Access Control
Configure multi-user access to your PC2 node.
Overview
By default, the first wallet to login becomes the Owner. The owner can:
- Add additional wallets
- Assign roles (Admin, Member)
- Remove access
- Manage all settings
Roles
| Role | Permissions |
|---|---|
| Owner | Full access, manage all wallets, system settings |
| Admin | Full data access, cannot manage other admins |
| Member | Own wallet scope only, limited settings |
Enabling Access Control
Access control is disabled by default. To enable:
From UI
- Go to Settings → Security
- Find “Access Control” section
- Toggle “Enable Access Control”
- Click Save
From Config
Edit data/config/pc2.json:
{
"accessControl": {
"enabled": true,
"allowedWallets": []
}
}Adding Wallets
Only the Owner can add new wallets.
From UI
- Go to Settings → Security
- Find “Allowed Wallets” section
- Enter wallet address (0x…)
- Select role (Admin or Member)
- Click “Add Wallet”
From API
curl -X POST http://localhost:4200/api/access/wallets \
-H "Authorization: Bearer YOUR_TOKEN" \
-H "Content-Type: application/json" \
-d '{
"wallet": "0x1234...",
"role": "admin"
}'Removing Wallets
- Go to Settings → Security
- Find the wallet in the list
- Click the trash icon
- Confirm removal
That wallet can no longer access your node.
Role Comparison
Owner
- Is the first wallet to login
- Cannot be removed
- Can add/remove all wallets
- Full system access
Admin
- Full file access
- Can use all apps
- Cannot manage other admins
- Cannot change system settings
Member
- Access to own wallet scope
- Limited app access
- Read-only settings
- Suitable for family/friends
Wallet Storage
Allowed wallets are stored in:
data/config/pc2.json— Configuration- SQLite database — Runtime state
Example config:
{
"accessControl": {
"enabled": true,
"allowedWallets": [
{
"wallet": "0x1234567890abcdef...",
"role": "admin",
"addedAt": "2024-01-15T10:30:00Z"
},
{
"wallet": "0xabcdef1234567890...",
"role": "member",
"addedAt": "2024-01-16T14:20:00Z"
}
]
}
}Login History
Track who accesses your node:
- Go to Settings → Security
- View “Login History” section
- See recent logins with wallet, time, IP
API Endpoints
| Endpoint | Method | Description |
|---|---|---|
/api/access/status | GET | Access control status |
/api/access/wallets | GET | List allowed wallets |
/api/access/wallets | POST | Add wallet |
/api/access/wallets/:id | DELETE | Remove wallet |
Use Cases
Family Cloud
- Enable access control
- Add family members as Members
- Each has isolated storage
- Share files via Public folder
Team Workspace
- Enable access control
- Add team leads as Admins
- Add team members as Members
- Admins can manage shared resources
Personal Only
Keep access control disabled for single-user mode (default).
Security Notes
- Wallet addresses are immutable
- Role changes take effect immediately
- Removed wallets lose access instantly
- Owner cannot be removed or demoted
⚠️
Be careful who you add as Admin—they have full data access.
→ See Architecture for security details