# Vault Permissions

### Overview

Domain Admins **must** create custom roles with specific Vault Admin capabilities to manage employee vaults. To create the custom vault admin role to access vault admin functions, navigate to **Admin Portal > Users > Admin Roles**. This section allows you to define roles with tailored permissions, including vault management. For more information on configuring admin roles, refer to the Admin Roles documentation.

<figure><img src="/files/V8aQVWooYMgRHVfqbbOh" alt="" width="563"><figcaption></figcaption></figure>

***

### Access and Permissions

* **Vault Admins**: Only vault admins have full access to all employee vaults. They can view, download, and manage the contents of any employee vault.
* **Domain Admins**: A domain admin who isn’t also a vault admin cannot access employee vaults, ensuring strict control over sensitive information.
* **Vault Owners**: Current and former employees, as vault owners, have permission to view and download files from their own vault. However, they cannot add or remove files, maintaining the integrity and security of the vault's contents.

***

### User List and Vault Activation

Admins can activate or deactivate vaults in bulk for multiple users via the Admin Portal. Follow these steps:

1. Go to **Admin Portal > Users > Manage Users**.
2. On the right side of the dashboard, select **User Tools**.
3. Click **SetUp Vault** and choose either **Activate** or **Deactivate** for the selected users.

<figure><img src="/files/TpHwjkNPCFlm7X9ULuk3" alt="" width="563"><figcaption></figcaption></figure>

***

By following these steps, vault admins can efficiently manage vault access and permissions, ensuring that only authorized personnel have control over the vaults and their contents. This setup helps maintain the security and organization of sensitive employee documents within the vault system.


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://guides.mangoapps.com/admin-guide/module-settings/vault/vault-permissions.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.