# Account Permissions

Every [Vaulta account](/vaulta-guides/accounts/vaulta-native-accounts.md) is secured by a powerful permission system that offers fine-grained control over who can perform what actions. Vaulta permissions go far beyond a simple private/public key pair—they allow for flexible setups like multi-signature wallets, delegated authority, and smart contract automation.

Understanding Vaulta permissions is essential for account security, smart contract interaction, and managing dApps.

**Maintaining the confidentiality of private keys is paramount. Loss or compromise of a private key can result in unauthorized access and potential loss of assets.**&#x20;

***

## Default Permissions

Each Vaulta account features a hierarchical permission system that enhances security and flexibility. Permissions are structured hierarchically:

* Parent Permissions: Higher-level permissions that can override or control subordinate permissions.
* Child Permissions: Subordinate permissions that inherit certain characteristics from their parents but can be tailored for specific actions or contracts.

This structure allows for detailed and secure management of account actions and authorizations.&#x20;

* <mark style="color:green;">**owner**</mark> – parent permission
  * Master key; full control
  * Highest level of authority
  * Can change any permission on the account
  * Can recover access if active key is lost
  * Should be stored offline and used only when absolutely necessary
* <mark style="color:green;">**active**</mark> – subordinate permission&#x20;
  * Used for regular account actions including: sending tokens, voting for block producers, interacting with dApps and smart contracts
  * Used for daily operations

***

## Custom Permissions

Account owners can create custom permissions to further delegate authority for specific actions or smart contracts. This granularity allows for complex permission structures, enabling scenarios like multi-signature accounts or delegated account management. Vaulta allows you to create custom permission levels tied to specific smart contract actions.

Examples:

* A voteonly permission that allows voting but not transfers
* A bot permission that lets a contract perform specific actions on your behalf

These permissions can be:

* Assigned to different keys
* Protected by multi-signature rules
* Limited to certain actions/contracts only

## Takeaway

Vaulta's flexible permission system gives you complete control over your on-chain identity and assets.

| Permission | Purpose                       | Best Practice                      |
| ---------- | ----------------------------- | ---------------------------------- |
| owner      | Master access                 | Keep offline, only for emergencies |
| active     | Daily transactions            | Use with secure wallet             |
| Custom     | Fine-grained contract control | Use for dApps & automation         |

## Resources<br>


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://vaulta.gitbook.io/vaulta-guides/accounts/vaulta-native-accounts/account-permissions.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.