Roles and permissions on Coinbase Prime

Coinbase Prime uses roles to manage permissions. Roles are a predefined group of permissions that indicate the actions team members are allowed to perform. Permissions can be customized by combining roles together and certain roles can be granted secondary permissions. Roles can be set at either the entity level or the portfolio level to determine whether a team member can take action on behalf of the entity or only in specific portfolios. It’s important to understand roles, permissions, and access before adding team members, or editing the roles of existing members.

When onboarding to Coinbase Prime, the account owner (applicant) will add team members to the account in specific roles. Once the account is activated, Team Managers or Administrators can add, edit, or remove team members as needed. Each Portfolio level user can have unique role combinations per portfolio, whereas Entity level users hold the same roles across all portfolios.

Review the charts below to learn more about our permissions and how they’re associated with each role.

Primary permissions

The ability to use a role on behalf of a portfolio or the entire entity depends on the Access Level the Team Member is assigned.

  • Entity-level users can use their permissions across every portfolio (current and future) in the entity and for activities that affect the entity itself.

  • Portfolio-level users can only use their permissions to action per each portfolio they have access to.

* If you only use custodial services on Coinbase Prime, any roles with trading abilities are not available. The Administrator role will be modified to not have trading abilities.

Secondary permissions

Certain Roles are eligible for secondary permissions. Secondary permissions are NOT automatically applied with a role assignment.


Each portfolio must have either an Administrator role, or at least one of each of the following roles: Initiator, Approver, and Team Manager.

Related articles: