# Roles and permissions

The protocol uses [OpenZeppelin's AccessControl](https://docs.openzeppelin.com/contracts/4.x/api/access#AccessControl) mechanism. The roles and delegations are managed by the [AccesManager](/ensuro-docs/smart-contracts/contracts/accessmanager.md) smart contract.

In some operations, both global roles and component roles are accepted. [Component roles](/ensuro-docs/smart-contracts/contracts/accessmanager.md#component-roles) are special roles that are restricted to a specific component (eToken, RiskModule, or PremiumsAccount).

## Common Roles

These roles are defined at the protocol level and are used across its components. They form the core of the access control structure.

<table><thead><tr><th width="193">Role</th><th>Description</th><th>Methods accessible</th></tr></thead><tbody><tr><td><strong>LEVEL1_ROLE</strong></td><td>High impact changes like upgrades or other critical operations.</td><td><ul><li><a href="#pause-unpause">unpause</a>: Pauses the smart contract.</li><li><a href="#upgrade">upgrade</a>: Upgrade to the smart contract implementation.</li></ul></td></tr><tr><td><strong>LEVEL2_ROLE</strong></td><td>Mid-impact changes like changing some parameters.</td><td>-</td></tr><tr><td><strong>LEVEL3_ROLE</strong></td><td>Low-impact changes like changing some parameters up to given percentage (tweaks).</td><td>-</td></tr><tr><td><strong>GUARDIAN_ROLE</strong></td><td><p>For emergency operations oriented to protect the protocol in case of attacks or hacking.</p><p></p></td><td><ul><li><a href="#pause-unpause">pause</a>: Pauses the smart contract.</li><li><a href="#pause-unpause">unpause</a>: Unpause the smart contract.</li><li><a href="#upgrade">upgrade</a>: Upgrade the smart contract implementation.</li></ul></td></tr><tr><td><strong>DEFAULT_ADMIN_ROLE</strong></td><td>By default, it is the admin role for all roles, which means that only accounts with this role will be able to grant or revoke other roles. See  <a href="https://docs.openzeppelin.com/contracts/4.x/access-control">OpenZeppelin's documentation</a> for additional details.</td><td><p></p><ul><li>grantRole: Grants a role to an account.</li><li>revokeRole: Revokes  a role to an account.</li><li>grantComponentRole: Assigns the specified role to the specified account within the component identified by the address component.</li><li>setComponentRoleAdmin: Sets the component-role admin for a specific component or for any component within the contract.</li></ul></td></tr></tbody></table>

## Component roles

Besides the general use roles described above, each contract can have its own defined roles for specific operations. For components of the protocol these roles are called [Component Roles](/ensuro-docs/smart-contracts/contracts/accessmanager.md#component-roles) and a detailed description of each can be found in each contract's documentation:

* [EToken](/ensuro-docs/smart-contracts/contracts/etoken.md#component-roles)
* [RiskModule](/ensuro-docs/smart-contracts/contracts/riskmodule.md#component-roles)
* [TrustFullRiskModule](/ensuro-docs/smart-contracts/contracts/riskmodule/trustfulriskmodule.md#component-roles)
* [SignedQuoteRiskModule](/ensuro-docs/smart-contracts/contracts/riskmodule/signedquoteriskmodule.md#component-roles)
* [SignedBucketRiskModule](/ensuro-docs/smart-contracts/contracts/riskmodule/signedbucketriskmodule.md#component-roles)
* [PriceRiskModule](/ensuro-docs/smart-contracts/contracts/riskmodule/priceriskmodule.md#component-roles)
* [PremiumsAccount](/ensuro-docs/smart-contracts/contracts/premiumsaccount.md#component-roles)
* [AccessManager](/ensuro-docs/smart-contracts/contracts/accessmanager.md#component-roles)
* [LPManualWhiteList](/ensuro-docs/smart-contracts/contracts/ilpwhitelist/lpmanualwhitelist.md#component-roles)

## Common Operations

### Upgrade

Ensuro contracts are upgradeable, following the [UUPS](https://eips.ethereum.org/EIPS/eip-1822) pattern and implemented based on [OpenZeppelin implementation](https://docs.openzeppelin.com/contracts/4.x/api/proxy#UUPSUpgradeable).&#x20;

Only users with the roles **LEVEL1\_ROLE** or **GUARDIAN\_ROLE** can execute upgrades. For global contracts such as PolicyPool and AccessManager, the role granted has to be global. For other components it can be a component role.

### Pause / Unpause

Also, most of the contracts support `pause()` and `unpause()` operations. The behavior changes from one contract to the other, but in general, most of the critical operations are rejected when the contract is paused. Check the source code for more details.

Only users with the role **GUARDIAN\_ROLE** can pause contracts. To resume (unpause) a contract, the transaction needs to be executed by a user with either **GUARDIAN\_ROLE** or **LEVEL1\_ROLE***.*

###


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.ensuro.co/ensuro-docs/smart-contracts/roles.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.