Console's key functionality lies in its ability to create Sub-Accounts, apply granular transaction and role policies, and manage them in a single environment, effectively segregating capital and mitigating smart contract risk. Users can create Sub-Safes using Console's interface and devise custom access control policies to suit their needs.

Taking advantage of Safe Modules, Console enables the Main Safe to manage Sub-Safes, delegating execution rights to external operators. This flexible structure caters to various scenarios, such as a fund setup where the Main Safe owners can grant certain Sub-Safe execution rights to an internal trader, limiting their operational scope. Restrictions might confine activities to specific protocols and functions, like enabling operations only on Uniswap and restricting permissions to swap functions and specified tokens.

Sub-Accounts are deployed through the Safe Factory Deployer. The Console Guard (hook) is added during the deployment transaction. This on-chain guard enforces the hierarchical relationship between the Main Account and Sub-Accounts on-chain.

Only Console Owners can initiate the creation or modification of Sub-Account configurations, which include setting Operators, signature threshold, and Transaction Policies (which authorise operational scope), all requiring on-chain Owner signatures for authentication.

This design guarantees that Sub-Account Operators are always bound by the Transaction Policies established by the Console Owners. Each Console Account is an independent Safe, of which Console Owners retain full on-chain ownership. This ensures Owners can access and manage their Safes directly from Safe’s independent UI or via contract calls at any time, reducing reliance on Brahma in any scenario.