# Privileged Roles Management

The yBridge contract is structured with various permissions, each of which grants access to specific contract functions. This hierarchical distribution of permissions ensures security and facilitates controlled access to the contract's functionalities.

* Owner
* Manager
* Staff
* Swapper
* YPool\_Worker
* Liquidity\_Worker
* Settlement\_Worker

The private keys of different addresses are protected separately using the cold wallet and Google Cloud KMS (Cloud Key Management Service) through asymmetric signing. 

The HSM architecture of Cloud KMS ensures that the key can't be unwrapped or used outside of an HSM, can't be extracted from the HSM, and exists in its unwrapped state only within specified locations, preventing the risk of private key exposure. For further information on HSM, you can learn more [here](https://cloud.google.com/docs/security/cloud-hsm-architecture)

<table data-header-hidden><thead><tr><th width="153"></th><th width="284"></th><th></th></tr></thead><tbody><tr><td>Role</td><td>Description</td><td>Address</td></tr><tr><td>Owner</td><td>Manages all permissions and can also add or remove addresses of different roles.</td><td><ul><li>0x1ebB85b97F1CC7D72d7aD533e1C5E86077Af9Af1</li></ul></td></tr><tr><td>Manager</td><td>Configure important parameters within the contract.</td><td><ul><li>0xb1B8378caE4172a75b9d22c8EB9a6610Fa9dCc86</li></ul></td></tr><tr><td>Staff</td><td>Configure secondary parameters within the contract.</td><td><ul><li>0xa9b415B311a1d49e11946674d41AeA074380A819</li></ul></td></tr><tr><td>Swapper</td><td>Restrict the interaction partners of the contract to only the yBridge contract address.</td><td>the contract addresses of yBridge on various chains</td></tr><tr><td>Swap Worker</td><td>Execute destination chain swap</td><td><ul><li>0xB35F9aAc007666caCD0520B68D59d682262db7Da</li><li>0xbF81c9bF9883ABaB878952FCbfB84914a67b6e43</li><li>0xCE15D17aA3165ebEdFC046C7D9bF639865431253</li><li>0x17D8605cDB36191Acc2fcB3d3d7908171bCB99A2</li><li>0xe596e79375364Acf31d0b9f4ED5b5b9b8123d238</li><li>0x1FAd5E8a741868D7972875d2031B23BeA4baF6A4</li></ul></td></tr><tr><td>Liquidity Worker</td><td>Execute deposit/withdrawal on the Y Pool Vault.</td><td><ul><li>0x778902fb04A50622ea5c3C86F53Ba9b47f3d0B4c </li><li>0xeDB40c90bBAda60cD86284B4334Db70449dB7336</li><li>0xDAa8432161Ef3c4533f6c6666F08436Ab3667367</li><li>0x95e8AB85F22C32fd40A579A404A5b18fcfb74fC6</li><li>0xcC160C2ab6EDBfc932634B1aa0BC8aA292e42CF3</li></ul></td></tr><tr><td>Settlement Worker</td><td>Synchronize peripheral chain information on the settlement chain and perform vault settlement.</td><td><ul><li>0x9feD8Ae5e5Aa8E9CC5031E50d1fF6Fe86c6e4dC1</li></ul></td></tr></tbody></table>


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.xy.finance/smart-contract/privileged-roles-management.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.