AccessControlTemporalFacet

Grants and revokes roles with expiry timestamps

Key Features

• Manages roles with specific expiry timestamps.
• Integrates seamlessly with the diamond proxy pattern.
• Exposes external functions for temporal role management.
• Utilizes Compose's internal storage access patterns.

Overview

This facet implements temporal role-based access control within a diamond. It provides functions to grant roles with specific expiry dates and to revoke them. Calls are routed through the diamond proxy, allowing for dynamic access management integrated with other diamond functionalities. Developers add this facet to enable time-limited permissions for accounts.

---

Storage

AccessControlStorage

Definition

struct AccessControlStorage {
  mapping(address account => mapping(bytes32 role => bool hasRole)) hasRole;
  mapping(bytes32 role => bytes32 adminRole) adminRole;
}

---

AccessControlTemporalStorage

Definition

struct AccessControlTemporalStorage {
  mapping(address account => mapping(bytes32 role => uint256 expiryTimestamp)) roleExpiry;
}

State Variables

Property	Type	Description
ACCESS_CONTROL_STORAGE_POSITION	bytes32	Diamond storage slot position for this module (Value: keccak256("compose.accesscontrol"))
TEMPORAL_STORAGE_POSITION	bytes32	Diamond storage slot position for this module (Value: keccak256("compose.accesscontrol.temporal"))

Functions

getRoleExpiry

Returns the expiry timestamp for a role assignment.

function getRoleExpiry(bytes32 _role, address _account) external view returns (uint256);

Parameters:

Property	Type	Description
_role	bytes32	The role to check.
_account	address	The account to check.

Returns:

Property	Type	Description
-	uint256	The expiry timestamp, or 0 if no expiry is set.

---

isRoleExpired

Checks if a role assignment has expired.

function isRoleExpired(bytes32 _role, address _account) external view returns (bool);

Parameters:

Property	Type	Description
_role	bytes32	The role to check.
_account	address	The account to check.

Returns:

Property	Type	Description
-	bool	True if the role has expired or doesn't exist, false if still valid.

---

grantRoleWithExpiry

Grants a role to an account with an expiry timestamp. Only the admin of the role can grant it with expiry. Emits a RoleGrantedWithExpiry event. Reverts with AccessControlUnauthorizedAccount If the caller is not the admin of the role.

function grantRoleWithExpiry(bytes32 _role, address _account, uint256 _expiresAt) external;

Parameters:

Property	Type	Description
_role	bytes32	The role to grant.
_account	address	The account to grant the role to.
_expiresAt	uint256	The timestamp when the role should expire (must be in the future).

---

revokeTemporalRole

Revokes a temporal role from an account. Only the admin of the role can revoke it. Emits a TemporalRoleRevoked event. Reverts with AccessControlUnauthorizedAccount If the caller is not the admin of the role.

function revokeTemporalRole(bytes32 _role, address _account) external;

Parameters:

Property	Type	Description
_role	bytes32	The role to revoke.
_account	address	The account to revoke the role from.

---

requireValidRole

Checks if an account has a valid (non-expired) role. - Reverts with AccessControlUnauthorizedAccount If the account does not have the role. - Reverts with AccessControlRoleExpired If the role has expired.

function requireValidRole(bytes32 _role, address _account) external view;

Parameters:

Property	Type	Description
_role	bytes32	The role to check.
_account	address	The account to check the role for.

Events

Event emitted when a role is granted with an expiry timestamp.

Signature:

event RoleGrantedWithExpiry(
  bytes32 indexed _role, address indexed _account, uint256 _expiresAt, address indexed _sender
);

Parameters:

Property	Type	Description
_role	bytes32	The role that was granted.
_account	address	The account that was granted the role.
_expiresAt	uint256	The timestamp when the role expires.
_sender	address	The account that granted the role.

Event emitted when a temporal role is revoked.

Signature:

event TemporalRoleRevoked(bytes32 indexed _role, address indexed _account, address indexed _sender);

Parameters:

Property	Type	Description
_role	bytes32	The role that was revoked.
_account	address	The account from which the role was revoked.
_sender	address	The account that revoked the role.

Errors

Thrown when the account does not have a specific role.

Signature:

error AccessControlUnauthorizedAccount(address _account, bytes32 _role);

Thrown when a role has expired.

Signature:

error AccessControlRoleExpired(bytes32 _role, address _account);

Best Practices

Best Practice

• Initialize temporal roles using grantRoleWithExpiry during diamond setup or via authorized administrative functions.
• Regularly check role expiry using isRoleExpired before executing sensitive operations.
• Ensure that only authorized administrative facets can call grantRoleWithExpiry and revokeTemporalRole.

Security Considerations

Security

All state-changing functions (grantRoleWithExpiry, revokeTemporalRole) require the caller to be the admin of the respective role, enforced by AccessControlUnauthorizedAccount revert. The requireValidRole function checks for both role existence and expiry, reverting with AccessControlUnauthorizedAccount or AccessControlRoleExpired respectively. Input validation for expiry timestamps is crucial at the calling facet level.

Related Documentation

💎

OwnerTwoStepsFacet

Related facet in access

💎

AccessControlPausableFacet

Related facet in access

Was this helpful?

Last updated:December 30, 2025