TRON Account Permissions Explained
TRON's account permission system provides granular control over who can perform which actions on an address. Unlike simple single-key wallets, TRON natively supports multi-key authorization, weighted thresholds, and separate permission tiers — forming the foundation for multisig accounts and organizational security.
Permission types
Every TRON account has up to three permission levels:
| Permission | Purpose | Typical use |
|---|---|---|
| Owner | Modify permissions, transfer ownership | Account recovery, permission updates |
| Active | Transfers, staking, voting, contract calls | Daily operations |
| Witness | Block production (SR operations) | Super Representatives only |
Most users interact only with Owner and Active. Witness permission is added when an account registers as an SR candidate.
Default single-key setup
When you create a new wallet, all permissions default to your single key:
Owner: your_key (threshold: 1, weight: 1) Active: your_key (threshold: 1, weight: 1)
One private key controls everything. Simple but vulnerable to single-point compromise.
How thresholds and weights work
Each permission level has:
- Keys: List of authorized public keys (addresses)
- Weights: Power assigned to each key (typically 1)
- Threshold: Minimum total weight required to authorize
Example 2-of-3 Active permission:
| Key | Weight |
|---|---|
| Alice | 1 |
| Bob | 1 |
| Carol | 1 |
| Threshold | 2 |
Any two of Alice, Bob, or Carol can authorize Active operations.
Owner permission deep dive
Owner permission controls the most sensitive operations:
- Adding/removing keys from any permission level
- Changing thresholds
- Transferring account ownership
- Modifying Witness permission
Best practice: Protect Owner with a higher threshold than Active:
| Permission | Suggested threshold |
|---|---|
| Owner | 3-of-5 or 2-of-3 (conservative) |
| Active | 2-of-3 (operational) |
If an attacker compromises an Active key, they cannot change permissions without also meeting the Owner threshold.
Active permission deep dive
Active permission authorizes routine operations:
- TRX and TRC-20 transfers
- Freezing/staking TRX
- Voting for SRs
- Smart contract interactions
- Resource delegation
You can create multiple Active permission groups with different key sets — for example:
- Active Group 1: Finance team (transfers only)
- Active Group 2: Staking team (freeze/vote only)
This granular separation requires custom configuration via TronWeb or advanced TronScan settings.
Witness permission
Only relevant for Super Representatives:
- Controls block signing for SR nodes
- Separate from Owner/Active for security isolation
- SR operators typically use a dedicated block-signing key
Regular users never need to modify Witness permission.
Viewing permissions
Check current permissions on:
- TronScan → your address → Permissions tab
- TronLink → Account Settings → Permissions
- TronWeb:
tronWeb.trx.getAccount(address)
The display shows each permission's keys, weights, and thresholds.
Updating permissions
Add a key to Active permission
- Connect wallet (must meet Owner threshold to change permissions)
- TronScan → Permissions → Update Active
- Add new key address with weight 1
- Increase threshold if needed (e.g., 1-of-2 → 2-of-2)
- Confirm transaction
Convert to full multisig
See multisig TRON account for complete setup workflows.
Permission update costs
Permission changes consume Bandwidth and Energy. Keep resources available before modifying permissions.
Security architecture patterns
Individual user (enhanced security)
Owner: Ledger key only (threshold 1) Active: TronLink daily key (threshold 1)
Owner on hardware wallet for permission changes only. Active on hot wallet for daily use.
Small team
Owner: 3-of-3 founders Active: 2-of-3 operators
Owner changes require full consensus. Daily ops need majority.
Enterprise
Owner: 4-of-7 board Active: 3-of-5 finance committee Active: 2-of-3 automated system keys (limited contract whitelist)
Multiple Active groups with different operational scopes.
Permission changes and pending transactions
When a multisig Active permission is configured:
- Transaction created but not yet fully signed → pending state
- Other authorized keys add signatures
- Threshold met → transaction broadcasts
Pending multisig transactions are visible on TronScan under the account's Pending tab.
Common mistakes
Setting Owner threshold too high. If 3-of-5 and two founders leave, you can't update permissions. Plan for personnel changes.
Same key on Owner and Active. Defeats the purpose of separation. Use different keys.
Not testing after changes. Always test with a 1 TRX transfer after permission updates.
Forgetting resource needs. Permission update transactions need Energy/Bandwidth.
Permissions and wallet imports
When you import a seed phrase into TronLink, you get the default single-key permissions. If the account was previously configured with custom permissions on-chain, those permissions persist — importing the seed gives you only the keys you possess, which may not meet the threshold alone.
FAQ
What is the difference between Owner and Active permission?
Owner controls permission changes and account ownership. Active controls daily operations — transfers, staking, voting, and contract calls.
Can I have multiple keys on one permission?
Yes. Add multiple keys with individual weights and set a threshold. This creates multisig-style authorization for that permission level.
What happens if I lose my Owner key?
If Owner is single-key and you lose it, the account is permanently inaccessible. Use multisig Owner permission for recoverable setups.
Can I delete a permission level?
You cannot delete Owner or Active — they always exist. You can modify their keys and thresholds. Witness can be added/removed for SR accounts.
Do permissions affect staking rewards?
Permissions control who can vote and freeze. Rewards go to the account regardless of which authorized key initiated the vote.
Thanks — your feedback helps us improve the docs.