# Governance ## Vault administration (partner) Vaults are managed by partners using several key admin roles: * SYS\_ADMIN: wallet responsible for contract administration and other role attribution * FEE\_MANAGER: wallet responsible for changing the end user fee and the split between multiple recipients * FEE\_COLLECTOR: wallet responsible for claiming the commission * SANCTIONS\_MANAGER: wallet responsible for enabling the OFAC-sanctioned wallet check * CLAIM\_MANAGER: wallet responsible for claiming additional rewards from the lending protocols * PAUSER: wallet responsible for pausing all interaction with vault contracts, managed by Kiln as a security fail-safe * UNPAUSER: wallet responsible for unpausing the contract It is recommended to have multi-sig wallets for these roles with a strong quorum security. **NOTE**: You can only have 1 wallet assigned as SYS\_ADMIN, but multiple wallets assigned to all other roles. ## Blocklist administration (partner) Kiln DeFi vaults feature custom [deposit blocklists](https://docs.kiln.fi/v1/kiln-products/defi/security/compliance-features#blocklists) that partners can opt to use. The blocklist admin role is: * OPERATOR: wallet responsible for adding and removing addresses to and from the custom blocklist ## Upgradability Structure (Kiln)

Upgradability overview
- dashed arrows are atomic actions
- orange boxes are smart contract controlled by Kiln and green are controlled by partners

#### Kiln DeFi Vaults Kiln DeFi vaults follow the beacon proxy pattern where all vaults fetch their implementation address from a VaultUpgradeableBeacon smart contract. This is administered by 4 roles: * PROXY\_ADMIN: a multisig quorum between Kiln and third parties responsible for attributing the below roles * PAUSER: a wallet responsible for pausing all interaction with vault contracts, managed by Kiln as a security failsafe * FREEZER: a multisig quorum between Kiln and third parties responsible for freezing Vault implementation (to make it non-upgradeable) * IMPLEMENTATION\_MANAGER: a multisig quorum between Kiln and third parties responsible for upgrading Vault implementations #### Kiln DeFi Connectors Kiln DeFi Connectors also follow the beacon proxy pattern where each connector implementation address is fetched from a ConnectorRegistry contract. This is administered by 4 roles: * ADMIN: a multisig quorum between Kiln and third parties responsible for attributing the below roles * PAUSER: a wallet responsible for pausing all interaction with connector contracts, managed by Kiln as a security failsafe * FREEZER: a multisig quorum between Kiln and third parties responsible for freezing connector implementations (to make some of them non-upgradeable) * CONNECTOR\_MANAGER: a multisig quorum between Kiln and third parties responsible for upgrading connectors implementation --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://docs.kiln.fi/v1/kiln-products/omnivaults/how-to-integrate/governance.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.