Website

User Permission Management

Operational Guide & Approval Workflow Diagrams

1. Overview

The Permission Management module is used to manage:

  • Sub-accounts under your main account

  • Authorized roles: Administrator, Engineer, Accountant

  • Approval flows for key operations

  • API access permissions

  • Observer links and access control

2. My Panel

2.1 Sub-account ownership & role categories

On the My Panel page, you can see:

  • Your own sub-accounts (directly under your main account)

  • Authorized accounts that others have shared with you, categorized by role:

  • Administrator

  • Engineer

  • Accountant

The page groups accounts by role type and shows:

  • Each main account for that role

  • The sub-accounts belonging to that main account

3. Authorization Management

The Authorization Management page is used to manage authorizations for your own sub-accounts.

Supported roles:

  • Administrator

  • Engineer

  • Accountant

You can add multiple users under the same role (for example, several Administrators).

3.1 Add New Authorization

When adding a new authorized user, you need to fill in:

  • Registered email address (must already be registered)

  • Remark / note (optional description)

  • Role: Administrator / Engineer / Accountant

  • Sub-account scope

Special notes:

  1. Administrator is a special role

  2. The number of Administrators affects the number of approval nodes that can be configured.

  3. In the initial state, for the “Add Authorized User” scenario, only one Administrator approval is required, and that Administrator is the currently logged-in user.

  4. Adding the first Administrator only requires self-confirmation.

  5. Sub-account scope selection

  6. If you select “All sub-accounts”, the authorized user will have access to:

  7. All existing sub-accounts

  8. All future sub-accounts automatically

  9. API access authorization

  10. If you enable API access for a user, you cannot choose a sub-account scope.

  11. This is because API access by default applies to all sub-accounts under the main account.

  12. API permissions include two types:

  13. Read & Write

  14. Can modify sub-account wallet addresses

  15. Can allocate sub-account revenue

  16. Read Only

  17. Can read revenue, hashrate, and related data only

4. Approval Management

The Approval Management section controls the number of approval nodes for different operation scenarios.

Operation scenarios fall into three broad categories:

  1. Authorization-related operations

  2. e.g. Add authorized user

  3. Revenue distribution–related operations

  4. Approval management modification

  5. Changing the current approval configuration (including the number of administrators required for each scenario)

4.1 Approval node configuration

  • For each scenario listed on the page, you can configure the number of Administrator approvals required.

  • “Administrators” here refer to all users assigned the Administrator role (including yourself).

  • The total number of available Administrators = all authorized Administrators + your own account

Default behavior:

  • Initially, all approval node counts are set to 1.

  • After you add more Administrators, you can adjust the approval count for each scenario from 1 up to the total number of Administrators.

5. My Requests

The My Requests page shows all operations that:

  • Fall under the configured permission scenarios

  • Require approval by one or more Administrators

Behavior:

  • When the number of required Administrator approvals for a scenario is greater than 1, any operation under that scenario becomes an approval request.

  • For example, if you increase the approval nodes for “Add Authorized User”, then:

  • When you add a new authorized user in Authorization Management,

  • The operation will not take effect immediately,

  • Other Administrators must approve it first.

6. Pending Approvals

The Pending Approvals page is for handling approval requests.

  • When an operation triggers an approval flow, other Administrators will receive an approval notification.

  • They can open Pending Approvals to:

  • Review request details

  • Approve or reject the operation

7. API Authorization

After a user is granted API access authorization:

  • The authorized user can go to the API Authorization page to:

  • Generate an independent API key for the authorized account

  • Manage API access to the sub-accounts covered by the authorization

Remember:

  • API access always applies to all sub-accounts under the main account.

  • The action scope depends on whether the permission is Read & Write or Read Only (see section 3.1).

8. Observer Links

8.1 Observer Permissions

The Observer Link page breaks down what Observer role can see/do.

  • Observers can view certain data without having full management rights.

  • Permissions are defined and managed at this page.

8.2 Configure Observer Link

By default (before enabling secure observer links):

  • Observer pages can be accessed:

  • Directly via a URL link

  • Via jump tools/in-app navigation

  • Sub-account identifiers appear in plain text in the URL, for example:

  • https://www.spiderpool.com/coin/show/btc/mysubaccount/detail

After enabling observer link protection:

  • Sub-account identifiers in observer URLs are encrypted.

  • A plain-text link can no longer be used to view sub-account details.

  • Even if an account has been authorized, opening the old plain-text link will not display the page.

You should consider enabling observer link protection when:

  • You share observer URLs externally

  • You want to avoid exposing sub-account information in plain-text links

The guide lists several viewing scenarios to illustrate how access behaves under different settings (before/after enabling observer link protection and with/without authorization).

PreviousHow to Set Warning Notice Bot?NextFAQ

Last updated