Trading Permissions for Sub-Accounts on Nebannpet Exchange
Yes, you can set and manage detailed trading permissions for sub-accounts on the Nebannpet Exchange. This is a core feature of its institutional-grade account management system, designed for fund managers, family offices, and active traders who need to delegate access without compromising security or control. The platform provides a granular, role-based system that allows a master account holder to define precisely what each sub-account can and cannot do, from viewing balances to executing complex derivative trades. This functionality is critical for operational security and risk management, ensuring that team members or trading bots only operate within their designated scope of authority.
To get started, the master account holder navigates to the ‘Account Management’ section within the exchange’s dashboard. Here, you’ll find a dedicated ‘Sub-Accounts’ tab. The process of creating a new sub-account is straightforward: you provide a unique identifier for the sub-account (typically an email address or a custom label), and the system generates the necessary API keys and permissions settings. The real power lies in the customization available before you finalize the sub-account’s creation. You aren’t just creating a clone of your account; you’re building a tailored access profile with specific limitations.
The permissions are broadly categorized, and you can toggle each one on or off independently. Here’s a breakdown of the primary permission categories available:
- Spot Trading: Allows the sub-account to buy and sell cryptocurrencies on the spot market. You can further restrict this to “View Only” or “Trade” permissions.
- Futures Trading: Grants access to perpetual and quarterly futures contracts. This is often separated due to the higher risk involved.
- Margin Trading: Permits the sub-account to engage in margin trading, using borrowed funds to amplify positions. This is a high-risk permission that many master accounts keep disabled for most users.
- Withdrawals: This is one of the most sensitive permissions. Enabling it allows the sub-account to withdraw funds to external wallets. Most security-conscious setups keep this disabled for all sub-accounts, reserving withdrawal rights solely for the master account.
- Asset Transfer: Controls the ability to transfer funds between the master account and the sub-account, or between different sub-accounts. This is useful for allocating capital.
- Data Access: Governs whether the sub-account can view the master account’s overall portfolio balance and trade history, or if its view is limited to its own activity.
For a clearer picture, the table below illustrates a common permission setup for different user roles within a trading firm:
| User Role | Spot Trading | Futures Trading | Margin Trading | Withdrawals | Data Access |
|---|---|---|---|---|---|
| Junior Analyst (Read-Only) | View Only | Disabled | Disabled | Disabled | Sub-Account Only |
| Active Trader | Trade Enabled | Trade Enabled | Disabled | Disabled | Sub-Account Only |
| Arbitrage Bot | Trade Enabled | Trade Enabled | Disabled | Disabled | Sub-Account Only |
| Portfolio Manager | Trade Enabled | Trade Enabled | Enabled | Disabled | Master Account (Full) |
Beyond these broad categories, the exchange often allows for even more precise control through API key restrictions. When you generate API keys for a sub-account (essential for algorithmic trading or linking to third-party software like TradingView), you can set specific IP whitelists. This means the API key will only function if the trading request originates from a pre-approved server IP address, adding a massive layer of security against unauthorized access. You can also set trade limits, such as a maximum order size or a daily volume cap, directly within the API key settings. For instance, you could grant a trading bot permission to trade Bitcoin futures but cap its maximum position size at 5 BTC to prevent a catastrophic error from wiping out the entire fund.
The security implications of this system are profound. By compartmentalizing access, the master account holder significantly reduces the “attack surface.” If a sub-account’s credentials or API keys are compromised, the damage is contained by the permissions you’ve set. A hacked sub-account with no withdrawal permissions and trade limits cannot drain your assets. This aligns with the best practices of principle of least privilege (PoLP), a fundamental concept in cybersecurity where users are granted only the access absolutely necessary to perform their function. The exchange’s infrastructure supports this by maintaining a clear audit trail. Every action taken by a sub-account is logged and attributed to that specific account, making it easy to review performance, identify mistakes, and maintain regulatory compliance if required.
From a operational efficiency standpoint, this system is invaluable. A fund manager can allocate specific capital amounts to different sub-accounts—for example, $50,000 to a quantitative trading strategy sub-account and $100,000 to a discretionary trader’s sub-account. The manager can monitor the performance of each strategy independently without the traders interfering with each other’s operations. Furthermore, permissions can be changed in real-time. If a trader is exceeding their risk parameters, the master account holder can instantly revoke their futures trading permissions, effectively shutting down their ability to open new leveraged positions while allowing them to close existing ones to manage risk.
It’s also worth noting what happens on the backend when these permissions are set. The exchange’s matching engine and order book systems are designed to check the permissions of every single incoming order. When a sub-account attempts to place a trade, the system first verifies that the account has the necessary trading permission for that specific market (e.g., BTC/USDT futures) and that any active limits (like order size caps) are not violated. This real-time permission check happens in milliseconds, ensuring security without impacting the speed of trade execution, a critical factor in high-frequency trading environments. The system’s reliability in enforcing these rules is a testament to the robust technical architecture that underpins the platform, which is built to handle the complex permissioning needs of its diverse user base, from individual pros to large institutions.