaccount behavior.
Trading
Trading permissions control whether members of the subaccount can place and manage spot trades.
Spot trading is disabled by default. Members cannot place spot orders until the permission is explicitly set to Write. When set to Read, members can view markets and activity but cannot trade.
Spot trading (advanced)
Advanced spot trading controls allow users to further constrain how spot trading is used once enabled.
Users can restrict trading to specific market pairs and set a maximum notional value per order. These limits apply to all spot orders placed from the subaccount.
Example: If a subaccount is intended to trade only BTC/USDT and no more than $1,000 USDT notional value per order, that can be set here.
Global trading limits
Global trading limits define hard caps on overall activity across the subaccount.
These limits cap total exposure and order activity, regardless of which market is being traded.
Example: A subaccount may be permitted to trade any market but capped at $5,000 USDT in open orders and 25 resting orders at a time.
Balances
Balance visibility is always enabled.
All members of a subaccount can view available, locked, and total balances within this subaccount. This permission cannot be disabled and does not grant any ability to trade or transfer funds.
Outgoing internal transfers
Outgoing internal transfer permissions control whether the subaccount can send funds internally and where those funds may be sent.
Users can restrict whether internal transfers are allowed and set daily transfer limits. Incoming transfers are not affected by these settings.
Outgoing internal transfers (advanced)
Advanced transfer controls define the destination scope for internal transfers.
Users can restrict transfers to ‘own accounts only’, or ‘allow external accounts’:
- ‘Own accounts only’: transfers from this subaccount are only allowed to use the main account’s Funding Account and Unified Trading Account as a destination
- ‘Allow external account’: transfers from this subaccount are allowed to use the main account’s Funding Account and Unified Trading Account, but can also transfer to other whitelisted Polyester users.
External withdrawals
External withdrawal permissions control whether funds can be withdrawn to external wallets outside of the Polyester exchange.
These settings define per-withdrawal and daily withdrawal limits for external wallets. External withdrawals can be restricted using address whitelisting, ensuring funds can only be sent to approved destinations.
Safety and governance
These permissions define automated and manual safeguards for a subaccount.
When enabled, they allow the main account to halt trading or place the subaccount into close-only mode while the main account owner evaluates performance or responds to abnormal conditions.
Automated controls
Automated controls trigger predefined actions when thresholds are breached.
They can be defined using ‘daily loss limits’ and/or ‘intraday drawdown limits’. When triggered, trading can be halted or enter liquidation/close-only mode.
Manual controls
Manual controls allow immediate intervention.
These include the same emergency trading halts and/or liquidation/close-only mode. Manual controls take effect immediately upon saving and remain active until explicitly removed.
Policy governance
When enabled, permission settings are locked. In this mode, Admins can no longer edit permissions. Only the Owner can make changes until the policy is unlocked.
Member visibility
Member visibility controls whether non-owner members can see other members on the subaccount.
When disabled, members see only themselves and the owner. When enabled, all members can view each other and their assigned roles. This setting affects visibility only.
Permissions vs Roles
Permissions define the overarching rules for the entire subaccount.
Roles apply additional restrictions on a per-member basis. A role can never grant access beyond what permissions allow.
Visit Roles to learn more.