# Access Manager

The Access Manager controls which addresses are authorized to interact with the vault. Access rules are enforced on-chain, ensuring that participation restrictions are transparent and verifiable.

Lagoon vaults support two access modes, configurable at creation:

* **Whitelist mode** — Only approved addresses can participate. All others are blocked.
* **Blacklist mode** — All addresses can participate, except those explicitly blocked.

### Responsibilities

The Access Manager is responsible for:

* Adding or removing addresses from the whitelist or blacklist, depending on the active mode
* Keeping the access list aligned with the vault's onboarding, compliance, and access policy
* Coordinating with external compliance systems when sanctions list integration is enabled

### What the Access Manager can do

<table data-card-size="large" data-view="cards"><thead><tr><th></th><th></th></tr></thead><tbody><tr><td><mark style="color:$primary;"><strong>Whitelist mode</strong></mark></td><td><ul><li>Add approved addresses to the allowlist</li><li>Remove addresses when access should no longer be permitted</li><li>Restrict participation to approved wallets only</li></ul></td></tr><tr><td><mark style="color:$primary;"><strong>Blacklist mode</strong></mark></td><td><ul><li>Block specific addresses from interacting with the vault</li><li>Revoke addresses from the blocklist to restore access</li><li>Allow open participation by default, with targeted exclusions</li></ul></td></tr><tr><td><mark style="color:$primary;"><strong>External sanctions list</strong></mark></td><td><ul><li>Integrate with a third-party on-chain sanctions list for automated compliance checks</li><li>Sanctioned addresses are blocked regardless of the active access mode</li><li>The sanctions list contract is configured at vault initialization</li></ul></td></tr><tr><td><mark style="color:$primary;"><strong>Typical use cases</strong></mark></td><td><ul><li>KYC or KYB gated vaults (whitelist mode)</li><li>Open vaults with compliance exclusions (blacklist mode)</li><li>Jurisdiction-based access restrictions</li><li>Regulatory-compliant products with sanctions screening</li></ul></td></tr></tbody></table>

### Super Operator

The Super Operator is a privileged address that always bypasses access list restrictions, regardless of the active access mode.

### What this means for users

Users can verify the active access mode and their own access status on-chain. Vault operators remain responsible for accurately disclosing the vault's access policy, onboarding requirements, and any permissioning rules applied to participants.


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.lagoon.finance/vault/roles-and-capacities/whitelist-manager.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.