Skip to main content
In Railnet smart contracts, an Allocation Strategy is implemented as a MultiVehicle. See Glossary for all terminology.
This page covers guardrails for Allocation Strategies, which use role-based access control via the External Access Control (EAC) contract. For Advanced Strategy guardrails, see Policy engine.
Guardrails define the trust boundary between the party that owns an Allocation Strategy (typically the platform deploying the Conduit) and the asset manager who operates it day-to-day. The owner sets the rules. The asset manager executes within them.

The delegation model

The owner retains admin control while granting the asset manager scoped operational roles. The asset manager can execute the strategy within the boundaries the owner defines — they cannot change the rules.

What the owner controls

These controls remain exclusively with the Allocation Strategy owner and form the guardrails:
GuardrailRole (retained by owner)Why
Authorized yield sourcesMULTI_VEHICLE_SET_VEHICLE_AUTHORIZATIONThe owner decides which yield sources the strategy can use
Fee ratesFEE_MANAGER_SET_FEESThe owner controls the economics
Fee recipientsFEE_MANAGER_SET_FEE_RECIPIENTSThe owner controls revenue distribution
Role assignmentsDEFAULT_ADMIN_ROLEThe owner controls who has access
Infrastructure upgradesBEACON_UPGRADEThe owner controls contract upgrades
The asset manager operates within these boundaries. They can allocate capital, rebalance positions, and manage queues — but they cannot authorize new yield sources, change fees, or grant roles to others.

Grant operational roles

Grant the asset manager scoped roles on the appropriate contracts. All Allocation Strategy operational roles are scoped to the Sector Accounting Engine, except queue management (scoped to the Queue Strategy Engine) and query progression roles. 
address am = 0x...; // Asset manager address
ISectorAccountingEngine accounting = MultiVehicle(multiVehicle).accountingEngine();
IQueueStrategyEngine strategy = accounting.strategyEngine();
ISubQueryEngine subQueryEngine = accounting.subQueryEngine();

// Core operational roles (scoped to Sector Accounting Engine)
eac.grantScopedRole(keccak256("MULTI_VEHICLE_DISPATCH"), address(accounting), am);
eac.grantScopedRole(keccak256("MULTI_VEHICLE_REBALANCE"), address(accounting), am);
eac.grantScopedRole(keccak256("MULTI_VEHICLE_MOVE_ASSETS"), address(accounting), am);
eac.grantScopedRole(keccak256("MULTI_VEHICLE_MOVE_SHARES"), address(accounting), am);

// Queue management (scoped to Queue Strategy Engine)
eac.grantScopedRole(keccak256("MULTI_VEHICLE_SET_QUEUES"), address(strategy), am);

// Query progression (scoped to Sub Query Engine)
eac.grantScopedRole(keccak256("MULTI_VEHICLE_PROGRESS_QUERY"), address(subQueryEngine), am);

// Redemption queue (scoped to Multi-Vehicle)
eac.grantScopedRole(keccak256("MULTI_VEHICLE_FEED_QUERY_REDEEM_QUEUE"), address(multiVehicle), am);
eac.grantScopedRole(keccak256("MULTI_VEHICLE_RETRIEVE_QUERY_REDEEM_QUEUE_ASSETS"), address(multiVehicle), am);
Always verify the scope parameter matches the correct contract. Granting a role with the wrong scope will not authorize the intended operation.

What the asset manager can do

With the roles above, the asset manager can:
OperationRoleScope
Move assets between sectorsMULTI_VEHICLE_MOVE_ASSETSSector Accounting Engine
Move shares between sectorsMULTI_VEHICLE_MOVE_SHARESSector Accounting Engine
Dispatch assets to yield sourcesMULTI_VEHICLE_DISPATCHSector Accounting Engine
Rebalance between yield sourcesMULTI_VEHICLE_REBALANCESector Accounting Engine
Configure allocation queuesMULTI_VEHICLE_SET_QUEUESQueue Strategy Engine
Progress sub-queriesMULTI_VEHICLE_PROGRESS_QUERYSub Query Engine
Feed the redemption queueMULTI_VEHICLE_FEED_QUERY_REDEEM_QUEUEMultiVehicle
Retrieve redemption queue assetsMULTI_VEHICLE_RETRIEVE_QUERY_REDEEM_QUEUE_ASSETSMultiVehicle

Optional: grant fee collection roles

You may want the asset manager (or a keeper) to handle routine fee collection: 
// Allow the AM to trigger fee distribution (but NOT change fee rates or recipients)
eac.grantScopedRole(keccak256("FEE_MANAGER_DISPATCH_ERC20"), address(feeManager), am);
eac.grantScopedRole(keccak256("FEE_MANAGER_REDEEM_VEHICLE_SHARES"), address(feeManager), am);

Monitor your asset manager

Track your Allocation Strategy’s performance and the asset manager’s operations via the Railnet subgraph: 
query MultiVehicleStatus($address: String!) {
  Vehicle(where: { address: { _ilike: $address } }) {
    supply
    SectorBalance {
      asset
      value
      sector { name }
    }
    Query(order_by: { createdAt: desc }, limit: 20) {
      mode
      state
      createdAt
    }
  }
}
See Reporting for comprehensive monitoring queries and dashboards.

Revoke access

To offboard an asset manager, revoke all scoped roles. Pending operations will complete, but the asset manager cannot initiate new ones. 
address am = 0x...; // Asset manager to offboard

// Revoke all operational roles
eac.revokeScopedRole(keccak256("MULTI_VEHICLE_DISPATCH"), address(accounting), am);
eac.revokeScopedRole(keccak256("MULTI_VEHICLE_REBALANCE"), address(accounting), am);
eac.revokeScopedRole(keccak256("MULTI_VEHICLE_MOVE_ASSETS"), address(accounting), am);
eac.revokeScopedRole(keccak256("MULTI_VEHICLE_MOVE_SHARES"), address(accounting), am);
eac.revokeScopedRole(keccak256("MULTI_VEHICLE_SET_QUEUES"), address(strategy), am);
eac.revokeScopedRole(keccak256("MULTI_VEHICLE_PROGRESS_QUERY"), address(subQueryEngine), am);
eac.revokeScopedRole(keccak256("MULTI_VEHICLE_FEED_QUERY_REDEEM_QUEUE"), address(multiVehicle), am);
eac.revokeScopedRole(keccak256("MULTI_VEHICLE_RETRIEVE_QUERY_REDEEM_QUEUE_ASSETS"), address(multiVehicle), am);

// Revoke fee collection roles if granted
eac.revokeScopedRole(keccak256("FEE_MANAGER_DISPATCH_ERC20"), address(feeManager), am);
eac.revokeScopedRole(keccak256("FEE_MANAGER_REDEEM_VEHICLE_SHARES"), address(feeManager), am);
Before offboarding, ensure there are no in-progress queries that require the asset manager’s roles to complete. Check the query state via the subgraph.

Next steps

Operate an Allocation Strategy

Manage allocations, rebalance across yield sources, and handle operations.

Roles and permissions

Complete guide to role setup, scoping, and common permission patterns.