Coinbase Prime offers two Access Levels for team members: portfolio level and entity level. These levels combine with Prime’s Roles and Permissions to determine whether a team member can take action on behalf of the entity or only in specific portfolios.
Entity-level roles grant the user access to all portfolios within the entity, applying the same permissions across each portfolio. Entity-level members also get enhanced permissions to act on behalf of the entity.
If a new portfolio is created, the entity-level user would automatically get added with their existing permissions.
Portfolio-level roles can be unique per each portfolio. This includes limiting access to certain portfolios.
If a new portfolio is created, the portfolio-level user would not automatically get added. (Portfolio-specific permissions would need to be configured.)
Portfolio Vs Entity-Level Activities
Access levels work in tandem with Prime’s approval policies. Entity-level approvers are part of the Entity, Portfolio, and Transfer Policies. Portfolio-level approvers are only part of the Portfolio and Transfers policies.
Portfolio-level activities are actions that only impact individual portfolios, such as:
Inviting, changing, or removing portfolio users
Transfering, trading, staking, and other portfolio transactions
Auditing and pulling reports for the portfolio
Entity-level activities are actions that impact the entire entity, such as:
Inviting, changing, or removing entity-level users
Any action that would impact entity security policies or settings
Entity-level users can also action portfolio-level activities
Who Can Benefit From Entity-Level Access?
Entity-level roles are perfect for Team Members who need the ability to manage the entire entity and hold the same role across every portfolio. Those who require different roles across portfolios or only need permissions for a subset of portfolios should hold portfolio-level roles.
Even entities with a single portfolio can benefit from Access Levels by using them to denote who has more advanced permissions to act on behalf of the entity.
(Should your account contain multiple portfolios, and no Entity-level user is present, please reach out to primeops@coinbase.com so they can assist with setting up Access Levels.)
How To Manage Access Levels
Roles and Access Levels can be configured and managed in each respective portfolio under Settings > Security. The team management permission (Administrators, Team Managers) is required to make adjustments to user permissions.
Inviting or changing entity-level users requires Entity-level Team Manager or Administrator roles and is controlled by the Entity Policy.