# Vault admin

The Vault Admin is the governance and safety role of a Lagoon vault. It controls critical configuration and defines who holds key permissions. This role does not run the strategy. It sets the rules and the control surface.

Because the Vault Admin can change sensitive parameters, it should be held by a robust custody setup such as a Safe multisig or an institutional MPC, with clear internal controls and clear disclosure to users.

{% hint style="warning" %}
The Vault Admin can update core addresses, pause the vault, and initiate closure. Treat this role as a high privilege role and secure it accordingly.
{% endhint %}

### Responsibilities

The Vault Admin is responsible for:

* Assigning and updating key roles and addresses
* Managing emergency controls
* Managing fee configuration
* Managing the vault lifecycle state
* Maintaining public facing vault metadata used by front ends, when applicable

### What the Vault Admin can do

<table data-view="cards"><thead><tr><th></th><th></th></tr></thead><tbody><tr><td><mark style="color:$primary;"><strong>Goverance</strong></mark></td><td><ul><li>Transfer ownership using a two step process where the new admin must accept ownership</li><li>Renounce ownership, permanently removing admin authority</li></ul></td></tr><tr><td><mark style="color:$primary;"><strong>Security and Access control</strong></mark></td><td><ul><li>Pause and unpause the vault. cf: <a href="../how-to/pause-a-vault">Pause Vault</a></li><li>Deactivate the whitelist permanently</li></ul></td></tr><tr><td><mark style="color:$primary;"><strong>Fees and Parameters</strong></mark></td><td><ul><li>Update management and performance fee rates, when enabled</li><li>Apply cooldown rules for fee changes, when configured</li><li>Configure entry and exit fees, when enabled</li></ul></td></tr><tr><td><mark style="color:$primary;"><strong>Front end information</strong></mark></td><td><ul><li>Update vault metadata used by front ends, such as name, description, logo, links, and tags, when supported by the chosen interface</li></ul></td></tr><tr><td><mark style="color:$primary;"><strong>Lifecycle management</strong></mark></td><td><ul><li>Initiate vault closing by changing the vault status from Open to Closing</li></ul></td></tr><tr><td><mark style="color:$primary;"><strong>Operational configuration</strong></mark></td><td><ul><li>Update the Valuation Provider address</li><li>Update the Fee Receiver address</li></ul></td></tr></tbody></table>

### Recommended custody setup

For most teams, the Vault Admin should be held by:

* A Safe multisig with a clear signer policy
* An institutional MPC setup

### What this means for users

Users can always verify the current Vault Admin address and role assignments on-chain. Vault curators are responsible for accurately presenting their product and disclosing all relevant permissions and controls to users, who can independently verify these settings on-chain.