There are two levels of administrative control, service provider administration and domain administration.
At the service provider level, administrators can set the default abuse handling policy for all newly created domains. This policy can later be overridden by domain administrators and users. Service providers can also specify default whitelists and blocklists, which in turn can be overridden at the domain and user level.
At the domain level, a default abuse handling policy can be specified and optionally enforced for all users by disallowing users to override the policy. Additionally, at the domain level, default whitelists and blocklists may be specified, which in turn can be overridden at the user level.