> For the complete documentation index, see [llms.txt](https://curator.docs.spectra.finance/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://curator.docs.spectra.finance/technical/access-control-permissions.md). # Access Control / Permissions The metavault system uses Zodiac contracts for granular role allocation and responsibility segregation. The Role modifier enables whitelisted actions for curators and accountants, while the delay modifier implements time-locked actions requiring guardian verification. * [Zodiac Documentation](https://www.zodiac.wiki/) * Key Contracts:\ \- `Roles.sol` - Manages SAFE permissions for access control\ \- `Delay.sol` - Implements timelocked operation functionality ### **Action Class** Curators and accountants manage the vault through a predefined set of actions and calls.\ These actions are categorized as follows: *** #### **Whitelisted Actions** * Curators can perform any **whitelisted action** immediately in an atomic fashion. * Whitelisted actions are **pre-approved operations**. * Most, if not all, operations can be executed directly through the **Curator Console UI**. * These actions are granted to the **`CURATOR`** role following a *least-privilege principle*. * Additional actions can be discussed and granted as needed. * Actions are typically limited to specific markets whitelisted for the MetaVault. * Additional markets can be enabled by admins or through a **default timelocked action**. * The admin process will apply the new configuration to grant all derived roles from newly enabled markets. *** #### **Timelocked – Whitelisted Actions** Known actions with potentially harmful outcomes depending on parameters or constraints.\ These actions have a **short delay** and require **`GUARDIAN`** verification, which may result in revocation. *** #### **Default Timelock** For any calls that do not fall under whitelisted actions, curators can submit transactions to a **default timelock**.\ These actions have a **longer delay** and require **`GUARDIAN`** verification, which may result in revocation. * These actions have a **significant delay** (typically a few days).\ Admins can expedite the process if they verify the transaction’s validity and safety. * The transaction will be **revoked from the timelock queue** and executed directly at the **Safe** level. * Transactions sent through this module must be **verifiable**, with all involved contracts verified on-chain.\ Guardians will systematically revoke any transaction where contracts in the interaction chain lack verification. > ⚙️ **Tip:** Use timelocks for operations that modify vault configurations or market parameters.\ > Routine liquidity and yield actions should remain under whitelisted permissions. --- # Agent Instructions This documentation is published with GitBook. GitBook is the documentation platform designed so that both humans and AI agents can read, navigate, and reason over technical content effectively. Learn more at gitbook.com. ## Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://curator.docs.spectra.finance/technical/access-control-permissions.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.