Skip to main content
SuperVaults separates protocol ownership from day-to-day operations. The safest mental model is:
  • Primary manager owns the vault.
  • Secondary managers operate the vault.
  • View-only users observe the vault.
  • Registry maintainers maintain global metadata.
  • Session keys / keepers execute narrowly-authorized automation.

Role Tiers

Primary Manager

The primary manager is set at vault creation and is the highest-authority vault operator. Primary manager responsibilities:
  • Vault settings and sensitive configuration.
  • Secondary-manager assignment.
  • Session-key grant and revoke flows.
  • Upkeep funding and withdrawal control.
  • Pause, unpause, and emergency operations.
  • Merkle root proposal / publish workflows.
Treat the primary manager as production infrastructure. Use a multisig or hardware-backed wallet. If the primary manager key is compromised, the attacker can control the vault.

Secondary Managers

Secondary managers are onchain delegates for operational work. They can typically:
  • Manage strategies.
  • Configure yield sources.
  • Work with merkle tree configuration.
  • Pause/unpause operational services.
  • Add view-only collaborators.
They cannot replace the primary manager or take over primary-only settings.

View-Only Users

View-only access is offchain. It grants dashboard visibility without transaction authority. Use it for:
  • Risk monitors.
  • Analysts.
  • Auditors.
  • Partners who need vault state without write access.

Registry Maintainers

Registry maintainers manage global metadata shared across vaults, including:
  • Yield source registry entries.
  • Oracle registry entries.
  • Hook registry entries.
  • Token asset metadata.
This role is not vault-scoped and should be tightly controlled.

Session Keys and Keepers

Session keys are delegated execution keys used by automation. A session key does not imply broad manager authority; it authorizes a specific automation path. Keepers and OMS execution still depend on:
  • Active upkeep funding.
  • Valid session key readiness.
  • Active merkle root and proofs.
  • Non-paused vault / services.
  • Strategy state and emergency locks.
If any of those gates fail, automation should stop even when a session key exists.

Permission Matrix

API Patterns

A 403 Forbidden means the connected wallet lacks the required role for that operation.