TRON Account Permissions Explained — TRON Wiki

TRON Account Permissions Explained

9 min read · ⌘K search

TRON's account permission system provides granular control over who can perform which actions on an address. Unlike simple single-key wallets, TRON natively supports multi-key authorization, weighted thresholds, and separate permission tiers — forming the foundation for multisig accounts and organizational security.

Permission types

Every TRON account has up to three permission levels:

PermissionPurposeTypical use
OwnerModify permissions, transfer ownershipAccount recovery, permission updates
ActiveTransfers, staking, voting, contract callsDaily operations
WitnessBlock production (SR operations)Super Representatives only

Most users interact only with Owner and Active. Witness permission is added when an account registers as an SR candidate.

Default single-key setup

When you create a new wallet, all permissions default to your single key:

Code
Owner:  your_key (threshold: 1, weight: 1)
Active: your_key (threshold: 1, weight: 1)

One private key controls everything. Simple but vulnerable to single-point compromise.

How thresholds and weights work

Each permission level has:

  • Keys: List of authorized public keys (addresses)
  • Weights: Power assigned to each key (typically 1)
  • Threshold: Minimum total weight required to authorize

Example 2-of-3 Active permission:

KeyWeight
Alice1
Bob1
Carol1
Threshold2

Any two of Alice, Bob, or Carol can authorize Active operations.

Owner permission deep dive

Owner permission controls the most sensitive operations:

  • Adding/removing keys from any permission level
  • Changing thresholds
  • Transferring account ownership
  • Modifying Witness permission

Best practice: Protect Owner with a higher threshold than Active:

PermissionSuggested threshold
Owner3-of-5 or 2-of-3 (conservative)
Active2-of-3 (operational)

If an attacker compromises an Active key, they cannot change permissions without also meeting the Owner threshold.

Owner key loss is permanent
If Owner permission has a single key and you lose it, no one can recover the account. Always backup Owner keys with extreme care.

Active permission deep dive

Active permission authorizes routine operations:

You can create multiple Active permission groups with different key sets — for example:

  • Active Group 1: Finance team (transfers only)
  • Active Group 2: Staking team (freeze/vote only)

This granular separation requires custom configuration via TronWeb or advanced TronScan settings.

Witness permission

Only relevant for Super Representatives:

  • Controls block signing for SR nodes
  • Separate from Owner/Active for security isolation
  • SR operators typically use a dedicated block-signing key

Regular users never need to modify Witness permission.

Viewing permissions

Check current permissions on:

  1. TronScan → your address → Permissions tab
  2. TronLink → Account Settings → Permissions
  3. TronWeb: tronWeb.trx.getAccount(address)

The display shows each permission's keys, weights, and thresholds.

Updating permissions

Add a key to Active permission

  1. Connect wallet (must meet Owner threshold to change permissions)
  2. TronScan → Permissions → Update Active
  3. Add new key address with weight 1
  4. Increase threshold if needed (e.g., 1-of-2 → 2-of-2)
  5. Confirm transaction

Convert to full multisig

See multisig TRON account for complete setup workflows.

Permission update costs

Permission changes consume Bandwidth and Energy. Keep resources available before modifying permissions.

Security architecture patterns

Individual user (enhanced security)

Code
Owner:  Ledger key only (threshold 1)
Active: TronLink daily key (threshold 1)

Owner on hardware wallet for permission changes only. Active on hot wallet for daily use.

Small team

Code
Owner:  3-of-3 founders
Active: 2-of-3 operators

Owner changes require full consensus. Daily ops need majority.

Enterprise

Code
Owner:  4-of-7 board
Active: 3-of-5 finance committee
Active: 2-of-3 automated system keys (limited contract whitelist)

Multiple Active groups with different operational scopes.

Permission changes and pending transactions

When a multisig Active permission is configured:

  1. Transaction created but not yet fully signed → pending state
  2. Other authorized keys add signatures
  3. Threshold met → transaction broadcasts

Pending multisig transactions are visible on TronScan under the account's Pending tab.

Common mistakes

Setting Owner threshold too high. If 3-of-5 and two founders leave, you can't update permissions. Plan for personnel changes.

Same key on Owner and Active. Defeats the purpose of separation. Use different keys.

Not testing after changes. Always test with a 1 TRX transfer after permission updates.

Forgetting resource needs. Permission update transactions need Energy/Bandwidth.

Permissions and wallet imports

When you import a seed phrase into TronLink, you get the default single-key permissions. If the account was previously configured with custom permissions on-chain, those permissions persist — importing the seed gives you only the keys you possess, which may not meet the threshold alone.

FAQ

What is the difference between Owner and Active permission?

Owner controls permission changes and account ownership. Active controls daily operations — transfers, staking, voting, and contract calls.

Can I have multiple keys on one permission?

Yes. Add multiple keys with individual weights and set a threshold. This creates multisig-style authorization for that permission level.

What happens if I lose my Owner key?

If Owner is single-key and you lose it, the account is permanently inaccessible. Use multisig Owner permission for recoverable setups.

Can I delete a permission level?

You cannot delete Owner or Active — they always exist. You can modify their keys and thresholds. Witness can be added/removed for SR accounts.

Do permissions affect staking rewards?

Permissions control who can vote and freeze. Rewards go to the account regardless of which authorized key initiated the vote.