AccessControlFacet

Role-based access control for diamonds

Key Features

• Manages roles and account permissions within a diamond.
• Supports role hierarchy via setRoleAdmin.
• Provides grantRole, revokeRole, grantRoleBatch, and revokeRoleBatch for flexible permission management.
• Includes hasRole and requireRole for permission checks.

Overview

This facet implements role-based access control for Compose diamonds. It exposes functions to manage roles, grant and revoke permissions, and check account access. Developers integrate this facet to enforce authorization policies within their diamond architecture, ensuring only authorized accounts can perform specific actions.

---

Storage

AccessControlStorage

Definition

struct AccessControlStorage {
  mapping(address account => mapping(bytes32 role => bool hasRole)) hasRole;
  mapping(bytes32 role => bytes32 adminRole) adminRole;
}

State Variables

Property	Type	Description
STORAGE_POSITION	bytes32	Diamond storage slot position for this module (Value: keccak256("compose.accesscontrol"))
DEFAULT_ADMIN_ROLE	bytes32	Default administrative role identifier (bytes32(0)) (Value: 0x00)

Functions

hasRole

Returns if an account has a role.

function hasRole(bytes32 _role, address _account) external view returns (bool);

Parameters:

Property	Type	Description
_role	bytes32	The role to check.
_account	address	The account to check the role for.

Returns:

Property	Type	Description
-	bool	True if the account has the role, false otherwise.

---

requireRole

Checks if an account has a required role. Reverts with AccessControlUnauthorizedAccount If the account does not have the role.

function requireRole(bytes32 _role, address _account) external view;

Parameters:

Property	Type	Description
_role	bytes32	The role to check.
_account	address	The account to check the role for.

---

getRoleAdmin

Returns the admin role for a role.

function getRoleAdmin(bytes32 _role) external view returns (bytes32);

Parameters:

Property	Type	Description
_role	bytes32	The role to get the admin for.

Returns:

Property	Type	Description
-	bytes32	The admin role for the role.

---

setRoleAdmin

Sets the admin role for a role. Emits a RoleAdminChanged event. Reverts with AccessControlUnauthorizedAccount If the caller is not the current admin of the role.

function setRoleAdmin(bytes32 _role, bytes32 _adminRole) external;

Parameters:

Property	Type	Description
_role	bytes32	The role to set the admin for.
_adminRole	bytes32	The new admin role to set.

---

grantRole

Grants a role to an account. Emits a RoleGranted event. Reverts with AccessControlUnauthorizedAccount If the caller is not the admin of the role.

function grantRole(bytes32 _role, address _account) external;

Parameters:

Property	Type	Description
_role	bytes32	The role to grant.
_account	address	The account to grant the role to.

---

revokeRole

Revokes a role from an account. Emits a RoleRevoked event. Reverts with AccessControlUnauthorizedAccount If the caller is not the admin of the role.

function revokeRole(bytes32 _role, address _account) external;

Parameters:

Property	Type	Description
_role	bytes32	The role to revoke.
_account	address	The account to revoke the role from.

---

grantRoleBatch

Grants a role to multiple accounts in a single transaction. Emits a RoleGranted event for each newly granted account. Reverts with AccessControlUnauthorizedAccount If the caller is not the admin of the role.

function grantRoleBatch(bytes32 _role, address[] calldata _accounts) external;

Parameters:

Property	Type	Description
_role	bytes32	The role to grant.
_accounts	address[]	The accounts to grant the role to.

---

revokeRoleBatch

Revokes a role from multiple accounts in a single transaction. Emits a RoleRevoked event for each account the role is revoked from. Reverts with AccessControlUnauthorizedAccount If the caller is not the admin of the role.

function revokeRoleBatch(bytes32 _role, address[] calldata _accounts) external;

Parameters:

Property	Type	Description
_role	bytes32	The role to revoke.
_accounts	address[]	The accounts to revoke the role from.

---

renounceRole

Renounces a role from the caller. Emits a RoleRevoked event. Reverts with AccessControlUnauthorizedSender If the caller is not the account to renounce the role from.

function renounceRole(bytes32 _role, address _account) external;

Parameters:

Property	Type	Description
_role	bytes32	The role to renounce.
_account	address	The account to renounce the role from.

Events

Emitted when the admin role for a role is changed.

Signature:

event RoleAdminChanged(bytes32 indexed _role, bytes32 indexed _previousAdminRole, bytes32 indexed _newAdminRole);

Parameters:

Property	Type	Description
_role	bytes32	The role that was changed.
_previousAdminRole	bytes32	The previous admin role.
_newAdminRole	bytes32	The new admin role.

Emitted when a role is granted to an account.

Signature:

event RoleGranted(bytes32 indexed _role, address indexed _account, address indexed _sender);

Parameters:

Property	Type	Description
_role	bytes32	The role that was granted.
_account	address	The account that was granted the role.
_sender	address	The sender that granted the role.

Emitted when a role is revoked from an account.

Signature:

event RoleRevoked(bytes32 indexed _role, address indexed _account, address indexed _sender);

Parameters:

Property	Type	Description
_role	bytes32	The role that was revoked.
_account	address	The account from which the role was revoked.
_sender	address	The account that revoked the role.

Errors

Thrown when the account does not have a specific role.

Signature:

error AccessControlUnauthorizedAccount(address _account, bytes32 _role);

Thrown when the sender is not the account to renounce the role from.

Signature:

error AccessControlUnauthorizedSender(address _sender, address _account);

Best Practices

Best Practice

• Initialize roles and their admin roles during diamond deployment.
• Use grantRole and revokeRole for individual permission changes.
• Leverage grantRoleBatch and revokeRoleBatch for efficient bulk operations.
• Ensure the caller has the necessary admin role before granting or revoking roles.

Security Considerations

Security

All state-changing functions (setRoleAdmin, grantRole, revokeRole, grantRoleBatch, revokeRoleBatch, renounceRole) must be protected by appropriate access control mechanisms, typically enforced by the caller's role. The renounceRole function should only be callable by the account whose role is being renounced. Input validation for account addresses and role bytes is critical.

Related Documentation

📦

AccessControlMod

Module used by AccessControlFacet

💎

OwnerTwoStepsFacet

Related facet in access

💎

AccessControlPausableFacet

Related facet in access

💎

AccessControlTemporalFacet

Related facet in access

Was this helpful?

Last updated:December 30, 2025