This is a denormalized lookup table. The conceptual explanation lives at Roles and permissions; the mechanics of granting and revoking them are in Assign and revoke roles.
| Role | Authorizes |
|---|
DEFAULT_ADMIN_ROLE | Grant and revoke any role; act as Admin |
FUND_ROLE | Fund the vault with ETH |
WITHDRAW_ROLE | Withdraw ETH from the vault |
MINT_ROLE | Mint stETH against the vault's stake |
BURN_ROLE | Burn stETH to reduce obligations |
REBALANCE_ROLE | Rebalance liquid vs bonded ETH |
COLLECT_VAULT_ERC20_ROLE | Sweep stray ERC-20s |
PAUSE_BEACON_CHAIN_DEPOSITS_ROLE | Halt new beacon-chain deposits |
RESUME_BEACON_CHAIN_DEPOSITS_ROLE | Resume beacon-chain deposits |
REQUEST_VALIDATOR_EXIT_ROLE | Submit voluntary validator exits |
TRIGGER_VALIDATOR_WITHDRAWAL_ROLE | Trigger withdrawal sweep on an exited validator |
NODE_OPERATOR_MANAGER_ROLE | Primary node-operator role; manage validators, disburse fees |
NODE_OPERATOR_FEE_EXEMPT_ROLE | Exempt the holder's stake increases from the node-operator fee |
NODE_OPERATOR_PROVE_UNKNOWN_VALIDATOR_ROLE | Prove a validator that wasn't pre-registered |
NODE_OPERATOR_UNGUARANTEED_DEPOSIT_ROLE | Deposit without going through PDG |
| Role | Authorizes |
|---|
DEPOSIT_ROLE | Deposit into the pool (= "on the allowlist") |
DEPOSITS_PAUSE_ROLE | Halt pool deposits |
DEPOSITS_RESUME_ROLE | Resume pool deposits |
ALLOW_LIST_MANAGER_ROLE | Add and remove allowlist members |
LOSS_SOCIALIZER_ROLE | Socialize a loss across pool participants |
MINTING_PAUSE_ROLE | Halt LP-token minting |
MINTING_RESUME_ROLE | Resume LP-token minting |
| Role | Authorizes |
|---|
WITHDRAWALS_PAUSE_ROLE | Halt new withdrawal requests |
WITHDRAWALS_RESUME_ROLE | Resume withdrawal requests |
FINALIZE_ROLE | Finalize batched withdrawals |
FINALIZE_PAUSE_ROLE | Halt finalization |
FINALIZE_RESUME_ROLE | Resume finalization |
The inverse view: pick an operation and find the role(s) needed.
| Operation | Required role |
|---|
| Grant or revoke any role | DEFAULT_ADMIN_ROLE |
| Change ownership | Owner |
| Update fee rate (Pro) | DEFAULT_ADMIN_ROLE or delegated |
| Change tier / share limit (Pro) | DEFAULT_ADMIN_ROLE or delegated |
| Sync tier (Pro) | DEFAULT_ADMIN_ROLE or delegated |
| Operation | Required role |
|---|
| Create validator | NODE_OPERATOR_MANAGER_ROLE (operator side) |
| Activate (Pro) | NODE_OPERATOR_MANAGER_ROLE |
| Prove unknown validator (Pro) | NODE_OPERATOR_PROVE_UNKNOWN_VALIDATOR_ROLE |
| Top-up active validator | FUND_ROLE |
| Consolidate validators | NODE_OPERATOR_MANAGER_ROLE |
| Unstake (partial reward withdrawal) | TRIGGER_VALIDATOR_WITHDRAWAL_ROLE |
| Request exit | REQUEST_VALIDATOR_EXIT_ROLE |
| Trigger withdrawal sweep | TRIGGER_VALIDATOR_WITHDRAWAL_ROLE |
| Operation | Required role |
|---|
| Settle Lido protocol fees | DEFAULT_ADMIN_ROLE (owner side) |
| Disburse node-operator fees | NODE_OPERATOR_MANAGER_ROLE (operator side) |
| Set node-operator fee rate (Pro) | DEFAULT_ADMIN_ROLE |
| Operation | Required role |
|---|
| Pause pool deposits | DEPOSITS_PAUSE_ROLE |
| Resume pool deposits | DEPOSITS_RESUME_ROLE |
| Add to allowlist | ALLOW_LIST_MANAGER_ROLE |
| Remove from allowlist | ALLOW_LIST_MANAGER_ROLE |
| Pause minting | MINTING_PAUSE_ROLE |
| Resume minting | MINTING_RESUME_ROLE |
| Operation | Required role |
|---|
| Request withdrawal | Vault owner (dedicated) / DEPOSIT_ROLE member (pool) |
| Finalize withdrawals | FINALIZE_ROLE |
| Claim withdrawals | Recipient address |
| Pause / resume withdrawals | WITHDRAWALS_*_ROLE |
| Pause / resume finalize | FINALIZE_*_ROLE |
