If a node does not have the private key for an address, it cannot use that address for connecting to other peers, or for mining transactions, but it can use that address for anything else. That is because both the connecting and mining operations are performed automatically by MultiChain whereas the others are performed in response to an explicit API command.
However since a node can hold multiple addresses and/or private keys, this problem is easy to work around. Use one address for connecting, another address for mining, and one or more other addresses for transacting, administrating, etc...
Of course the appropriate permissions should be assigned to these addresses. Only the private keys for the connecting and mining addresses need to be stored in the node's wallet. The rest can be stored externally, and MultiChain supports using external private keys for all operations (including admin actions).
