Organization-level roles
When you’re invited to a Porto organization, you’re assigned an organization role. This role determines your base permissions across all vaults.Vault-level roles
Within individual vaults, you can have a different role than your organization role. This allows more granular permission management.What each role can do
Viewer
Can:- View all vaults you’re added to
- View vault details (name, balance, users, policies)
- View asset balances and transaction history
- See pending operations and approvals
- Initiate any operations
- Approve operations
- Create deposit addresses
- Modify any settings
Operator
Can:- View vault details and balances
- Create new deposit addresses
- Request incoming transfers/deposits
- View Activity and approvals
- Initiate outgoing transfers or withdrawals
- Approve operations
- Modify vault settings
Initiator
Can:- Do everything Operator can do
- Initiate transfers (between vaults)
- Initiate withdrawals (to external addresses)
- Initiate stablecoin swaps
- Request Anchorage review for large transfers
- Approve operations (unless they’re also an Approver)
- Modify vault policies or user permissions
- Change vault settings
Approver
Can:- Approve operations initiated by Initiators
- View pending approvals and operations
- See approval history
- Provide comments on approvals
- Initiate operations
- Modify vault settings
- Add or remove other users
Admin
Can:- Do everything (all permissions)
- Manage users (add, remove, change roles)
- Modify vault and admin policies
- Configure quorum and approval rules
- Access vault recovery and security features
- Export activity and reports
Role separation principle
The principle of least privilege suggests:- Give each user only the minimum permissions they need
- Separate the “initiator” and “approver” roles — don’t give both to the same person
- This prevents unauthorized operations and reduces fraud risk
- Treasurers = Initiators (they request operations)
- Finance managers = Approvers (they review and approve)
- Compliance = Viewers (they audit)
- One executive = Admin (oversees everything)
Organization role vs. vault role
Your permissions are the most restrictive of:- Your organization role
- Your vault-specific role
- You’re a Viewer at the organization level
- But you’re an Initiator in Vault A
- Result: You can only View other vaults, but can Initiate in Vault A
Permission matrix
Complete permission matrix across all operations:Checking your permissions
1
Open settings
From the home screen, tap Settings.
2
Select users or team
Go to Users, Team, or People.
3
Find yourself
Look for your user profile in the list.
4
View your role
You’ll see:
- Your organization role
- Your vault-specific roles (if different)
- When you were added
- Your status (active, pending, etc.)

Requesting role changes
If you need different permissions:- Talk to your administrator — Explain why you need the permission change
- Get approved — Your admin will review and approve the change
- Role updates — Your new role takes effect immediately
- Verify access — Check your settings to confirm the new role is active
Common role scenarios
Team member getting access to new vault:- Admin creates them as an Initiator in the new vault
- They keep their Operator role in other vaults
- They can initiate in new vault, but only operator permissions elsewhere
- Admin changes them from Initiator to Approver
- They can now approve operations
- They can no longer initiate (unless they’re an Initiator + Approver both)
- Admin removes them from a vault or changes them to Viewer
- They retain other roles in other vaults
- Changes take effect immediately
Best practices for role management
- Regular audits — Review user roles quarterly to ensure they still match job functions
- Principle of least privilege — Always start with the minimum role needed
- Separate roles — Keep initiators and approvers separate when possible
- Document changes — Record why role changes were made for compliance
- Onboarding checklist — New team members should be set up with correct roles from day one
- Off-boarding — Remove or disable accounts immediately when someone leaves