Guides

Roles and permissions

ℹ️

Authoritative reference: the canonical role model lives in Lido's Roles & permissions doc. This page summarises the roles Northstake exposes; refer to Lido's docs for full semantics and edge cases.

For the lookup-style "which role authorizes which operation", see Role permissions matrix.
For granting and revoking roles in practice, see Assign and revoke roles.

The two personas

PersonaMaps toWhat they typically do
OwnerDEFAULT_ADMIN_ROLE on the DashboardUltimate authority: owns the vault, grants or revokes any owner-side role, transfers ownership, executes any operation
Node OperatorNODE_OPERATOR_MANAGER_ROLE (and the operator sub-roles it administers)Manage validators, manage operator sub-roles, disburse accrued operator fees

The contract-level roles below give finer control when you need to delegate a specific capability without granting full admin.

On-chain role catalogue

Roles are grouped by the contract that enforces them. See Role permissions matrix for the inverse view (operation → required role).

Dashboard (every vault)

RoleWhat it allows
DEFAULT_ADMIN_ROLEGrant and revoke all other roles
FUND_ROLEFund the vault with ETH
WITHDRAW_ROLEWithdraw ETH back to the owner
MINT_ROLEMint stETH against the vault's stake
BURN_ROLEBurn stETH to reduce vault obligations
REBALANCE_ROLERebalance the vault between liquid and bonded ETH
COLLECT_VAULT_ERC20_ROLESweep stray ERC-20s held by the vault
PAUSE_BEACON_CHAIN_DEPOSITS_ROLE / RESUME_…Halt or resume beacon-chain deposits
REQUEST_VALIDATOR_EXIT_ROLETrigger a voluntary exit on a validator
TRIGGER_VALIDATOR_WITHDRAWAL_ROLETrigger the withdrawal sweep on an exited validator
NODE_OPERATOR_MANAGER_ROLEThe node operator's primary management role
NODE_OPERATOR_FEE_EXEMPT_ROLEExempts a stake increase from the node-operator fee
NODE_OPERATOR_PROVE_UNKNOWN_VALIDATOR_ROLEProve a validator that wasn't pre-registered
NODE_OPERATOR_UNGUARANTEED_DEPOSIT_ROLEDeposit without going through PDG

Full semantics: Lido: Dashboard roles.

Pool (pool vaults only)

RoleWhat it allows
DEPOSIT_ROLEDeposit into the pool (held by allowlist members when allowlist is on)
DEPOSITS_PAUSE_ROLE / DEPOSITS_RESUME_ROLEHalt or resume pool deposits
ALLOW_LIST_MANAGER_ROLEAdd and remove addresses on the allowlist
LOSS_SOCIALIZER_ROLESocialise a loss across pool participants
MINTING_PAUSE_ROLE / MINTING_RESUME_ROLEHalt or resume LP-token minting

Withdrawal Queue (pool vaults only)

RoleWhat it allows
WITHDRAWALS_PAUSE_ROLE / WITHDRAWALS_RESUME_ROLEHalt or resume new withdrawal requests
FINALIZE_ROLEFinalise batched withdrawals so they can be claimed
FINALIZE_PAUSE_ROLE / FINALIZE_RESUME_ROLEHalt or resume finalisation

Timelock (pool vaults only)

The Timelock is an OpenZeppelin-style TimelockController that gates sensitive operations behind a delay: role grants on the Dashboard, PDG policy changes, fee-rate updates, and similar. Operations are first scheduled, then executed after the delay (or cancelled in between).

RoleWhat it allows
PROPOSER_ROLESchedule a delayed operation
EXECUTOR_ROLEExecute a scheduled operation once its delay has elapsed
CANCELLER_ROLECancel a scheduled operation before execution
DEFAULT_ADMIN_ROLEAdminister the Timelock's own role set

For governance flow and delay configuration, see Lido: Roles & permissions → Timelock.

Managing roles

Roles are granted and revoked through the Permissions tab on each vault. SVM Pro additionally exposes:

  • Timelocked grants: schedule a role grant through the Timelock with the configured delay before it takes effect. Useful for sensitive permissions like DEFAULT_ADMIN_ROLE.
  • Operator grid: manage which node operator addresses are valid across your account.

The full grant flow reads current holders via GET /v1/lidov3/staking-vaults/{id}/all-role-members and mutates them via the role-grant endpoints.

Related

Updated about 5 hours ago